Security Warning

  • Thread starter Thread starter Bob Griendling
  • Start date Start date
B

Bob Griendling

It may be coincidental, but about the time I downloaded an upgraded Spybot
program, I began to get a Security Warning that oftens reads something like
this:

"The current Web page is trying to open a site on the Internet. Do you want
to allow this?

Current site: ad.yieldmanager.com

Internet site: C:\Windows\system32\shdoclc.dll



Warning: allowing this can expose your computer to security risks. If you
don't trust the current Web page, choose no."

Here is my hijack this log, if it helps. Any suggestions are welcome.

Bob
===================================================
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:52:06 PM, on 3/17/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\PDesk\PDesk.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\DPS\EzBackup\EzBackupStartupMonitor.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Microsoft Office\Office\1033\msoffice.exe

C:\Program Files\DPS\EzBackup\EzBackup.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\mgabg.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\ups.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\DPS\EzBackup\DPS_OneButton.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\Office\outlook.exe

C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Quote.com\QCharts 5.1\QCharts.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybiz

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://cm.my.yahoo.com/?.src=fp

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell4me.com/mywaybiz

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.hackerwatch.org/library/app/feedback/?Md5=3DC9256DA25BDFF582D7D46C59AD7112

O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
Experience\PCMService.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe
/Autolaunch

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common
Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support
Center\gs_agent\custom\dsca.exe"

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe"
/startup

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support
Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
/RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
/RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
/RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
/RUNONCE (User 'Default user')

O4 - Startup: Check for ContinuumClient Updates.lnk = C:\Program
Files\Quote.com\ContinuumClient\WiseUpdt.exe

O4 - Startup: Check for QCharts Updates.lnk = C:\Program
Files\Quote.com\QCharts 5.1\WiseUpdt.exe

O4 - Global Startup: APC UPS Status.lnk = ?

O4 - Global Startup: EzBackup Monitor.lnk = C:\Program
Files\DPS\EzBackup\EzBackupStartupMonitor.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google
Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player -
{d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) -
http://leg3.state.va.us/qp2.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) -
http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124031960359

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer
Control) - http://www.sbe.state.va.us/viewer/activeXViewer/activexviewer.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://optionsxpressevents.webex.com/client/T25L/webex/ieatgpc.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
http://download.abacast.com/download/files/abasetup162.cab

O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) -
http://207.190.197.68/webmap/Acgm.cab

O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} -
http://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation -
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program
Files\DellSupport\brkrsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common
Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program
Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common
Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: MGABGEXE - Matrox Graphics Inc. -
C:\WINDOWS\system32\mgabg.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter)
(sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell
Support Center\bin\sprtsvc.exe
 
It may be coincidental, but about the time I downloaded an upgraded Spybot
program, I began to get a Security Warning that oftens reads something like
this:

"The current Web page is trying to open a site on the Internet. Do you want
to allow this?

Current site:  ad.yieldmanager.com

Internet site: C:\Windows\system32\shdoclc.dll

Warning: allowing this can expose your computer to security risks. If you
don't trust the current Web page, choose no."

Here is my hijack this log, if it helps.  Any suggestions are welcome.

Bob
===================================================
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:52:06 PM, on 3/17/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\PDesk\PDesk.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\DPS\EzBackup\EzBackupStartupMonitor.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Microsoft Office\Office\1033\msoffice.exe

C:\Program Files\DPS\EzBackup\EzBackup.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\mgabg.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\ups.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\DPS\EzBackup\DPS_OneButton.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\Office\outlook.exe

C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Quote.com\QCharts 5.1\QCharts.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://www.dell4me.com/mywaybiz

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://cm.my.yahoo.com/?.src=fp

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.dell4me.com/mywaybiz

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://www.hackerwatch.org/library/app/feedback/?Md5=3DC9256DA25BDFF5...

O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
Experience\PCMService.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe
/Autolaunch

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common
Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support
Center\gs_agent\custom\dsca.exe"

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe"
/startup

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support
Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
/RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
/RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
/RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
/RUNONCE (User 'Default user')

O4 - Startup: Check for ContinuumClient Updates.lnk = C:\Program
Files\Quote.com\ContinuumClient\WiseUpdt.exe

O4 - Startup: Check for QCharts Updates.lnk = C:\Program
Files\Quote.com\QCharts 5.1\WiseUpdt.exe

O4 - Global Startup: APC UPS Status.lnk = ?

O4 - Global Startup: EzBackup Monitor.lnk = C:\Program
Files\DPS\EzBackup\EzBackupStartupMonitor.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google
Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player -
{d81ca86b-ef63-42af-bee3-4502d9a03c2d} -http://wwws.musicmatch.com/mmz/openWebRadio.html(file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) -http://leg3.state.va.us/qp2.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) -http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) -http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clie...

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer
Control) -http://www.sbe.state.va.us/viewer/activeXViewer/activexviewer.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -https://optionsxpressevents.webex.com/client/T25L/webex/ieatgpc.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -http://download.abacast..com/download/files/abasetup162.cab

O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) -http://207.190.197.68/webmap/Acgm.cab

O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} -http://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation -
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program
Files\DellSupport\brkrsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common
Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program
Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common
Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: MGABGEXE - Matrox Graphics Inc. -
C:\WINDOWS\system32\mgabg.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter)
(sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell
Support Center\bin\sprtsvc.exe

Your HiJackThis log is not useful here. You will need to re=post it
on a true HiJackThis web forum.
 
Bob Griendling said:
It may be coincidental, but about the time I downloaded an upgraded Spybot
program, I began to get a Security Warning that oftens reads something like
this:

"The current Web page is trying to open a site on the Internet. Do you want to
allow this?

Current site: ad.yieldmanager.com

Internet site: C:\Windows\system32\shdoclc.dll



Warning: allowing this can expose your computer to security risks. If you
don't trust the current Web page, choose no."

Here is my hijack this log, if it helps. Any suggestions are welcome.


<snipped>

There are a number of web sites where HijackThis logs should be posted. Here are
some of the more popular ones.

CastleCops HijackThis Forum
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

Aumha Forums - HijackThis Logs
http://forum.aumha.org/

HijackThis Logs and Analysis
http://www.bleepingcomputer.com/forums/HijackThis_Logs_and_Analysis-f22.html

HijackThis Logs and Spyware/Malware Removal
http://forums.whatthetech.com/HijackThis_Logs_and_Infections_Removal_f27.html

Spyware Warrior HijackThis Logs
http://spywarewarrior.com/viewforum.php?f=5

These forums are staffed by volunteers who have demonstrated their ability to
interpret these logs and provide safe and helpful assistance. Also, the forums
are moderated, adding a degree of assurance that the advice given is valid.
Please do not post a HijackThis log on one of these newsgroups. You have no
guarantee that the advice given would not make a bad situation worse.

Good luck

Nepatsfan
 
Hi, Everyone,

I'm having the same thing happen to me now, too.

Is this necessarily a Spybot side-effect, though? (I'd looked in that
program and couldn't find what's making it happen, or what could turn it off.)

If not, any ideas about what else could be causing this?

Thanks,
Bram


Bob Griendling said:
It may be coincidental, but about the time I downloaded an upgraded Spybot
program, I began to get a Security Warning that oftens reads something like
this:

"The current Web page is trying to open a site on the Internet. Do you want
to allow this?

Current site: ad.yieldmanager.com

Internet site: C:\Windows\system32\shdoclc.dll



Warning: allowing this can expose your computer to security risks. If you
don't trust the current Web page, choose no."

Here is my hijack this log, if it helps. Any suggestions are welcome.

Bob

<SNIP>
 
Back
Top