Don77 wrote:Hi PDiddie
Lets see what the HJT,Silent Runners and hostfile logs look like please,
Start a fresh topic in the computer forum ( As that would be the proper place for it )
Silent Runners (other two would not work, as mentioned in other thread):
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"PopUpStopperFreeEdition" = ""C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"" ["Panicware, Inc."]
"PlaxoUpdate" = "C:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a" ["Plaxo"]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"WinampAgent" = ""C:\Program Files\Winamp3\winampa.exe"" [null data]
"Lexmark X6100 Series" = ""C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"" ["Lexmark International, Inc."]
"AVG_CC" = "C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP" ["GRISOFT s.r.o."]
"MotiveMonitor" = ""C:\Program Files\Motive\AsstCommon\motmon.exe"" ["Motive Communications, Inc."]
"IntelliType" = ""C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"" [MS]
"InstantTray" = "C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" ["Pinnacle Systems"]
"LWBMOUSE" = "C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE" [empty string]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"ViewMgr" = "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" ["Viewpoint Corporation"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0\bin\jusched.exe" ["Sun Microsystems, Inc."]
"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs LLC"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{A7327C09-B521-4EDB-8509-7D2660C9EC98}\(Default) = "Viewpoint Toolbar BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll" ["Viewpoint Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll"
Don77 wrote:."
Don77 wrote:There was a bug in spybot and we can get this squared away easy enough
Yes, I have dsostop2 and have run it oh, four or five times following the discovery of the exploit, and it tells me each time DSO is protected, and then the four entries show up again the next time I run Spybot...
Thanks again D-7.