HJT Logs Please Read

[da_moma]

Hi Everyone Me again sorry to say back in the Cyber Safety Forum.
OK Here is what happened now this morning to get me in the cyber Safety Forum.

Partner and I were working on his boards. I installed a new security tool called toolkit. Ran her and she works lovely.

During this time partner calls me and tells me that an online auction seller that we both knew has passed away.

I went to read the obit then went to this other site called mad-cows.com, as this is where the deceased person posted a lot and I wanted to see what they posted there as I felt there maybe more information about his passing.

I tried to log in there and it would not let me, I kept getting blank white screens then timing out, so my partner said I could try his user id and I did when I did this I was locked out of the site then was able to get logged back in my id after about 20 mins....

The site dragged and dragged and dragged I am on DSL, any way I finally gave up as I never could open the thread about his passing and tried to log out, that is when my system went bonkers big time.

It just hung there, so when the site finally turned me loose I ran ccleaner then I checked my temp file by going Start>Run Then typed in %Temp% then hit ok.

There were over 10,000 and some files in there that I have never seen before. They all had ACR. then any combination of 4-6? numbers then three cap. letters then.tmp

I started to delete these files and they started multiplying faster then any rabbit we have ever raised!

In less then 20 mins there were 20,299 of these suckers.

So I rebooted into safe mode and was able to delete them with out them multiplying. I also opened two random files while I was doing this with notepad and they were completely empty.

I was able to delete everything in there so I then emptied my recycle bin and ran highjack this, which I am posting now.---------------------
---------------------
Logfile of HijackThis v1.99.1
Scan saved at 4:36:48 AM, on 3/2/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Personal Tools\Siber Systems\roboform.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Personal Tools\Siber Systems\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] H:\Designers\Picasa\Picasa\Picasa2\PicasaMediaDete ctor
O4 - HKCU\..\Run: [RoboForm] "D:\Personal Tools\Siber Systems\RoboTaskBarIcon.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Customize Menu - file://D:\Personal Tools\Siber Systems\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Explore with &Instant Source - C:\Program Files\Instant Source\context.html
O8 - Extra context menu item: Fill Forms - file://D:\Personal Tools\Siber Systems\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Personal Tools\Siber Systems\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Personal Tools\Siber Systems\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Personal Tools\Siber Systems\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Personal Tools\Siber Systems\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Personal Tools\Siber Systems\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Personal Tools\Siber Systems\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Personal Tools\Siber Systems\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Personal Tools\Siber Systems\RoboFormComShowToolbar.html
O9 - Extra button: Instant Source - {8BD5271D-69C9-4467-882D-5139952D7754} - C:\Program Files\Instant Source\isrc.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.4.4.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1139949321256
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139949455229
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

---------------------------
--------------------------
The only sites I have been to today are yahoo.com, hotmail, my partners site which is bikersbasement.com, one of my auction-coaching sites, our business site which I was updating and the mad-cows.com when I was trying to find more information about the man who passed away.

Point being I have not even surfed and have not for many many months almost over a year now since I have allowed myself that luxury so I know what ever happened was not from being some where bad unless one of the above sites had an issue and I did not know it.

How can I know for sure what happened and where? Is this possible?

The only other thing we did was I downloaded a zipped file from a seller on feebay that sold my partner ad sense web sites, the file gave me a corrupt or damaged zip file error when I tried to open it and I deleted it and told my partner about it so he could tell the seller.

My partner also got this same error and nothing has happened to his system.

Sorry for being so long winded but I want you to be completely aware of where I have been and what I have done today so I try to find out what caused the mass of reproducing files that I had.

Thanks for the Help!

[Jintan]

Howdy da_moma,


No infection in that log. Sounds like you are describing the regular everday glitches on internet/system happenings.

That zip file most likely was corrupted somehow. The file creator will have to make a fresh copy if it is important you all receive it.

The info Here describes an Adobe Acrobat 6.0 (which shows in your log) glitch, where it creates numerous hard-to-delete acr*.tmp files and then chokes on them. Possibly you were trying to open a .pdf file. The fix is at that link as well.

[da_moma]

Hi Jintan so nice to meet you!

Quote:

Originally Posted by Jintan

Howdy da_moma,


No infection in that log. Sounds like you are describing the regular everday glitches on internet/system happenings.

That zip file most likely was corrupted somehow. The file creator will have to make a fresh copy if it is important you all receive it.

The info Here describes an Adobe Acrobat 6.0 (which shows in your log) glitch, where it creates numerous hard-to-delete acr*.tmp files and then chokes on them. Possibly you were trying to open a .pdf file. The fix is at that link as well.

Thanks for taking the time to post and find that link for me. I am getting updates. I wish I had known how to delete those files this morning like explained in the link this morning. Sure would have saved me a whole lot of mouse clicks!

Maybe the zip file contained a PDF? The thread could not have been a PDF that I was trying to read could it? Those were the only two things I tried to open or read.

Well at any rate I do appreciate your help and the link very much!
Thank you so very much.

[da_moma]

Jintan blessed weekend to you!

I wanted to say thank you again very much I upgraded and have no trouble with the files in the temp folder again.

I got through about 3 hours ago uploading my site backups so my hosting company can try to fix them for me, it was hacked a while back......

So running my ewido now then will do an online bit defender then reboot HJT...

The last two years have been a mess for me with downloading things in backups or ebooks (ebooks have been the worse!)....I am almost ready to quit offering those for sell it has been that bad this year so far.

But did go in half with my partner to get some more then I am done with those ebooks for a while....

Rambling on here sorry about that Point being is thank you again for the help I love the updated Adobe Acrobat very much...

I will post my scans when they are through will take some time for sure.

Have a great evening!

[Jintan]

I felt that link with the fix was a good one, and now posted here can be picked up by others searching with the same issues. Yes, while you have the thread let's check some scans to give the all clear.

[da_moma]

Jintan I am glad that you posted it to for others that was a new one on me.
What a sight it was trying to get all those files to stay deleted LOL it sure would have been nice to have done it the way you posted how to from the get go!

I am still waiting on the bit defender online scan to finish it will take some time. I have to say that I am concerned though cause my HD has gone from 103 GB free to 102 GB free now in only a frew hours with out me saving any files or any thing. I have been off the system just letting bit defender run since I posted this earlier.

I will post my logs after they are finished running.

Thanks again

[Jintan]

That may be too long for BitDefender. It may be caught in scanning a particular area that causes it to glitch. You can update your Ewido (it updates a few times each day), boot into Safe Mode (tap F8 at startup and select Safe Mode) and feel comfortable that will do a good job of it. Post those results back instead.

[da_moma]

Hi Jintan,

Bit defender has always taken over one full day to scan my drives.
My main HD is partitioned off 30 GB if it is its own drive I hardly ever place any thing in there.

My main HD (C I use for things like windows, design programs etc. Those things that I know needs a lot of room to operate.

The external I use for backups mainly and to download most downloads and to run most of my programs that I do not want on the C drive which are things like robo form, fractal programs, etc. I have thousands of files and who knows how many ebooks and programs in that drive.

Bit defender just found a virus on that drive, in a zip folder and it deleted it but I also deleted the zip file because I do not feel safe having it on there (this is the external we are talking about if that makes any difference).

But I will stop bit defender as you have asked and reboot to safe mode and run ewido and HJT and post the findings here.

I know I willingly took a chance by up loading the site backups as my hosting/techy asked me to to do but I saw it as no choice to get my site back up.

Thanks for being here. On my way now.

One other thing I want to let you know when I closed out firefox then my HG went back up to 103GB

[da_moma]

Jintan Hi,

Ewido did not finish until after 5 am my time, so I was exhausted by then and turned on adaware then went to bed.

Trend Micro

"Virus Log","2006/03/10","EH-X87QZARB4KS1"
"Time","Event","Source Type","Virus Name","File Name","First Action","Second Action"
"02:12","Real-time Scan","File","TROJ_SMALL.IC","H:\screensaver apps\eazy\screen\screen.exe","Quarantine Success",""

I then went and deleted the entire program, deleted the quarentine when to trend micro and looked up the info on it and did the task manager to see if it was running it was not, then I followed what they said to find it in the registry and it was not there....I did those two steps to be safe and sure.

Ewido scans are coming next.

[da_moma]

In safe mode these are the ewido scans it found nothing said I was clean but here are the two reports for it:

---------------------------------------------------------
ewido anti-malware - Process report
---------------------------------------------------------

+ Created on: 8:40:20 AM, 3/11/2006
+ Report-Checksum: 5D5E3B95

0: System Process
8: System Process
112: \SystemRoot\System32\smss.exe
140: \??\C:\WINNT\system32\csrss.exe
160: \??\C:\WINNT\system32\winlogon.exe
188: C:\WINNT\system32\services.exe
200: C:\WINNT\system32\lsass.exe
244: C:\WINNT\Explorer.EXE
352: C:\WINNT\system32\svchost.exe
380: C:\WINNT\System32\WBEM\WinMgmt.exe
536: C:\Program Files\ewido\security suite\SecuritySuite.exe


---------------------------------------------------------
ewido anti-malware - Startup report
---------------------------------------------------------

+ Created on: 8:39:23 AM, 3/11/2006
+ Report-Checksum: 388EFEB8

Reg\HKLM\Run Synchronization Manager mobsync.exe /logon
Reg\HKLM\Run pccguide.exe "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
Reg\HKLM\Run C-Media Mixer Mixer.exe /startup
Reg\HKLM\Run Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Reg\HKLM\Run ISUSPM Startup "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
Reg\HKLM\Run ISUSScheduler "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
Reg\HKLM\Run NeroFilterCheck C:\WINNT\system32\NeroCheck.exe
Reg\HKLM\Run TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Reg\HKLM\Run Picasa Media Detector H:\Designers\Picasa\Picasa\Picasa2\PicasaMediaDete ctor
Reg\HKLM\Run Acrobat Assistant 7.0 "H:\Designers\AdobeCS2\Adobe Acrobat Pro 7\Distillr\Acrotray.exe"
Reg\HKLM\Run
Reg\HKLM\Run SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Reg\HKCU\Run RoboForm "D:\Personal Tools\Siber Systems\RoboTaskBarIcon.exe"
Shell\CommonStartup Adobe Acrobat Speed Launcher.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
Shell\CommonStartup InterVideo WinCinema Manager.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
Shell\UserStartup Adobe Gamma.lnk C:\Documents and Settings\EH\Start Menu\Programs\Startup\Adobe Gamma.lnk

[da_moma]

The HJT log file run in safe mode:

Logfile of HijackThis v1.99.1
Scan saved at 8:41:17 AM, on 3/11/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Designers\AdobeCS2\Adobe Acrobat Pro 7\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Personal Tools\Siber Systems\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Designers\AdobeCS2\Adobe Acrobat Pro 7\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Personal Tools\Siber Systems\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Designers\AdobeCS2\Adobe Acrobat Pro 7\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] H:\Designers\Picasa\Picasa\Picasa2\PicasaMediaDete ctor
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "H:\Designers\AdobeCS2\Adobe Acrobat Pro 7\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [RoboForm] "D:\Personal Tools\Siber Systems\RoboTaskBarIcon.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = H:\Designers\AdobeCS2\Adobe Acrobat Pro 7\Acrobat\acrobat_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://H:\Designers\AdobeCS2\Adobe Acrobat Pro 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://H:\Designers\AdobeCS2\Adobe Acrobat Pro 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://H:\Designers\AdobeCS2\Adobe Acrobat Pro 7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://H:\Designers\AdobeCS2\Adobe Acrobat Pro 7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://H:\Designers\AdobeCS2\Adobe Acrobat Pro 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://H:\Designers\AdobeCS2\Adobe Acrobat Pro 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Designers\AdobeCS2\Adobe Acrobat Pro 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://H:\Designers\AdobeCS2\Adobe Acrobat Pro 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://D:\Personal Tools\Siber Systems\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Explore with &Instant Source - C:\Program Files\Instant Source\context.html
O8 - Extra context menu item: Fill Forms - file://D:\Personal Tools\Siber Systems\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Personal Tools\Siber Systems\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Personal Tools\Siber Systems\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Personal Tools\Siber Systems\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Personal Tools\Siber Systems\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Personal Tools\Siber Systems\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Personal Tools\Siber Systems\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Personal Tools\Siber Systems\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Personal Tools\Siber Systems\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Instant Source - {8BD5271D-69C9-4467-882D-5139952D7754} - C:\Program Files\Instant Source\isrc.dll
O15 - Trusted Zone: http://www.bikersbasement.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.4.4.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1139949321256
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139949455229
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe


TY again Jintan for going through this with me,

[Jintan]

I reckon that all cleared now. The scans show you running both Trend Micro Real-time Service and Ewido Security Suite Guard in an active posture. You should diable one of those, as it is not necessary for both running and it will slow down your system. Other than that looks fine.

[da_moma]

Thank You Jintan,

I have disabled ewido and will use it for scans and back up as Trend Micro Real time has not missed any thing as of yet (all though it does have issues with things enbedded deeply in zips).

Thank you very much it is very nice to have peace of mind again!

Blessed Weekend to you

[Jintan]

Have a nice weekend too.