# Solved: Sys Protect/adult Friend Finder/pogo/pop Ups



## THEMANFZ1 (Aug 15, 2006)

Hello,

I have all of the above pop ups continually showing themselves on my cpu. I already ran HJT and vundo fix after reading previous posts but got somewhat lost and decided to have you look and tell me what to do to fix the problem. Thanks.

*************************
Logfile of HijackThis v1.99.1
Scan saved at 11:25:12 AM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Medical Manager Corporation\MMClient\MedLpd.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.idoc.wellpoint.com/registration
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.idoc.wellpoint.com/registration
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BA262C5D-1E1E-4E83-8E0C-F1318B84DEA0} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Unix Print Server.lnk = C:\Program Files\Medical Manager Corporation\MMClient\MedLpd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.advancedmd.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://rs3.advancedmd.com/rs-current/components/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {343DF0E4-8DF2-4280-953A-B2A546DC3A2A} (AMDSControls.XHCFA) - https://app.advancedmd.com/practicemanager/ppmdcontrols/AMDSControls.CAB
O16 - DPF: {3C98538E-6A9A-11D3-A8FB-FCA06D71722D} (Pegasus ImagXpress Control v4.0) - https://app.advancedmd.com/practicemanager/ppmdcontrols/imagxpress4.cab
O16 - DPF: {5EF06782-55B2-4DF3-A57A-3FE8F1D2A181} (PPMDForms.Forms) - https://app.advancedmd.com/practicemanager/ppmdcontrols/ppmdforms.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094321078093
O16 - DPF: {6A6E7E91-B6EB-46B5-A545-12B8EDDD261E} (AMDSControls50.XGroupCategory) - https://app.advancedmd.com/practicemanager/ppmdcontrols/amdscontrols50.cab
O16 - DPF: {9602B3CE-BC91-417D-B4FD-F6538C2ABB3B} (AMDSWSCheck.WSCheck) - https://app.advancedmd.com/practicemanager/ppmdcontrols/amdswscheck.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://app.advancedmd.com/practicemanager/ppmdcontrols/activexviewer.cab
O16 - DPF: {CC99A86F-EA5D-414A-8231-7C3F1B10A644} (AMDSAudio.XAudio) - https://app.advancedmd.com/practicemanager/ppmdcontrols/amdsaudio.cab
O16 - DPF: {ED71FA11-AA35-11D2-BE5C-3E5C8B000000} (TwainPRO Class) - https://app.advancedmd.com/practicemanager/ppmdcontrols/twnpro20.cab
O16 - DPF: {EE8CEFA4-1F91-11D4-B31E-00C04F1D37E6} (PPMDVBDownload.XShowReady) - https://app.advancedmd.com/practicemanager/ppmdcontrols/PPMDVBDownload.CAB
O16 - DPF: {FB4663DD-7318-46B2-A3F7-4FB69F122044} (AMDSCleanupSnapshot.CleanupSnapshot) - https://app.advancedmd.com/practicemanager/ppmdcontrols/AMDSCleanupSnapshot.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C3360BE-619E-4450-A6CF-6561AA55EBCD}: NameServer = 63.202.63.72,206.13.28.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C3360BE-619E-4450-A6CF-6561AA55EBCD}: NameServer = 63.202.63.72,206.13.28.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{1C3360BE-619E-4450-A6CF-6561AA55EBCD}: NameServer = 63.202.63.72,206.13.28.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe


----------



## MFDnNC (Sep 7, 2004)

Fix this with HJT  mark it, close IE, click fix checked

O2 - BHO: (no name) - {BA262C5D-1E1E-4E83-8E0C-F1318B84DEA0} - C:\WINDOWS\system32\pmkjh.dll (file missing)

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
·	Install ewido.
·	Run the application
·	Clickon scanner
·	then select the "Settings" tab.
·	Once in the Settings screen click on "Recommended actions" and then select "Delete".
·	Select "Automatically generate report after every scan"
·	Un-Select "Only if threats were found"
·	Click Complete System Scan and the scan will begin.
·	When the scan is finished, Set all items to delete
·	Apply all actions
·	look at the bottom of the screen and click the Save report button.
·	Save the report to your C: Drive
This will take some time to run!
RE-Boot
*Post that log* and a new HiJack log


----------



## THEMANFZ1 (Aug 15, 2006)

As instructed here is the Ewido report followed by the HJT report. Thanks again.

Tony

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at:	6:37:46 PM 8/15/2006

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F} -> Adware.SysProtect : Cleaned.
HKLM\SOFTWARE\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9} -> Adware.SysProtect : Cleaned.
HKLM\SOFTWARE\Classes\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} -> Adware.SysProtect : Cleaned.
HKU\S-1-5-21-2946162608-2187536626-306946092-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc20.exe -> Downloader.Agent.alr : Cleaned.
C:\WINDOWS\SYSTEM32\dlsudxap.dll -> Logger.VBStat.d : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc345.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc35.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc162.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc167.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc227.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc246.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc26.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc54.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc77.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc91.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc48.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc61.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc233.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc70.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc243.txt -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc55.txt -> TrackingCookie.Tacoda : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc153.txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc265.txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\GS MA\Cookies\gs [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\S-1-5-21-2946162608-2187536626-306946092-1008\Dc43.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\VundoFix Backups\DP.sys -> Trojan.Agent.ny : Cleaned.
C:\WINDOWS\SYSTEM32\huidsshg.exe -> Trojan.Agent.ny : Cleaned.
C:\WINDOWS\SYSTEM32\omqckrbd.exe -> Trojan.Agent.ny : Cleaned.
C:\WINDOWS\SYSTEM32\pbexgbwn.exe -> Trojan.Agent.ny : Cleaned.
C:\WINDOWS\SYSTEM32\qwejpqih.exe -> Trojan.Agent.ny : Cleaned.

::Report end

***************************************************************
HJT REPORT TO FOLLOW

Logfile of HijackThis v1.99.1
Scan saved at 6:49:52 PM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Medical Manager Corporation\MMClient\MedLpd.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.idoc.wellpoint.com/registration
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.idoc.wellpoint.com/registration
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Unix Print Server.lnk = C:\Program Files\Medical Manager Corporation\MMClient\MedLpd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.advancedmd.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://rs3.advancedmd.com/rs-current/components/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {343DF0E4-8DF2-4280-953A-B2A546DC3A2A} (AMDSControls.XHCFA) - https://app.advancedmd.com/practicemanager/ppmdcontrols/AMDSControls.CAB
O16 - DPF: {3C98538E-6A9A-11D3-A8FB-FCA06D71722D} (Pegasus ImagXpress Control v4.0) - https://app.advancedmd.com/practicemanager/ppmdcontrols/imagxpress4.cab
O16 - DPF: {5EF06782-55B2-4DF3-A57A-3FE8F1D2A181} (PPMDForms.Forms) - https://app.advancedmd.com/practicemanager/ppmdcontrols/ppmdforms.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094321078093
O16 - DPF: {6A6E7E91-B6EB-46B5-A545-12B8EDDD261E} (AMDSControls50.XGroupCategory) - https://app.advancedmd.com/practicemanager/ppmdcontrols/amdscontrols50.cab
O16 - DPF: {9602B3CE-BC91-417D-B4FD-F6538C2ABB3B} (AMDSWSCheck.WSCheck) - https://app.advancedmd.com/practicemanager/ppmdcontrols/amdswscheck.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://app.advancedmd.com/practicemanager/ppmdcontrols/activexviewer.cab
O16 - DPF: {CC99A86F-EA5D-414A-8231-7C3F1B10A644} (AMDSAudio.XAudio) - https://app.advancedmd.com/practicemanager/ppmdcontrols/amdsaudio.cab
O16 - DPF: {ED71FA11-AA35-11D2-BE5C-3E5C8B000000} (TwainPRO Class) - https://app.advancedmd.com/practicemanager/ppmdcontrols/twnpro20.cab
O16 - DPF: {EE8CEFA4-1F91-11D4-B31E-00C04F1D37E6} (PPMDVBDownload.XShowReady) - https://app.advancedmd.com/practicemanager/ppmdcontrols/PPMDVBDownload.CAB
O16 - DPF: {FB4663DD-7318-46B2-A3F7-4FB69F122044} (AMDSCleanupSnapshot.CleanupSnapshot) - https://app.advancedmd.com/practicemanager/ppmdcontrols/AMDSCleanupSnapshot.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C3360BE-619E-4450-A6CF-6561AA55EBCD}: NameServer = 63.202.63.72,206.13.28.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C3360BE-619E-4450-A6CF-6561AA55EBCD}: NameServer = 63.202.63.72,206.13.28.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{1C3360BE-619E-4450-A6CF-6561AA55EBCD}: NameServer = 63.202.63.72,206.13.28.12
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe


----------



## MFDnNC (Sep 7, 2004)

Please click here http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html to download the latest version of JAVA Install the application, then go to the Add/Remove Programs options in the Control Panel and *Remove ALL previous versions of JAVA*.
=========================
IE - Block Third party cookies
1. Click on the Tools button on the Internet Explorer tool bar.
2. Highlight and click on Internet options at the bottom of the Tools menu. 
3. Select the Privacy Tab of the Internet Options menu.
4. Select the Advanced... button at the bottom of the screen. 
5. Select override automatic cookie handling button.
6. To block third party cookies select block under "Third-party cookies".
7. Select "always allow session cookies".
8. Click on the OK button at the bottom of the screen.
===============
In firefox - TOOLS - OPTIONS - PRIVACY - COOKIES - Check originating site only
======================
Clean







- If you feel it is fixed, mark it solved via thread tools above - if not what is the current situation?

Restore points 
Turn off restore points, boot, turn them back on  heres how

XP
http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam


----------



## THEMANFZ1 (Aug 15, 2006)

Seems to be solved. Thank you. Donation on its way. Thanks again. 

Tony


----------

