sari

Members
  • Content Count

    105
  • Joined

  • Last visited

Everything posted by sari

  1. romeo, I need to have you run fixwareout again - I missed removing a line with hijackthis, and I want to make sure it's completely removed. I apologize for that. You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://swandog46.geekstogo.com/Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items: O4 - HKLM\..\Run: [peqdj.exe] C:\WINDOWS\System32\peqdj.exe O4 - HKCU\..\Run: [sysmon12] ___.exe Click FIX CHECKED. Close HijackThis, and click OK to proceed. At the end of the fix, you may need to restart your computer again. Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log into this topic. Thanks, sari
  2. sari

    Hjt Log

    Stephen, This is a pretty messy log, so it will take multiple steps to clean you up. It's important that you follow all the directions carefully and stay with me until you're clean. You may want to print these directions for reference. Please download Qoofix by Rubber Ducky to your desktop. Right click on the Qoofix folder, and choose "Extract All". Extract Qoofix to your C: drive Close all windows and programs, including internet windows. Go to C:\Qoofix and open the folder, then double click on Qoofix.exe Click Begin Removal and wait for the scan to finish If Qoofix finds an infection, select yes to restart your computer You will now find a log from this tool, located at C:\Qoofix\Qoofix Logfile.txt Copy and paste the contents of that report into your next reply here. Download smitRem.exe ©noahdfear, and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop. Place a shortcut to Panda ActiveScan on your desktop (in Internet Explorer, right click on Panda ActiveScan link select "Copy Shortcut" then right click on your desktop and select "Paste Shortcut" or in FireFox right-click the link and select "Save Link As" and save it to your desktop). Please download the trial version of ewido anti-malware here: http://www.ewido.net/en/download/ Please read Ewido Setup Instructions Install it, and update the definitions to the newest files. Do NOT run a scan yet. If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates: Ad-Aware SE Setup Don't run it yet! Next, please reboot your computer in SafeMode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Open Ad-aware and do a full scan. Remove all it finds. Run Ewido: Click on scanner Click on Complete System Scan and the scan will begin. While the scan is in progress you will be prompted to clean files, click OK When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. Once the scan has completed, there will be a button located on the bottom of the screen named Save report Click Save report. Save the report .txt file to your desktop. Close ewido anti-malware. Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. Reboot back into Windows and click the Panda ActiveScan shortcut. Once you are on the Panda site click the Scan your PC button. A new window will open...click the Check Now button.Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button [*]If it wants to install an ActiveX component allow it [*]It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) [*]When the download is complete, click on My Computer to start the scan [*]When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply. Your logs may be too long for one post - please make as many as you need to post them all. Let us know if any problems persist. Thanks, sari
  3. sari

    Hjt Log

    Stephen, I'm currently reviewing your hijackthis log and will be posting a response shortly. sari
  4. sari

    Happy Birthday Sari!

    Thanks, everyone My day was made better by the best wishes of all my friends online. sari
  5. Hi romeo, Welcome to Besttechie. You have a few problems there, so let's get started cleaning you up. There will be several steps involved in the cleanup, so please stay with me to the end. You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved. Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found): R3 - URLSearchHook: (no name) - {344D6535-30F3-81CC-C664-BD1F81CDA43E} - FLKPT.dll (file missing) O4 - HKLM\..\Run: [serviceprocess] XTermInit.exe O4 - HKLM\..\Run: [zlybe.exe] C:\WINDOWS\System32\zlybe.exe O4 - HKCU\..\Run: [rzzm] C:\PROGRA~1\COMMON~1\rzzm\rzzmm.exe O4 - HKCU\..\Run: [MSTCPDLL] CToolBar.exe O4 - HKCU\..\Run: [bogobot] StartCpl.exe O15 - Trusted Zone: http://www.neededware.com O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp...302/Coupons.cab O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv2.view22.com/view22/app/view22rte.cab O16 - DPF: {D50AF668-390B-4D2E-92B8-12289AF33958} (ClinicStationLib.ctlCS) - http://143.111.222.240/ClinicStationLib.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{39CBBE5C-CE35-4709-B44D-50547B566A60}: NameServer = 85.255.116.54,85.255.112.126 O17 - HKLM\System\CCS\Services\Tcpip\..\{7DC122E3-FB03-4F71-BC6D-15EE27DB6307}: NameServer = 85.255.116.54,85.255.112.126 O17 - HKLM\System\CCS\Services\Tcpip\..\{B821443B-D772-4392-A6BF-28E93BD36F8D}: NameServer = 85.255.116.54,85.255.112.126 O17 - HKLM\System\CCS\Services\Tcpip\..\{BE212EC9-633A-4F08-B53D-5E6D1460AD58}: NameServer = 85.255.116.54,85.255.112.126 O17 - HKLM\System\CCS\Services\Tcpip\..\{EAD1FB58-9EDC-47F8-9A4B-22C01ADD893A}: NameServer = 85.255.116.54,85.255.112.126 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.54 85.255.112.126 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.54 85.255.112.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.54 85.255.112.126 O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing) Click FIX CHECKED. Close HijackThis. Finally, please post the contents of the text file that opened earlier (you can find it at C:\fixwareout\report.txt ), along with a new HijackThis log into this topic. Thanks, sari
  6. sari

    Going Offline

    arachnid40, I'm sorry to hear this - our thoughts are with you, but family is more important than anything else, so please take care of them. sari
  7. qwertyuiop, While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean. [*]Open Spybot Search & Destroy. [*]In the Mode menu click "Advanced mode" if not already selected. [*]Choose "Yes" at the Warning prompt. [*]Expand the "Tools" menu. [*]Click "Resident". [*]Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. [*]In the File menu click "Exit" to exit Spybot Search & Destroy. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file) O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file) O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe O4 - HKLM\..\Run: [Microsoft Update 64 BIT] WININIT32.EXE O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe O4 - HKLM\..\RunServices: [Microsoft Update 64 BIT] WININIT32.EXE O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe O4 - HKCU\..\Run: [sOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRAM FILES\SOFTWAREONLINE\SOPROC.EXE -pack RegSoAlertWxLiteNnAj O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode. Please delete these folders using Windows Explorer(if present): C:\PROGRAM FILES\SOFTWAREONLINE Please delete these files using Windows Explorer(if present). You'll have to search for these files: windir32.exe WININIT32.EXE After that, Reboot. Please post a new hijackthis log. Thanks, sari
  8. qwertyuiop, Due to the length of your bitdefender log, your hijackthis log got cut off. Could you please post a full log for me? Thanks! sari
  9. qwertyuiop, That happens sometimes. Try this: BitDefender. Please post the results of the scan in your next reply. sari
  10. qwertyuiop, I'm sorry you had trouble with that, but the good news is that it worked. Let's move on to the next step, as you still have quite a few things that you don't want on there. I'd like you to do an online virus scan next. Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send If it wants to install an ActiveX component allow it Select either Home User or Company Click the big Scan Now button It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report Post the contents of the Activescan report and a new hijackthis log. We'll still have some entries to remove after that, and I may have files you'll need to delete as well. Thanks, sari
  11. qwertyuiop, You do have a few issues in this log! We're going to start by getting rid of something called pokapoka. Please download LQfix.exe from one of the following locations: http://www.downloads.subratam.org/LQfix.exe http://miekiemoes.geekstogo.com/tools/LQfix.exeSave it to your desktop. Double-Click LQfix.exe and click Next > Next > Install. Leave the default settings, if you change them, the fix will Fail! You need an active Internet Connection, so make sure your you're not blocking any connection now. Now make sure the "Launch LQfix" box is checked. Click the Finish button, after clicking the Finish button the fix will start. Follow the on-screen prompts. Your system will reboot afterwards. Please be patient after the reboot, there is a script running in the background that needs to complete. Then do a scan with HiJackThis and post a new log by using Add Reply Thanks, sari
  12. jeebusllama, Please download the Killbox by Option^Explicit. Note: In the event you already have Killbox, this is a new version that I need you to download. Save it to your desktop. Please double-click Killbox.exe to run it. Select: Delete on Reboot then Click on the All Files button. [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\DOCUMENTS AND SETTINGS\Eddie\LOCAL SETTINGS\Temp\bwgo0000a8c3.exe C:\WINDOWS\SYSTEM32\ot.ico C:\WINDOWS\SYSTEM32\shellexp.exe C:\WINDOWS\videoc.ocx C:\WINDOWS\SYSTEM32\1024 C:\Documents and Settings\Eddie\Local Settings\Temp\cfdata.txt.expanded [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard. [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!). If your computer does not restart automatically, please restart it manually. If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again. Post back with a new hijackthis log and let me know how things are running. Thanks, sari
  13. Jeebusllama, Hi, and welcome to Besttechie. I will be helping you with your log. I see that you are running HijackThis from a temporary directory; please create a new folder for it (for example C:\Program Files\Hijackthis\Hijackthis.exe) and move the program into it. It is very important you do this, as Hijackthis creates backups that you don't want deleted! Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [cd1] c:\windows\system32\cd1.exe /nocomm O4 - HKLM\..\Run: [ms2src] c:\program files\common files\system\ms2src.exe /install O4 - HKLM\..\Run: [MPlay64] c:\program files\common files\system\mplay64.exe /noerrorinfo O4 - HKLM\..\Run: [wzdmg] c:\windows\system32\wzdmg.exe /nocomm O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c420.cab Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode. Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Please remove these entries from Add/Remove Programs in the Control Panel(if present): Viewpoint Please note any other programs that you dont recognize in that list in your next response Please delete these folders using Windows Explorer(if present): C:\Program Files\Viewpoint C:\Program Files\Security Toolbar Please delete these files using Windows Explorer(if present): ALCMTR.EXE <---You'll need to use the search function to find this entry c:\windows\system32\cd1.exe c:\program files\common files\system\ms2src.exe c:\program files\common files\system\mplay64.exe c:\windows\system32\wzdmg.exe C:\DOCUMENTS AND SETTINGS\WENDYCAMPIONE\LOCALSETTINGS\Temp\bwgo11fcd1ad.exe After that, Reboot. Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report Please post back with a new hijackthis log and the activescan log. Thanks, sari
  14. marinerschas2, I wanted you to run an online virus scan because you did have multiple unknown or definite virus files. Could you try one of these instead? Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply) +++++ If you are unable to run the activeX Antivirus Scanners, lets try this Java based solution from Trend Micro. Thanks, sari
  15. marinerschas2, Do you know what this entry is? O4 - HKLM\..\Run: [filit] C:\Documents and Settings\Chas\Desktop\foobar.exe Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode. Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Please delete these files using Windows Explorer(if present): windir32.exe <== You'll have to search for this file C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe After that, Reboot. Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a new hijackthis log for review. Thanks, sari
  16. marinerschas2, Umm, could you tell me what you did exactly? And did you disable startup programs in msconfig? If so, I need you to re-enable everything so I can see what's there, to verify there's nothing bad starting up. We don't really recommend that users delete items from hijackthis on their own, nor hide items in msconfig, as it makes it more difficult for us. Thanks, sari
  17. marinerschas2, I'm not sure what you did either, but let's get you cleaned up! First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet. To Get rid of NewDotNet, go to: Start > Control Panel > Add or Remove Programs and remove the following: New.Net Applications or New.Net Domains (anything that says New.Net) If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4. In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do. Please post back with a new hijackthis log and we'll work on the rest of your issues after that. Thanks, sari
  18. Yeah, and it wasn't pretty. Mandy had to wash his pants and the floor of #besttechie!
  19. A belated happy birthday, Gwyrox732! Sari
  20. With the correct version of hijackthis.... Logfile of HijackThis v1.98.2 Scan saved at 3:18:46 PM, on 10/7/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\NavNT\defwatch.exe C:\DMI\WIN32\bin\DellDmi.exe C:\Program Files\Dell\OpenManage\Client\EventAgt.exe C:\Program Files\Dell\OpenManage\Client\DLT.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\dmi\win32\bin\Win32sl.exe C:\WINDOWS\System32\MsgSys.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\DELLMMKB.EXE C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\NavNT\vptray.exe C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.spywareinfo.com/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
  21. Thanks, rock Did that - this is the log from my daughter's user id, then I'll post the one from mine if it looks different. Logfile of HijackThis v1.98.1 Scan saved at 2:39:48 PM, on 10/7/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\NavNT\defwatch.exe C:\DMI\WIN32\bin\DellDmi.exe C:\Program Files\Dell\OpenManage\Client\EventAgt.exe C:\Program Files\Dell\OpenManage\Client\DLT.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\dmi\win32\bin\Win32sl.exe C:\WINDOWS\System32\MsgSys.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\DELLMMKB.EXE C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\NavNT\vptray.exe C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahooligans.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
  22. I think I've cleaned this up, but doublecheck for me please Sari Logfile of HijackThis v1.98.1 Scan saved at 1:36:47 PM, on 10/7/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Nhksrv.exe C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\Program Files\NavNT\defwatch.exe C:\DMI\WIN32\bin\DellDmi.exe C:\Program Files\Dell\OpenManage\Client\EventAgt.exe C:\Program Files\Dell\OpenManage\Client\DLT.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\dmi\win32\bin\Win32sl.exe C:\WINDOWS\System32\MsgSys.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\DELLMMKB.EXE C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\NavNT\vptray.exe C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Windows SyncroAd\SyncroAd.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.spywareinfo.com/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [iPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l O4 - HKLM\..\Run: [iPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab