It may be coincidental, but about the time I downloaded an upgraded Spybot
program, I began to get a Security Warning that oftens reads something like
this:

"The current Web page is trying to open a site on the Internet. Do you want
to allow this?

Current site: ad.yieldmanager.com

Internet site: C:\Windows\system32\shdoclc.dll



Warning: allowing this can expose your computer to security risks. If you
don't trust the current Web page, choose no."

Here is my hijack this log, if it helps. Any suggestions are welcome.

Bob
================================================== =
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:52:06 PM, on 3/17/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\PDesk\PDesk.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\DPS\EzBackup\EzBackupStartupMonitor.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Microsoft Office\Office\1033\msoffice.exe

C:\Program Files\DPS\EzBackup\EzBackup.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\mgabg.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\ups.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\DPS\EzBackup\DPS_OneButton.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\Office\outlook.exe

C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Quote.com\QCharts 5.1\QCharts.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/mywaybiz

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://cm.my.yahoo.com/?.src=fp

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell4me.com/mywaybiz

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.hackerwatch.org/library/app/feedback/?Md5=3DC9256DA25BDFF582D7D46C59AD7112

O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
Experience\PCMService.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe
/Autolaunch

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common
Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support
Center\gs_agent\custom\dsca.exe"

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe"
/startup

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support
Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
/RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
/RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
/RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
/RUNONCE (User 'Default user')

O4 - Startup: Check for ContinuumClient Updates.lnk = C:\Program
Files\Quote.com\ContinuumClient\WiseUpdt.exe

O4 - Startup: Check for QCharts Updates.lnk = C:\Program
Files\Quote.com\QCharts 5.1\WiseUpdt.exe

O4 - Global Startup: APC UPS Status.lnk = ?

O4 - Global Startup: EzBackup Monitor.lnk = C:\Program
Files\DPS\EzBackup\EzBackupStartupMonitor.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google
Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player -
{d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) -
http://leg3.state.va.us/qp2.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) -
http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124031960359

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer
Control) - http://www.sbe.state.va.us/viewer/activeXViewer/activexviewer.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://optionsxpressevents.webex.com/client/T25L/webex/ieatgpc.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
http://download.abacast.com/download/files/abasetup162.cab

O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) -
http://207.190.197.68/webmap/Acgm.cab

O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} -
http://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation -
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program
Files\DellSupport\brkrsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common
Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program
Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common
Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: MGABGEXE - Matrox Graphics Inc. -
C:\WINDOWS\system32\mgabg.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter)
(sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell
Support Center\bin\sprtsvc.exe



--

End of file - 10363 bytes

On Mar 17, 4:06*pm, "Bob Griendling" > wrote:
> It may be coincidental, but about the time I downloaded an upgraded Spybot
> program, I began to get a Security Warning that oftens reads something like
> this:
>
> "The current Web page is trying to open a site on the Internet. Do you want
> to allow this?
>
> Current site: *ad.yieldmanager.com
>
> Internet site: C:\Windows\system32\shdoclc.dll
>
> Warning: allowing this can expose your computer to security risks. If you
> don't trust the current Web page, choose no."
>
> Here is my hijack this log, if it helps. *Any suggestions are welcome.
>
> Bob
> ================================================== =
> Logfile of Trend Micro HijackThis v2.0.2
>
> Scan saved at 4:52:06 PM, on 3/17/2008
>
> Platform: Windows XP SP2 (WinNT 5.01.2600)
>
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Boot mode: Normal
>
> Running processes:
>
> C:\WINDOWS\System32\smss.exe
>
> C:\WINDOWS\system32\winlogon.exe
>
> C:\WINDOWS\system32\services.exe
>
> C:\WINDOWS\system32\lsass.exe
>
> C:\WINDOWS\system32\svchost.exe
>
> C:\WINDOWS\System32\svchost.exe
>
> C:\WINDOWS\Explorer.EXE
>
> C:\WINDOWS\system32\spoolsv.exe
>
> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
>
> C:\Program Files\Dell\Media Experience\PCMService.exe
>
> C:\WINDOWS\system32\dla\tfswctrl.exe
>
> C:\WINDOWS\system32\PDesk\PDesk.exe
>
> C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
>
> C:\Program Files\DellSupport\DSAgnt.exe
>
> C:\Program Files\Dell Support Center\bin\sprtcmd.exe
>
> C:\Program Files\DPS\EzBackup\EzBackupStartupMonitor.exe
>
> C:\Program Files\Google\Google Updater\GoogleUpdater.exe
>
> C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
>
> C:\Program Files\DPS\EzBackup\EzBackup.exe
>
> C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
>
> C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
>
> C:\Program Files\Common Files\Apple\Mobile Device
> Support\bin\AppleMobileDeviceService.exe
>
> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
>
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
>
> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
>
> C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
>
> C:\WINDOWS\system32\mgabg.exe
>
> C:\Program Files\Dell Support Center\bin\sprtsvc.exe
>
> C:\WINDOWS\system32\svchost.exe
>
> C:\WINDOWS\System32\ups.exe
>
> C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
>
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
>
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
>
> C:\Program Files\DPS\EzBackup\DPS_OneButton.exe
>
> C:\Program Files\Internet Explorer\iexplore.exe
>
> C:\WINDOWS\system32\igfxsrvc.exe
>
> C:\Program Files\Microsoft Office\Office\outlook.exe
>
> C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
>
> C:\Program Files\Internet Explorer\iexplore.exe
>
> C:\Program Files\Quote.com\QCharts 5.1\QCharts.exe
>
> C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
>
> C:\Program Files\Microsoft Office\Office\WINWORD.EXE
>
> C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://www.dell4me.com/mywaybiz
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://cm.my.yahoo.com/?.src=fp
>
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.dell4me.com/mywaybiz
>
> R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://www.hackerwatch.org/library/app/feedback/?Md5=3DC9256DA25BDFF5...
>
> O2 - BHO: Adobe PDF Reader Link Helper -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
> Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
>
> O2 - BHO: Spybot-S&D IE Protection -
> {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
>
> O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
> C:\WINDOWS\system32\dla\tfswshx.dll
>
> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
> C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
>
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> c:\program files\google\googletoolbar1.dll
>
> O2 - BHO: Google Toolbar Notifier BHO -
> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
> Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
>
> O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
>
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> files\google\googletoolbar1.dll
>
> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
> Experience\PCMService.exe"
>
> O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
>
> O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
>
> O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
>
> O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
>
> O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
>
> O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe
> /Autolaunch
>
> O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common
> Files\LogiShrd\LComMgr\Communications_Helper.exe"
>
> O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
> Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
>
> O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support
> Center\gs_agent\custom\dsca.exe"
>
> O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe"
> /startup
>
> O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support
> Center\bin\sprtcmd.exe" /P DellSupportCenter
>
> O4 - HKCU\..\RunOnce: [FlashPlayerUpdate]
> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
>
> O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
> /RUNONCE (User 'LOCAL SERVICE')
>
> O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
> /RUNONCE (User 'NETWORK SERVICE')
>
> O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
> /RUNONCE (User 'SYSTEM')
>
> O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
> /RUNONCE (User 'Default user')
>
> O4 - Startup: Check for ContinuumClient Updates.lnk = C:\Program
> Files\Quote.com\ContinuumClient\WiseUpdt.exe
>
> O4 - Startup: Check for QCharts Updates.lnk = C:\Program
> Files\Quote.com\QCharts 5.1\WiseUpdt.exe
>
> O4 - Global Startup: APC UPS Status.lnk = ?
>
> O4 - Global Startup: EzBackup Monitor.lnk = C:\Program
> Files\DPS\EzBackup\EzBackupStartupMonitor.exe
>
> O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google
> Updater\GoogleUpdater.exe
>
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office\OSA9.EXE
>
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
>
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\jre1.6.0_03\bin\ssv.dll
>
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
>
> O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
> Files\AIM\aim.exe
>
> O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
> C:\WINDOWS\system32\Shdocvw.dll
>
> O9 - Extra button: MUSICMATCH MX Web Player -
> {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -http://wwws.musicmatch.com/mmz/openWebRadio.html(file missing)
>
> O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
>
> O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
> {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
>
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
>
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
>
> O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) -http://leg3.state.va.us/qp2.cab
>
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
> Validation Tool) -http://go.microsoft.com/fwlink/?linkid=39204
>
> O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) -http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
>
> O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
>
> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clie...
>
> O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -http://www.crucial.com/controls/cpcScanner.cab
>
> O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer
> Control) -http://www.sbe.state.va.us/viewer/activeXViewer/activexviewer.cab
>
> O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -https://optionsxpressevents.webex.com/client/T25L/webex/ieatgpc.cab
>
> O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -http://download.abacast..com/download/files/abasetup162.cab
>
> O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) -http://207.190.197.68/webmap/Acgm.cab
>
> O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} -http://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe
>
> O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
> C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
>
> O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program
> Files\Lavasoft\Ad-Aware 2007\aawservice.exe
>
> O23 - Service: APC UPS Service - American Power Conversion Corporation -
> C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
>
> O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common
> Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
>
> O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program
> Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
>
> O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
>
> O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
> C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
>
> O23 - Service: DSBrokerService - Unknown owner - C:\Program
> Files\DellSupport\brkrsvc.exe
>
> O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
> Files\Google\Common\Google Updater\GoogleUpdaterService.exe
>
> O23 - Service: iPod Service - Apple Inc. - C:\Program
> Files\iPod\bin\iPodService.exe
>
> O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common
> Files\LogiShrd\LVCOMSER\LVComSer.exe
>
> O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program
> Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
>
> O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common
> Files\LogiShrd\SrvLnch\SrvLnch.exe
>
> O23 - Service: MGABGEXE - Matrox Graphics Inc. -
> C:\WINDOWS\system32\mgabg.exe
>
> O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation -
> C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
>
> O23 - Service: SupportSoft Sprocket Service (dellsupportcenter)
> (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell
> Support Center\bin\sprtsvc.exe
>
> --
>
> End of file - 10363 bytes

Your HiJackThis log is not useful here. You will need to re=post it
on a true HiJackThis web forum.

"Bob Griendling" > wrote in message
...
> It may be coincidental, but about the time I downloaded an upgraded Spybot
> program, I began to get a Security Warning that oftens reads something like
> this:
>
> "The current Web page is trying to open a site on the Internet. Do you want to
> allow this?
>
> Current site: ad.yieldmanager.com
>
> Internet site: C:\Windows\system32\shdoclc.dll
>
>
>
> Warning: allowing this can expose your computer to security risks. If you
> don't trust the current Web page, choose no."
>
> Here is my hijack this log, if it helps. Any suggestions are welcome.


<snipped>

There are a number of web sites where HijackThis logs should be posted. Here are
some of the more popular ones.

CastleCops HijackThis Forum
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.htm l

Aumha Forums - HijackThis Logs
http://forum.aumha.org/

HijackThis Logs and Analysis
http://www.bleepingcomputer.com/forums/HijackThis_Logs_and_Analysis-f22.html

HijackThis Logs and Spyware/Malware Removal
http://forums.whatthetech.com/HijackThis_Logs_and_Infections_Removal_f27.html

Spyware Warrior HijackThis Logs
http://spywarewarrior.com/viewforum.php?f=5

These forums are staffed by volunteers who have demonstrated their ability to
interpret these logs and provide safe and helpful assistance. Also, the forums
are moderated, adding a degree of assurance that the advice given is valid.
Please do not post a HijackThis log on one of these newsgroups. You have no
guarantee that the advice given would not make a bad situation worse.

Good luck

Nepatsfan

Hi, Everyone,

I'm having the same thing happen to me now, too.

Is this necessarily a Spybot side-effect, though? (I'd looked in that
program and couldn't find what's making it happen, or what could turn it off.)

If not, any ideas about what else could be causing this?

Thanks,
Bram


"Bob Griendling" wrote:

> It may be coincidental, but about the time I downloaded an upgraded Spybot
> program, I began to get a Security Warning that oftens reads something like
> this:
>
> "The current Web page is trying to open a site on the Internet. Do you want
> to allow this?
>
> Current site: ad.yieldmanager.com
>
> Internet site: C:\Windows\system32\shdoclc.dll
>
>
>
> Warning: allowing this can expose your computer to security risks. If you
> don't trust the current Web page, choose no."
>
> Here is my hijack this log, if it helps. Any suggestions are welcome.
>
> Bob

<SNIP>