Hello, does anyone know how to remove? I tried 2x with HJT but it won't go. Thanks.

Are you sure you want to?

You could always try uninstalling the programs that put them there.

sockspy.dll: http://www.bitdefender.com/support/wks_prof_uninstall.htm

wbsys.dll: http://www.stardock.com/products/windowblinds/

Regards,

Pieter

sockspy.dll is part of bitdefender antivirus so it won't go while bitdefender is installed and running

wbsys.dll is part of windows blinds

Not all appinit dll's are bad and a lot of genuine applications put them in that location so they start before the main part of windows loads

Especially useful for an antivirus or a windows skinning tool

Edit:

Damn it!! Pieter is quicker typing than me

but 2 answers the same are better than none

Well, I don't have Bitdefender (unless it's in an "all-in-one" tool) and i've had WB installed for a long time and have never seen that entry.

HJT says it's a rare entry (under AppInit) and usually by a trojan

**edit - maybe Giant AS uses bit defender as it's "real time protection" - which would mean, i've got 2 AV's running.

-{ Quote: "Well, I don't have Bitdefender (unless it's in an "all-in-one" tool) and i've had WB installed for a long time and have never seen that entry.

HJT says it's a rare entry (under AppInit) and usually by a trojan" }-

They are not so rare nowadays but HJT has only been showing them since 1.98.1 so not very long

but if you haven't got bitdefender then post your HJt log so I can look it over and se if it Might belong to something else

Thanks dvko1 - :)

-{ Quote: "Logfile of HijackThis v1.98.2
Scan saved at 11:31:11 AM, on 10/26/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PowerPanel\upssrv.exe
C:\Program Files\ProcessGuard Free\dcsuserprot.exe
C:\PowerPanel\upsio.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\Program Files\PREVX\Prevx Home\PXAgent.exe
C:\PROGRA~1\TrayMan\ntstart.exe
C:\PROGRA~1\TrayMan\trayman.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dudez\ProtoWall\ProtoWall.exe
C:\Program Files\PREVX\Prevx Home\SAGUI.exe
C:\Program Files\ProcessGuard Free\procguard.exe
C:\Program Files\Active SMART\ActiveSMART.exe
C:\WINDOWS\System32\svchost.exe
H:\eMule\emule.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\ePrompter\ePrompter.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\PROGRA~1\firefox\firefox.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://skaner.mks.com.pl/skaner.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://skaner.mks.com.pl/skaner.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &StormTranslator - {AF7BB79F-070F-420D-83B7-8D138611A26F} - C:\PROGRA~1\STORMS~1\STORMT~1\STORMT~1.DLL
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O4 - HKLM\..\Run: [gcasServ] C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
O4 - HKLM\..\Run: [DiskeeperSystray] C:\Program Files\Executive Software\Diskeeper\DkIcon.exe
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKLM\..\Run: [gcasDtServ] gcasDtServ.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Dudez\ProtoWall\ProtoWall.exe
O4 - Startup: Active SMART.lnk = C:\Program Files\Active SMART\ActiveSMART.exe
O4 - Global Startup: Prevx Home.lnk = C:\Program Files\PREVX\Prevx Home\SAGUI.exe
O4 - Global Startup: Process Guard Free.lnk = C:\Program Files\ProcessGuard Free\procguard.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1091910446953
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - AppInit_DLLs: sockspy.dll,wbsys.dll" }-

Sockspy.dll is a dll that scans incoming packets at winsock level and is used by several other antiviruses apart from Bitdefendr

I have found it in Bullguard and I am assuming it is part of Giant antispyware or possibly even winpatrol

I can almost 200% guarantee it isn't bad otherwise KAV would definitely have screamed

Out of curiosity. You have a toolbar that I am unfamiliar with.
O3 - Toolbar: &StormTranslator - {AF7BB79F-070F-420D-83B7-8D138611A26F} - C:\PROGRA~1\STORMS~1\STORMT~1\STORMT~1.DLL

Do you have this program installed?
http://www.shareup.com/Storm_Translator-download-22981.html

TIA,

Pieter

Yes, I think that is the one. (translator) - I does not work too well. I tried it once and I think it just uses bablefish - which, to me, is a joke (not good) - I do understand it is hard to translate though.

Well, something is wrong. After rebooting and entering my password, it is stuck on "loading your personal settings" - been 15 minutes so for.