|
|
|
Having Problems ??? Not sure where to start?!!
|
|
Junior Member
|
4. April 2007 @ 07:44 |
Link to this message
|
I am not sure where to begin?
About one week ago I just suddenly was not able to access the internet(DSL). One day it was good, next day nada!
Contacted my provider, determined after many things,for example going into safe mode , that it is not my connection with the provider. According to them it is my computer keeping me off!
Their recommendations was to delete all of my security programs such as adaware, Spybot, and even my norton which had expired and turn my windows firewall off and see if that makes a difference. Did It and NOOOO it did not make a difference. Now I am afraid that I am really gonna screw it up by trying to figure it out myself.
at the time I had my guest account turned off and only using the administrator account, I have since turned the guest on and when I log on to it I can access the Internet with no problems.
This has been going on for about 1 week.
Now as of yesterday my computer will just turn off with no reason??
I was in the middle of using CloneDVD and with no warning it turned off and restarted on its own??
I have not done any scans , I have deleted them all and with no access to the internet on administrator where it seems that I have the problem I was not sure if by doing them on guest if it would be accurate??
Please help or I am going to have to call in a professional or something.
I feel sure that I have a virus or something bad?
thanks for any help!!
MGB
|
|
Advertisement
|
 |
|
|
Senior Member
|
4. April 2007 @ 11:02 |
Link to this message
|
Hello, you probably have some sort of trojan... You absolutly need to download HijackThis, run it and then post your log in here.
You mentioned that you had Spybot, but do you have CCleaner and Ad-Aware Se Personal too? What kind of firewall are you running, if any? I would highly recamend Mcafee, but that's once you get your problem solved.
In the mean time, please download HijackThis for whatever computer you can get online with, and transfer it to the infected one. Then run it, and post your log in your next post. Thanks!
|
Junior Member
|
5. April 2007 @ 04:49 |
Link to this message
|
|
Hey thanks for the help I will do this as soon as I can
Im at work right now / will do as soon as i get home
This is worrying me bad
I did leave a panda scan running this am when I left the house . Do you think that will help?
It had already found quiet a bit of spyware before I left.
MGB
|
Junior Member
|
5. April 2007 @ 12:40 |
Link to this message
|
Oh my , I think I have done this right!?
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:27:19 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Support.com\BellSouth\hcenter.exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
C:\Program Files\PC Power Suite\adblock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Melanie\Local Settings\Temporary Internet Files\Content.IE5\7UWN79WH\HiJackThis_v2.0.0.0[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://localhost:2323
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Wallpaper Changer] wallpaper.exe -minimize
O4 - HKCU\..\Run: [L07AXLRD_2193406] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Ad and Popup Blocker] "C:\Program Files\PC Power Suite\adblock.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-21-1904059037-1350700745-461619664-1016\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-1904059037-1350700745-461619664-1016\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1904059037-1350700745-461619664-1016\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm342YYUS
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug/...ransporter.cab?
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v48/pool/pool.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource...lscbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1168119499000
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: (no name) - http://webmaila.netzero.net/webmail/8?fo...967&attachId=13
O24 - Desktop Component 1: (no name) - file:///C:/Program%20Files/NetZero/qsacc/Help/img/broadband-guide.gif
O24 - Desktop Component 2: (no name) - http://www.bbfi-oceania.org/keefe/pagegraphics/koala1.jpg
O24 - Desktop Component 3: (no name) - http://www.bbfi-oceania.org/keefe/pagegraphics/koala2.jpg
--
End of file - 13654 bytes
Looking forward to hearing from you
by the way the panda scan found 47 spywares, but did not fix because internet time expired
will try again if need be.
MGB
|
|
The_Fiend
Suspended permanently
|
5. April 2007 @ 15:06 |
Link to this message
|
Log into your system in safe mode *press F8 while your system boots up* then run another Spybot scan, redownload HijackThis, rename it, then run it as usual, and post another log.
irc://arcor.de.eu.dal.net/wasted_hate
Wanna tell me off, go ahead.
I dare ya !
This message has been edited since posting. Last time this message was edited on 5. April 2007 @ 15:09
|
Junior Member
|
5. April 2007 @ 16:07 |
Link to this message
|
ok i tried:(
only was able to run Spybot , which did not find anything
when i try to get on internet to redownload and do the other stuff my computer locks up, cursor won't move can do anything but turn the stupid thing off and start over
Does the first log i posted look bad?
MGB
|
|
The_Fiend
Suspended permanently
|
5. April 2007 @ 16:15 |
Link to this message
|
|
Well, i can't really say, i don't see any malware that i know.
But the system crashing is always a bad sign.
I think your best bet is asking Kotaguy to check your logs, and see if he sees anything, or has some suggestions, tools wise.
irc://arcor.de.eu.dal.net/wasted_hate
Wanna tell me off, go ahead.
I dare ya !
|
|
KotaGuy
Member
|
5. April 2007 @ 16:38 |
Link to this message
|
|
I don't think this is a malware issue.
Do the problems only happen when logged into your account and not the guest account?
|
Junior Member
|
6. April 2007 @ 03:36 |
Link to this message
|
Yes
I did a system restore also on Wed, did change anything as far as my internet!
When I am in guest I can go straight to the internet as normal no problems pulls right up, even go to my email!?
On my user name it will pull up a distorted homepage, I can enter an address and navigate but when I try my email it show an error and says it cannot be found. It only locked up on me when I was trying to re-do those things in safe mode.
I have ran Spybot , found a few things that it fixed
i ran Ad-Aware it found a few things and they fixed okay
I am about to give up and let someone else look at it because I m afraid I have messed something up trying to fix my internet?:(
Do you thing it is my internet setup that is corrupted?
If I uninstall my service(Bellsouth) and reinstall do you think that might help
I seems that it is all revolving around that to me
I can't even pull up their help center anymore?
MGB
|
|
KotaGuy
Member
|
6. April 2007 @ 07:00 |
Link to this message
|
Could possibly be some corruption in your ISP software. May also be some corruption in your account profile.
Though I don't think its malware related... I would like to rule that out for sure.
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
[*]Now click the Run Scan button on the toolbar.
[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
|
Member
|
6. April 2007 @ 16:41 |
Link to this message
|
|
What about the LSP?
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
|
janrocks
Suspended permanently
|
6. April 2007 @ 17:18 |
Link to this message
|
My check through agrees with Kota..
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
It seems that the name of this program is the same as the name of the file. In the most cases this is the result of trojans. To be sure, you should check this file.
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm342YYUS
The entry &Search has been identified as nasty.
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug/...ransporter.cab?
Should be fixed. This entry is possibly nasty.
And one that for some reason I don't like the look of, even though the HjT scanner I use hasn't done more than put a caution against it..
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
|
Member
|
6. April 2007 @ 17:23 |
Link to this message
|
Just out of interest, what HjT scanner do you use?
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
Junior Member
|
6. April 2007 @ 17:24 |
Link to this message
|
|
UPX!
FSG!
PEC2
PECompact2
Umonitor
qoologic
aspack
PTech
urllogic
ad-beh
ad-behNior.com
sYVLLSAKY
_rtneg3
SAHAgent
buddy.exe
ZepMon
aurora.exe
;2x(V]@BMD
Tlji7Mk
urllogic
KavSvc
69.59.186.63
209.66.67.134
66.63.167.97
66.63.167.77
abetterinternet.com
8B!7F\(T
testpopup
web-nex
yourkey
winsync
rec2_run
WinShutDown
ad-w-a-r-e.com
WSUD
Call (RPC) Help
lightspeedsarch
NIWU.UWIN
UpackByDwing
MZKERNEL32.DLL
UPX0
nspack$
Win32 only!
Thawte Consulting
USERTRUST
CNNIC
not sure if this is what you wanted?
MGB
|
Junior Member
|
6. April 2007 @ 17:28 |
Link to this message
|
to fredil
obviously not the right one
I used Spybot Ad-Aware and windows?
i let my nortin expire?:(
MGB
|
Member
|
6. April 2007 @ 17:30 |
Link to this message
|
|
hehe... I was talking to janrocks :)
Geeks to Go - Trusted Helper
Please do not PM for help - please post on the forums.
|
|
KotaGuy
Member
|
6. April 2007 @ 19:21 |
Link to this message
|
|
|
Junior Member
|
7. April 2007 @ 04:15 |
Link to this message
|
|
ok hope i did mess up
when i went back to re-do what you asked and run the scan again a box popped up and said
access violation at address 004A7647 in module 'WinPFind3U.exe'. Read of address FFFFFFFF.
will not run scan ?
I am using my guest acct
should I delete the download and re do it again on my acct since that is where my problem seems to be?
To Fredil OOPS I didn't realize U wasn't talking to me!
Thanks U guys for the help, I really appreciate your time in helping me!
MGB
|
Junior Member
|
7. April 2007 @ 04:31 |
Link to this message
|
WinPFind3 logfile created on: 4/7/2007 8:21:24 AM
WinPFind3U by OldTimer - Version 1.0.33 Folder = C:\Documents and Settings\Melanie\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
254.00 Mb Total Physical Memory | 60.12 Mb Available Physical Memory | 23.67% Memory free
625.06 Mb Paging File | 396.49 Mb Available in Paging File | 63.43% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 10.82 Gb Free Space | 29.08% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: D5T6Q351
Current User Name: Melanie
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
adblock.exe -> %ProgramFiles%\PC Power Suite\adblock.exe -> [Ver = 1, 0, 1, 1 | Size = 433152 bytes | Modified Date = 5/13/2005 8:21:00 PM | Attr = ]
anydvd.exe -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVD.exe -> SlySoft, Inc. [Ver = 6.1.3.3 | Size = 363365 bytes | Modified Date = 3/21/2007 10:04:24 AM | Attr = ]
bellsouthalertmanager.exe -> %ProgramFiles%\BellSouth\Alert Manager\BellSouthAlertManager.exe -> BellSouth [Ver = 1.3.20.1229 | Size = 1896448 bytes | Modified Date = 1/10/2006 5:56:58 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 192112 bytes | Modified Date = 10/6/2005 2:25:16 PM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 169584 bytes | Modified Date = 10/6/2005 2:25:20 PM | Attr = ]
djsnetcn.exe -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.0.0.84 | Size = 54928 bytes | Modified Date = 10/6/2005 2:25:40 PM | Attr = ]
dlbkbmgr.exe -> %ProgramFiles%\Dell AIO Printer A920\dlbkbmgr.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 270336 bytes | Modified Date = 5/2/2003 7:46:04 PM | Attr = ]
dlbkbmon.exe -> %ProgramFiles%\Dell AIO Printer A920\dlbkbmon.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 53248 bytes | Modified Date = 5/2/2003 8:06:44 PM | Attr = ]
dsagnt.exe -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 0, 73 | Size = 306688 bytes | Modified Date = 7/19/2004 8:51:24 AM | Attr = ]
hcenter.exe -> %ProgramFiles%\Support.com\BellSouth\hcenter.exe -> BellSouth [Ver = 6,1,35,0 | Size = 1277952 bytes | Modified Date = 8/31/2005 3:14:52 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 4/7/2003 1:07:38 AM | Attr = ]
intelmem.exe -> %ProgramFiles%\Intel\Modem Event Monitor\IntelMEM.exe -> Intel Corporation [Ver = 0, 1, 0, 10 | Size = 221184 bytes | Modified Date = 9/3/2003 9:12:44 PM | Attr = ]
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 5:40:32 AM | Attr = ]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 5/2/2003 7:44:48 PM | Attr = ]
lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 174592 bytes | Modified Date = 5/2/2003 7:42:06 PM | Attr = ]
mm_tray.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 9.00.2063 | Size = 131072 bytes | Modified Date = 10/7/2004 7:49:36 PM | Attr = ]
mmtask.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 10/7/2004 7:49:36 PM | Attr = ]
navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.1.0.20 | Size = 139936 bytes | Modified Date = 12/8/2005 2:21:32 AM | Attr = ]
npfmntor.exe -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.1.0.20 | Size = 46752 bytes | Modified Date = 12/8/2005 2:21:56 AM | Attr = ]
pcmservice.exe -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 8:47:34 PM | Attr = ]
phleautorun.exe -> %ProgramFiles%\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1.10L09.0057 | Size = 57344 bytes | Modified Date = 11/14/2005 12:25:02 PM | Attr = ]
realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 6/23/2004 12:49:30 AM | Attr = ]
sgtray.exe -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 2:01:00 AM | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.0.99 | Size = 214672 bytes | Modified Date = 10/6/2005 2:24:30 PM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 12/24/2005 10:43:50 PM | Attr = ]
symwsc.exe -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 5:59:50 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.33.0 | Size = 318464 bytes | Modified Date = 4/2/2007 10:01:54 PM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 192112 bytes | Modified Date = 10/6/2005 2:25:16 PM | Attr = ]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 2.1.6.3 | Size = 218736 bytes | Modified Date = 2/28/2005 4:56:32 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 103.0.4.3 | Size = 79472 bytes | Modified Date = 3/23/2005 3:34:48 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 169584 bytes | Modified Date = 10/6/2005 2:25:20 PM | Attr = ]
(DJSNETCN) Symantec Licensing Detect Internet Connection [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.0.0.84 | Size = 54928 bytes | Modified Date = 10/6/2005 2:25:40 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 5/2/2003 7:44:48 PM | Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.1.0.20 | Size = 139936 bytes | Modified Date = 12/8/2005 2:21:32 AM | Attr = ]
(NPFMntor) Norton AntiVirus firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.1.0.20 | Size = 46752 bytes | Modified Date = 12/8/2005 2:21:56 AM | Attr = ]
(NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.3.2 | Size = 749744 bytes | Modified Date = 12/19/2005 12:45:14 PM | Attr = ]
(SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 10/6/2005 2:26:44 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.0.99 | Size = 214672 bytes | Modified Date = 10/6/2005 2:24:30 PM | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 10/6/2005 2:24:34 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 12/24/2005 10:43:50 PM | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 5:59:50 PM | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BellSouthAlertManager.exe -> %ProgramFiles%\BellSouth\Alert Manager\BellSouthAlertManager.exe -> BellSouth [Ver = 1.3.20.1229 | Size = 1896448 bytes | Modified Date = 1/10/2006 5:56:58 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 52848 bytes | Modified Date = 10/6/2005 2:25:14 PM | Attr = ]
Dell AIO Printer A920 -> %ProgramFiles%\Dell AIO Printer A920\dlbkbmgr.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 270336 bytes | Modified Date = 5/2/2003 7:46:04 PM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 4/7/2003 1:07:38 AM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 155648 bytes | Modified Date = 4/7/2003 1:19:52 AM | Attr = ]
IntelMeM -> %ProgramFiles%\Intel\Modem Event Monitor\IntelMEM.exe -> Intel Corporation [Ver = 0, 1, 0, 10 | Size = 221184 bytes | Modified Date = 9/3/2003 9:12:44 PM | Attr = ]
mmtask -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 10/7/2004 7:49:36 PM | Attr = ]
MMTray -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 9.00.2063 | Size = 131072 bytes | Modified Date = 10/7/2004 7:49:36 PM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
PCMService -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 8:47:34 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.3 | Size = 77824 bytes | Modified Date = 6/23/2004 12:49:52 AM | Attr = ]
RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 6/23/2004 12:49:30 AM | Attr = ]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 6.0.0.99 | Size = 99984 bytes | Modified Date = 12/24/2005 10:45:42 PM | Attr = ]
tgcmd -> %ProgramFiles%\Support.com\BellSouth\hcenter.exe -> BellSouth [Ver = 6,1,35,0 | Size = 1277952 bytes | Modified Date = 8/31/2005 3:14:52 PM | Attr = ]
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 2:01:00 AM | Attr = ]
URLLSTCK.exe -> %ProgramFiles%\Norton Internet Security\URLLSTCK.EXE -> Symantec Corporation [Ver = 7.0.3.8 | Size = 70800 bytes | Modified Date = 12/11/2003 8:35:18 PM | Attr = ]
< RunServices [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
DJSNetCN -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.0.0.84 | Size = 54928 bytes | Modified Date = 10/6/2005 2:25:40 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Ad and Popup Blocker -> %ProgramFiles%\PC Power Suite\adblock.exe -> [Ver = 1, 0, 1, 1 | Size = 433152 bytes | Modified Date = 5/13/2005 8:21:00 PM | Attr = ]
AnyDVD -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVD.exe -> SlySoft, Inc. [Ver = 6.1.3.3 | Size = 363365 bytes | Modified Date = 3/21/2007 10:04:24 AM | Attr = ]
DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 0, 73 | Size = 306688 bytes | Modified Date = 7/19/2004 8:51:24 AM | Attr = ]
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 5:40:32 AM | Attr = ]
MoneyAgent -> %ProgramFiles%\Microsoft Money\System\MNYEXPR.EXE -> Microsoft Corp. [Ver = 12.00.0613 | Size = 200704 bytes | Modified Date = 6/18/2003 1:00:00 PM | Attr = ]
NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe -> Ahead Software AG [Ver = 1, 2, 0, 24 | Size = 1871872 bytes | Modified Date = 8/25/2004 5:28:20 PM | Attr = ]
Wallpaper Changer -> wallpaper.exe -> File not found
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/13/2004 3:44:06 PM | Attr = ]
%AllUsersStartup%\Event Reminder.lnk -> %ProgramFiles%\Broderbund\Broderbund Party and Crafts Creator\pmremind.exe -> Broderbund Properties LLC [Ver = 4, 1, 0, 1061 | Size = 331776 bytes | Modified Date = 2/28/2002 10:19:20 PM | Attr = ]
%AllUsersStartup%\LUMIX Simple Viewer.lnk -> %ProgramFiles%\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1.10L09.0057 | Size = 57344 bytes | Modified Date = 11/14/2005 12:25:02 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\Melanie\Start Menu\Programs\Startup
%UserStartup%\Event Reminder.lnk -> %SystemDrive%\pmw\PMREMIND.EXE -> [Ver = 1, 0, 0, 1 | Size = 255408 bytes | Modified Date = 2/24/1998 12:02:42 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2104 | Size = 315392 bytes | Modified Date = 4/7/2003 1:06:48 AM | Attr = ]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKLM: Search Bar -> ->
HKLM: Search Page -> http://my.netzero.net/s/search?r=minisearch ->
HKLM: Start Page -> http://home.bellsouth.net/ ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> about:blank ->
HKCU: Default_Page_URL -> http://www.dell4me.com/myway ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> about:blank ->
HKCU: Search Page -> http://my.netzero.net/s/search?r=minisearch ->
HKCU: Start Page -> http://home.bellsouth.net/ ->
HKCU: ProxyEnable -> 1 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
musicmatch.com [*] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
musicmatch.com [*] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/13/2004 12:56:50 PM | Attr = ]
{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKLM] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 5:57:20 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 2:04:00 AM | Attr = ]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKLM] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> Symantec Corporation [Ver = 7.0.1.11 | Size = 126976 bytes | Modified Date = 11/21/2003 5:04:52 PM | Attr = ]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 12.1.0.20 | Size = 140960 bytes | Modified Date = 12/8/2005 2:21:48 AM | Attr = ]
SOFTWARE [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} [HKLM] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Web assistant] -> Symantec Corporation [Ver = 7.0.1.11 | Size = 126976 bytes | Modified Date = 11/21/2003 5:04:52 PM | Attr = ]
{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKLM] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 5:57:20 PM | Attr = ]
{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.1.0.20 | Size = 140960 bytes | Modified Date = 12/8/2005 2:21:48 AM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ]
{F5735C15-1FB2-41FE-BA12-242757E69DDE} [HKLM] -> %ProgramFiles%\NetZero\toolbar.dll [ZeroBar] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Web assistant] -> Symantec Corporation [Ver = 7.0.1.11 | Size = 126976 bytes | Modified Date = 11/21/2003 5:04:52 PM | Attr = ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKLM] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 5:57:20 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ]
WebBrowser\\{F5735C15-1FB2-41FE-BA12-242757E69DDE} [HKLM] -> %ProgramFiles%\NetZero\toolbar.dll [ZeroBar] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found
{B205A35E-1FC4-4CE3-818B-899DBBB3388C} -> Reg Data - Value does not exist [ButtonText: Encarta Search Bar] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&AIM Search -> Reg Data - Value does not exist -> File not found
&Search -> http:\bar.mywebsearch.com\menusearch.htm -> File not found
Display All Images with Full Quality -> -> File not found
Display Image with Full Quality -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{D95FE6A6-D042-4529-A798-6B0D6D57B8F0} -> (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00000161-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/msaud.cab ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> Microsoft Office Template and Media Control - CodeBase = http://office.microsoft.com/templates/ieawsdc.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> - CodeBase = http://wdownload.weatherbug.com/minibug/...ransporter.cab? ->
{31E68DE2-5548-4B23-88F0-C51E6A0F695E} -> Microsoft PID Sniffer - CodeBase = https://support.microsoft.com/OAS/ActiveX/odc.cab ->
{33E54F7F-561C-49E6-929B-D7E76D3AFEB1} -> Pool Control - CodeBase = http://www.worldwinner.com/games/v48/pool/pool.cab ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.safety.live.com/resource...lscbase8460.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupd...b?1168119499000 ->
{74C861A1-D548-4916-BC8A-FDE92EDFF62C} -> - CodeBase = http://mediaplayer.walmart.com/installer/install.cab ->
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> Wwlaunch Control - CodeBase = http://www.worldwinner.com/games/shared/wwlaunch.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/products/plugin/auto...indows-i586.cab ->
{94299420-321F-4FF9-A247-62A23EBB640B} -> WordMojo Control - CodeBase = http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -> Paint Control - CodeBase = http://www.worldwinner.com/games/v42/paint/paint.cab ->
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/products/plugin/auto...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 4/4/2007 12:20:28 PM | Attr = ]
fcbc823b6a370499df830637f2 -> %SystemDrive%\fcbc823b6a370499df830637f2 -> [Folder | Created Date = 4/4/2007 12:21:09 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 266407936 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
Stranger_Than_Fiction -> %SystemDrive%\Stranger_Than_Fiction -> [Folder | Created Date = 4/4/2007 12:21:09 PM | Attr = ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 4/4/2007 2:01:09 AM | Attr = ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/14/2007 2:02:40 AM | Attr = ]
XoftSpy.job -> %SystemRoot%\tasks\XoftSpy.job -> [Ver = | Size = 304 bytes | Created Date = 4/5/2007 4:02:56 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 4/4/2007 11:25:32 AM | Attr = ]
Bc450rtl.dll -> %System32%\Bc450rtl.dll -> Borland International [Ver = 1.5 | Size = 220672 bytes | Created Date = 2/15/2021 8:56:14 AM | Attr = ]
PerfStringBackup.TMP -> %System32%\PerfStringBackup.TMP -> [Ver = | Size = 3412 bytes | Created Date = 4/4/2007 11:34:22 AM | Attr = ]
SymNeti.dll -> %System32%\SymNeti.dll -> Symantec Corporation [Ver = 6.0.0.99 | Size = 534160 bytes | Created Date = 3/26/2007 5:10:48 PM | Attr = ]
AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.3.3 | Size = 77000 bytes | Created Date = 3/15/2007 5:42:09 PM | Attr = ]
[Files/Folders - Modified Within 30 days]
686e0dbcc97266786b -> %SystemDrive%\686e0dbcc97266786b -> [Folder | Modified Date = 4/5/2007 6:34:52 AM | Attr = ]
8bf7ac8b1d8c8f689a387388 -> %SystemDrive%\8bf7ac8b1d8c8f689a387388 -> [Folder | Modified Date = 4/5/2007 6:34:52 AM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 4/5/2007 6:21:20 AM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 4/5/2007 7:07:24 PM | Attr = ]
fcbc823b6a370499df830637f2 -> %SystemDrive%\fcbc823b6a370499df830637f2 -> [Folder | Modified Date = 4/4/2007 1:21:10 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 266407936 bytes | Modified Date = 4/5/2007 8:36:30 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/7/2007 8:18:36 AM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 3/30/2007 4:20:16 PM | Attr = HS]
Stranger_Than_Fiction -> %SystemDrive%\Stranger_Than_Fiction -> [Folder | Modified Date = 4/4/2007 1:21:10 PM | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 4/5/2007 8:41:50 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/5/2007 9:00:06 PM | Attr = ]
WINDOWSRegDefrag.dat -> %SystemRoot%RegDefrag.dat -> [Ver = | Size = 4 bytes | Modified Date = 4/5/2007 8:35:10 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/3/2007 5:12:48 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 4/4/2007 12:24:32 PM | Attr = ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 4/4/2007 1:22:02 PM | Attr = ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 4/5/2007 7:19:06 AM | Attr = ]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 4/5/2007 8:36:32 PM | Attr = S]
dellstat.ini -> %SystemRoot%\dellstat.ini -> [Ver = | Size = 543 bytes | Modified Date = 4/5/2007 4:25:00 PM | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 4/4/2007 1:18:56 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/5/2007 7:19:36 AM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 3/14/2007 4:46:10 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1891 bytes | Modified Date = 4/3/2007 6:37:06 PM | Attr = ]
INF -> %SystemRoot%\INF -> [Folder | Modified Date = 4/5/2007 6:28:06 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/5/2007 6:21:26 AM | Attr = HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 4/5/2007 9:00:06 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 4/4/2007 5:45:36 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/7/2007 8:21:04 AM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 4/4/2007 12:28:16 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 4/5/2007 7:25:50 AM | Attr = ]
SYSTEM32 -> %System32% -> [Folder | Modified Date = 4/5/2007 8:35:10 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/5/2007 5:02:58 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/7/2007 8:19:10 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/5/2007 8:36:38 PM | Attr = H ]
XoftSpy.job -> %SystemRoot%\tasks\XoftSpy.job -> [Ver = | Size = 304 bytes | Modified Date = 4/5/2007 5:02:58 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 4/5/2007 4:22:24 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 4/4/2007 12:38:12 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/5/2007 7:26:08 AM | Attr = ]
CONFIG -> %System32%\CONFIG -> [Folder | Modified Date = 4/5/2007 8:34:58 PM | Attr = ]
DLLCACHE -> %System32%\DLLCACHE -> [Folder | Modified Date = 4/4/2007 1:19:42 PM | Attr = RHS]
DRIVERS -> %System32%\DRIVERS -> [Folder | Modified Date = 4/5/2007 7:26:50 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 297256 bytes | Modified Date = 4/4/2007 12:29:16 PM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 4/5/2007 6:46:12 AM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 4/5/2007 4:21:46 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 4/5/2007 4:21:46 PM | Attr = ]
PERFC009.DAT -> %System32%\PERFC009.DAT -> [Ver = | Size = 63132 bytes | Modified Date = 4/4/2007 12:34:30 PM | Attr = ]
PERFH009.DAT -> %System32%\PERFH009.DAT -> [Ver = | Size = 402714 bytes | Modified Date = 4/4/2007 12:34:30 PM | Attr = ]
PerfStringBackup.TMP -> %System32%\PerfStringBackup.TMP -> [Ver = | Size = 3412 bytes | Modified Date = 4/4/2007 12:34:30 PM | Attr = ]
RO7F8B.bac -> %System32%\RO7F8B.bac -> [Ver = | Size = 61440 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
RO7F90.bac -> %System32%\RO7F90.bac -> [Ver = | Size = 21495808 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
RO7F93.bac -> %System32%\RO7F93.bac -> [Ver = | Size = 4980736 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
RO7F98.bac -> %System32%\RO7F98.bac -> [Ver = | Size = 684032 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
RO7F9B.bac -> %System32%\RO7F9B.bac -> [Ver = | Size = 24576 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
RO7FA0.bac -> %System32%\RO7FA0.bac -> [Ver = | Size = 663552 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
RO7FA8.bac -> %System32%\RO7FA8.bac -> [Ver = | Size = 663552 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
RO7FB0.bac -> %System32%\RO7FB0.bac -> [Ver = | Size = 4718592 bytes | Modified Date = 4/5/2007 8:35:32 PM | Attr = ]
RO7FB3.bac -> %System32%\RO7FB3.bac -> [Ver = | Size = 262144 bytes | Modified Date = 4/5/2007 6:58:08 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 4/5/2007 4:21:46 PM | Attr = ]
WBEM -> %System32%\WBEM -> [Folder | Modified Date = 4/5/2007 7:29:00 AM | Attr = ]
WPA.DBL -> %System32%\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 4/7/2007 8:18:22 AM | Attr = ]
AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.3.3 | Size = 77000 bytes | Modified Date = 3/15/2007 6:42:10 PM | Attr = ]
[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\DFRG.MSC -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
Thawte Consulting , USERTRUST , -> %System32%\RO7F90.bac -> [Ver = | Size = 21495808 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\RO7F98.bac -> [Ver = | Size = 684032 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\RO7FA0.bac -> [Ver = | Size = 663552 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\RO7FA8.bac -> [Ver = | Size = 663552 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
abetterinternet.com , web-nex , ad-w-a-r-e.com , USERTRUST , -> %System32%\RO7FB0.bac -> [Ver = | Size = 4718592 bytes | Modified Date = 4/5/2007 8:35:32 PM | Attr = ]
Thawte Consulting , USERTRUST , -> %System32%\ROD127.bac -> [Ver = | Size = 18612224 bytes | Modified Date = 7/28/2006 4:36:36 PM | Attr = ]
USERTRUST , -> %System32%\ROD147.bac -> [Ver = | Size = 3932160 bytes | Modified Date = 7/28/2006 4:36:06 PM | Attr = ]
winsync , -> %System32%\WBDBASE.DEU -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.0.42.0 | Size = 236576 bytes | Modified Date = 10/2/2003 6:36:22 PM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 1:41:38 AM | Attr = ]
< End of report >
Here we go / I redid the download on myacct and ran the scan
MGB
|
|
KotaGuy
Member
|
7. April 2007 @ 07:52 |
Link to this message
|
Nothing real serious in the WinPFind log.
Run and scan with HijackThis and place checks beside the following:
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm342YYUS
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug/...ransporter.cab?
I'd also fix place checks beside these as well...
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
You don't need those in IE's Trusted Zone. Any entries in IE's Trusted Zone gives that website full control over your computer to install anything it wants to.
Close all open browsers/windows and click the Fix button.
Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
Quote:
[File String Scan - Non-Microsoft Only]
NY -> abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\RO7F98.bac
NY -> abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\RO7FA0.bac
NY -> abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\RO7FA8.bac
NY -> abetterinternet.com , web-nex , ad-w-a-r-e.com , USERTRUST , -> %System32%\RO7FB0.bac
The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.
Post a new HijackThis log when done please.
|
Junior Member
|
7. April 2007 @ 09:09 |
Link to this message
|
OK all done, here is the new logfile
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:07:26 PM, on 4/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Support.com\BellSouth\hcenter.exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\PC Power Suite\adblock.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Melanie\My Documents\Megan Stuff PTP\HiJackThis_v2.0.0.0.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://localhost:2323
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Wallpaper Changer] wallpaper.exe -minimize
O4 - HKCU\..\Run: [L07AXLRD_2193406] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Ad and Popup Blocker] "C:\Program Files\PC Power Suite\adblock.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v48/pool/pool.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource...lscbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1168119499000
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: (no name) - http://webmaila.netzero.net/webmail/8?fo...967&attachId=13
O24 - Desktop Component 1: (no name) - file:///C:/Program%20Files/NetZero/qsacc/Help/img/broadband-guide.gif
O24 - Desktop Component 2: (no name) - http://www.bbfi-oceania.org/keefe/pagegraphics/koala1.jpg
O24 - Desktop Component 3: (no name) - http://www.bbfi-oceania.org/keefe/pagegraphics/koala2.jpg
--
End of file - 12919 bytes
MGB
|
|
KotaGuy
Member
|
7. April 2007 @ 10:39 |
Link to this message
|
|
You can fix these too... they're orphaned...
O2 - BHO: (no name) - SOFTWARE - (no file)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
OK... your issues aren't malware related. Most likely something with your ISP software or a profile corruption.
|
Junior Member
|
7. April 2007 @ 12:10 |
Link to this message
|
|
I fixed the others you noted
now what, should i uninstall my bellsouth program and reinstall it ?
Or do I need more help that I can accomplish with your help and instructions
I really do thank you for your help
MGB
|
Junior Member
|
7. April 2007 @ 12:14 |
Link to this message
|
|
oh yeh what is a profile corruption and how do tell?
MGB
|
|
Advertisement
|
|
|
|
KotaGuy
Member
|
7. April 2007 @ 18:01 |
Link to this message
|
|
You could try reinstalling your ISP software... see if that helps.
Your profile is is the settings/configurations for the account that you log in with.
You would need to create another account with the same priveledges(Admin) set it up the same as your current account then delete the corrupted one... if it is corrupted.
|
|
