1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Having Problems ??? Not sure where to start?!!

Discussion in 'Windows - Virus and spyware problems' started by melaniegb, Apr 4, 2007.

  1. melaniegb

    melaniegb Member

    Joined:
    Nov 3, 2005
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    16
    I am not sure where to begin?
    About one week ago I just suddenly was not able to access the internet(DSL). One day it was good, next day nada!
    Contacted my provider, determined after many things,for example going into safe mode , that it is not my connection with the provider. According to them it is my computer keeping me off!

    Their recommendations was to delete all of my security programs such as adaware, spybot, and even my norton which had expired and turn my windows firewall off and see if that makes a difference. Did It and NOOOO it did not make a difference. Now I am afraid that I am really gonna screw it up by trying to figure it out myself.
    at the time I had my guest account turned off and only using the administrator account, I have since turned the guest on and when I log on to it I can access the Internet with no problems.
    This has been going on for about 1 week.

    Now as of yesterday my computer will just turn off with no reason??
    I was in the middle of using CloneDVD and with no warning it turned off and restarted on its own??

    I have not done any scans , I have deleted them all and with no access to the internet on administrator where it seems that I have the problem I was not sure if by doing them on guest if it would be accurate??

    Please help or I am going to have to call in a professional or something.
    I feel sure that I have a virus or something bad?
    thanks for any help!!
     
  2. Waymon3X6

    Waymon3X6 Regular member

    Joined:
    Mar 9, 2006
    Messages:
    2,193
    Likes Received:
    0
    Trophy Points:
    46
    Hello, you probably have some sort of trojan... You absolutly need to download HijackThis, run it and then post your log in here.

    You mentioned that you had Spybot, but do you have CCleaner and Ad-Aware Se Personal too? What kind of firewall are you running, if any? I would highly recamend Mcafee, but that's once you get your problem solved.

    In the mean time, please download HijackThis for whatever computer you can get online with, and transfer it to the infected one. Then run it, and post your log in your next post. Thanks!
     
  3. melaniegb

    melaniegb Member

    Joined:
    Nov 3, 2005
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    16
    Hey thanks for the help I will do this as soon as I can
    Im at work right now / will do as soon as i get home
    This is worrying me bad
    I did leave a panda scan running this am when I left the house . Do you think that will help?
    It had already found quiet a bit of spyware before I left.
     
  4. melaniegb

    melaniegb Member

    Joined:
    Nov 3, 2005
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    16
    Oh my , I think I have done this right!?

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 4:27:19 PM, on 4/5/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Support.com\BellSouth\hcenter.exe
    C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
    C:\Program Files\PC Power Suite\adblock.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Melanie\Local Settings\Temporary Internet Files\Content.IE5\7UWN79WH\HiJackThis_v2.0.0.0[1].exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://localhost:2323
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
    O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
    O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Wallpaper Changer] wallpaper.exe -minimize
    O4 - HKCU\..\Run: [L07AXLRD_2193406] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [Ad and Popup Blocker] "C:\Program Files\PC Power Suite\adblock.exe"
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKUS\S-1-5-21-1904059037-1350700745-461619664-1016\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User '?')
    O4 - HKUS\S-1-5-21-1904059037-1350700745-461619664-1016\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-1904059037-1350700745-461619664-1016\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Event Reminder.lnk = ?
    O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm342YYUS
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v48/pool/pool.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168119499000
    O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O24 - Desktop Component 0: (no name) - http://webmaila.netzero.net/webmail/8?folder=Inbox&msgNum=000002W0&count=1146418967&attachId=13
    O24 - Desktop Component 1: (no name) - file:///C:/Program%20Files/NetZero/qsacc/Help/img/broadband-guide.gif
    O24 - Desktop Component 2: (no name) - http://www.bbfi-oceania.org/keefe/pagegraphics/koala1.jpg
    O24 - Desktop Component 3: (no name) - http://www.bbfi-oceania.org/keefe/pagegraphics/koala2.jpg

    --
    End of file - 13654 bytes
    Looking forward to hearing from you

    by the way the panda scan found 47 spywares, but did not fix because internet time expired
    will try again if need be.
     
  5. The_Fiend

    The_Fiend Guest

    Log into your system in safe mode *press F8 while your system boots up* then run another spybot scan, redownload HijackThis, rename it, then run it as usual, and post another log.
     
    Last edited by a moderator: Apr 5, 2007
  6. melaniegb

    melaniegb Member

    Joined:
    Nov 3, 2005
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    16
    ok i tried:(
    only was able to run spybot , which did not find anything
    when i try to get on internet to redownload and do the other stuff my computer locks up, cursor won't move can do anything but turn the stupid thing off and start over
    Does the first log i posted look bad?
     
  7. The_Fiend

    The_Fiend Guest

    Well, i can't really say, i don't see any malware that i know.
    But the system crashing is always a bad sign.
    I think your best bet is asking Kotaguy to check your logs, and see if he sees anything, or has some suggestions, tools wise.
     
  8. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    I don't think this is a malware issue.

    Do the problems only happen when logged into your account and not the guest account?
     
  9. melaniegb

    melaniegb Member

    Joined:
    Nov 3, 2005
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    16
    Yes
    I did a system restore also on Wed, did change anything as far as my internet!

    When I am in guest I can go straight to the internet as normal no problems pulls right up, even go to my email!?

    On my user name it will pull up a distorted homepage, I can enter an address and navigate but when I try my email it show an error and says it cannot be found. It only locked up on me when I was trying to re-do those things in safe mode.

    I have ran spybot , found a few things that it fixed
    i ran ad-aware it found a few things and they fixed okay
    I am about to give up and let someone else look at it because I m afraid I have messed something up trying to fix my internet?:(
    Do you thing it is my internet setup that is corrupted?
    If I uninstall my service(Bellsouth) and reinstall do you think that might help
    I seems that it is all revolving around that to me
    I can't even pull up their help center anymore?
     
  10. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Could possibly be some corruption in your ISP software. May also be some corruption in your account profile.

    Though I don't think its malware related... I would like to rule that out for sure.

    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

    [*]Close ALL OTHER PROGRAMS.
    [*]Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    [*]Now click the Run Scan button on the toolbar.
    [*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    [*]When the scan is complete Notepad will open with the report file loaded in it.
    [*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

    Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
     
  11. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    What about the LSP?
     
  12. janrocks

    janrocks Guest

    My check through agrees with Kota..

    O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe

    It seems that the name of this program is the same as the name of the file. In the most cases this is the result of trojans. To be sure, you should check this file.

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm342YYUS

    The entry &Search has been identified as nasty.

    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug/...ransporter.cab?

    Should be fixed. This entry is possibly nasty.

    And one that for some reason I don't like the look of, even though the HJT scanner I use hasn't done more than put a caution against it..

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
     
  13. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Just out of interest, what HjT scanner do you use?
     
  14. melaniegb

    melaniegb Member

    Joined:
    Nov 3, 2005
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    16
    UPX!
    FSG!
    PEC2
    PECompact2
    Umonitor
    qoologic
    aspack
    PTech
    urllogic
    ad-beh
    ad-behNior.com
    sYVLLSAKY
    _rtneg3
    SAHAgent
    buddy.exe
    ZepMon
    aurora.exe
    ;2x(V]@BMD
    Tlji7Mk
    urllogic
    KavSvc
    69.59.186.63
    209.66.67.134
    66.63.167.97
    66.63.167.77
    abetterinternet.com
    8B!7F\(T
    testpopup
    web-nex
    yourkey
    winsync
    rec2_run
    WinShutDown
    ad-w-a-r-e.com
    WSUD
    Call (RPC) Help
    lightspeedsarch
    NIWU.UWIN
    UpackByDwing
    MZKERNEL32.DLL
    UPX0
    nspack$
    Win32 only!
    Thawte Consulting
    USERTRUST
    CNNIC



    not sure if this is what you wanted?
     
  15. melaniegb

    melaniegb Member

    Joined:
    Nov 3, 2005
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    16
    to fredil
    obviously not the right one
    I used spybot ad-aware and windows?
    i let my nortin expire?:(
     
  16. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    hehe... I was talking to janrocks :)
     
  17. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    No melanie... you've posted the strings file that WinPFind looks for when scanning.

    The log I'd like you to post looks like the one in this link...

    http://forums.afterdawn.com/thread_jump.cfm/489205/2963444

    After the scan was finished Notepad should have opened up with the log that you were to copy/paste into your reply.

    @janrocks - The 04 is legit...

    http://www.castlecops.com/s13957-BellSouthAlertManager_exe.html

    As is the 09...

    http://www.castlecops.com/o9list-4.html

    The 08 and 016 do need to be fixed and I was going to instruct melanie to fix them... just wanted a deeper look inside her system to rule out anything HijackThis wouldn't normally show. Though HijackThis is a good tool to get a basic look at what is affecting a system... it doesn't enumerate a lot of infection vectors.
     
  18. melaniegb

    melaniegb Member

    Joined:
    Nov 3, 2005
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    16
    ok hope i did mess up

    when i went back to re-do what you asked and run the scan again a box popped up and said

    access violation at address 004A7647 in module 'WinPFind3U.exe'. Read of address FFFFFFFF.

    will not run scan ?

    I am using my guest acct
    should I delete the download and re do it again on my acct since that is where my problem seems to be?

    To Fredil OOPS I didn't realize U wasn't talking to me!
    Thanks U guys for the help, I really appreciate your time in helping me!
     
  19. melaniegb

    melaniegb Member

    Joined:
    Nov 3, 2005
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    16
    WinPFind3 logfile created on: 4/7/2007 8:21:24 AM
    WinPFind3U by OldTimer - Version 1.0.33 Folder = C:\Documents and Settings\Melanie\Desktop\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 6.0.2900.2180)

    254.00 Mb Total Physical Memory | 60.12 Mb Available Physical Memory | 23.67% Memory free
    625.06 Mb Paging File | 396.49 Mb Available in Paging File | 63.43% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.21 Gb Total Space | 10.82 Gb Free Space | 29.08% Space Free
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded

    Computer Name: D5T6Q351
    Current User Name: Melanie
    Logged in as Administrator.
    Current Boot Mode: Normal


    [Processes - Non-Microsoft Only]
    adblock.exe -> %ProgramFiles%\PC Power Suite\adblock.exe -> [Ver = 1, 0, 1, 1 | Size = 433152 bytes | Modified Date = 5/13/2005 8:21:00 PM | Attr = ]
    anydvd.exe -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVD.exe -> SlySoft, Inc. [Ver = 6.1.3.3 | Size = 363365 bytes | Modified Date = 3/21/2007 10:04:24 AM | Attr = ]
    bellsouthalertmanager.exe -> %ProgramFiles%\BellSouth\Alert Manager\BellSouthAlertManager.exe -> BellSouth [Ver = 1.3.20.1229 | Size = 1896448 bytes | Modified Date = 1/10/2006 5:56:58 PM | Attr = ]
    ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 192112 bytes | Modified Date = 10/6/2005 2:25:16 PM | Attr = ]
    ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 169584 bytes | Modified Date = 10/6/2005 2:25:20 PM | Attr = ]
    djsnetcn.exe -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.0.0.84 | Size = 54928 bytes | Modified Date = 10/6/2005 2:25:40 PM | Attr = ]
    dlbkbmgr.exe -> %ProgramFiles%\Dell AIO Printer A920\dlbkbmgr.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 270336 bytes | Modified Date = 5/2/2003 7:46:04 PM | Attr = ]
    dlbkbmon.exe -> %ProgramFiles%\Dell AIO Printer A920\dlbkbmon.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 53248 bytes | Modified Date = 5/2/2003 8:06:44 PM | Attr = ]
    dsagnt.exe -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 0, 73 | Size = 306688 bytes | Modified Date = 7/19/2004 8:51:24 AM | Attr = ]
    hcenter.exe -> %ProgramFiles%\Support.com\BellSouth\hcenter.exe -> BellSouth [Ver = 6,1,35,0 | Size = 1277952 bytes | Modified Date = 8/31/2005 3:14:52 PM | Attr = ]
    hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 4/7/2003 1:07:38 AM | Attr = ]
    intelmem.exe -> %ProgramFiles%\Intel\Modem Event Monitor\IntelMEM.exe -> Intel Corporation [Ver = 0, 1, 0, 10 | Size = 221184 bytes | Modified Date = 9/3/2003 9:12:44 PM | Attr = ]
    isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 5:40:32 AM | Attr = ]
    lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 5/2/2003 7:44:48 PM | Attr = ]
    lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 174592 bytes | Modified Date = 5/2/2003 7:42:06 PM | Attr = ]
    mm_tray.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 9.00.2063 | Size = 131072 bytes | Modified Date = 10/7/2004 7:49:36 PM | Attr = ]
    mmtask.exe -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 10/7/2004 7:49:36 PM | Attr = ]
    navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.1.0.20 | Size = 139936 bytes | Modified Date = 12/8/2005 2:21:32 AM | Attr = ]
    npfmntor.exe -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.1.0.20 | Size = 46752 bytes | Modified Date = 12/8/2005 2:21:56 AM | Attr = ]
    pcmservice.exe -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 8:47:34 PM | Attr = ]
    phleautorun.exe -> %ProgramFiles%\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1.10L09.0057 | Size = 57344 bytes | Modified Date = 11/14/2005 12:25:02 PM | Attr = ]
    realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 6/23/2004 12:49:30 AM | Attr = ]
    sgtray.exe -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 2:01:00 AM | Attr = ]
    sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.0.99 | Size = 214672 bytes | Modified Date = 10/6/2005 2:24:30 PM | Attr = ]
    symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 12/24/2005 10:43:50 PM | Attr = ]
    symwsc.exe -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 5:59:50 PM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.33.0 | Size = 318464 bytes | Modified Date = 4/2/2007 10:01:54 PM | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 192112 bytes | Modified Date = 10/6/2005 2:25:16 PM | Attr = ]
    (ccProxy) Symantec Network Proxy [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 2.1.6.3 | Size = 218736 bytes | Modified Date = 2/28/2005 4:56:32 PM | Attr = ]
    (ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 103.0.4.3 | Size = 79472 bytes | Modified Date = 3/23/2005 3:34:48 PM | Attr = ]
    (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 169584 bytes | Modified Date = 10/6/2005 2:25:20 PM | Attr = ]
    (DJSNETCN) Symantec Licensing Detect Internet Connection [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.0.0.84 | Size = 54928 bytes | Modified Date = 10/6/2005 2:25:40 PM | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ]
    (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 5/2/2003 7:44:48 PM | Attr = ]
    (navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.1.0.20 | Size = 139936 bytes | Modified Date = 12/8/2005 2:21:32 AM | Attr = ]
    (NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.1.0.20 | Size = 46752 bytes | Modified Date = 12/8/2005 2:21:56 AM | Attr = ]
    (NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.3.2 | Size = 749744 bytes | Modified Date = 12/19/2005 12:45:14 PM | Attr = ]
    (SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 10/6/2005 2:26:44 PM | Attr = ]
    (SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.0.99 | Size = 214672 bytes | Modified Date = 10/6/2005 2:24:30 PM | Attr = ]
    (SPBBCSvc) Symantec SPBBCSvc [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2,0,0,73 | Size = 1160800 bytes | Modified Date = 10/6/2005 2:24:34 PM | Attr = ]
    (Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.762 | Size = 1119888 bytes | Modified Date = 12/24/2005 10:43:50 PM | Attr = ]
    (SymWSC) SymWMI Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 5:59:50 PM | Attr = ]

    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    BellSouthAlertManager.exe -> %ProgramFiles%\BellSouth\Alert Manager\BellSouthAlertManager.exe -> BellSouth [Ver = 1.3.20.1229 | Size = 1896448 bytes | Modified Date = 1/10/2006 5:56:58 PM | Attr = ]
    ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 52848 bytes | Modified Date = 10/6/2005 2:25:14 PM | Attr = ]
    Dell AIO Printer A920 -> %ProgramFiles%\Dell AIO Printer A920\dlbkbmgr.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 270336 bytes | Modified Date = 5/2/2003 7:46:04 PM | Attr = ]
    HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 4/7/2003 1:07:38 AM | Attr = ]
    IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 155648 bytes | Modified Date = 4/7/2003 1:19:52 AM | Attr = ]
    IntelMeM -> %ProgramFiles%\Intel\Modem Event Monitor\IntelMEM.exe -> Intel Corporation [Ver = 0, 1, 0, 10 | Size = 221184 bytes | Modified Date = 9/3/2003 9:12:44 PM | Attr = ]
    mmtask -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 10/7/2004 7:49:36 PM | Attr = ]
    MMTray -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 9.00.2063 | Size = 131072 bytes | Modified Date = 10/7/2004 7:49:36 PM | Attr = ]
    NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
    PCMService -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 8:47:34 PM | Attr = ]
    QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.3 | Size = 77824 bytes | Modified Date = 6/23/2004 12:49:52 AM | Attr = ]
    RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 6/23/2004 12:49:30 AM | Attr = ]
    Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 6.0.0.99 | Size = 99984 bytes | Modified Date = 12/24/2005 10:45:42 PM | Attr = ]
    tgcmd -> %ProgramFiles%\Support.com\BellSouth\hcenter.exe -> BellSouth [Ver = 6,1,35,0 | Size = 1277952 bytes | Modified Date = 8/31/2005 3:14:52 PM | Attr = ]
    UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 2:01:00 AM | Attr = ]
    URLLSTCK.exe -> %ProgramFiles%\Norton Internet Security\URLLSTCK.EXE -> Symantec Corporation [Ver = 7.0.3.8 | Size = 70800 bytes | Modified Date = 12/11/2003 8:35:18 PM | Attr = ]
    < RunServices [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    DJSNetCN -> %CommonProgramFiles%\Symantec Shared\DJSNETCN.exe -> Symantec Corporation [Ver = 6.0.0.84 | Size = 54928 bytes | Modified Date = 10/6/2005 2:25:40 PM | Attr = ]
    < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Ad and Popup Blocker -> %ProgramFiles%\PC Power Suite\adblock.exe -> [Ver = 1, 0, 1, 1 | Size = 433152 bytes | Modified Date = 5/13/2005 8:21:00 PM | Attr = ]
    AnyDVD -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVD.exe -> SlySoft, Inc. [Ver = 6.1.3.3 | Size = 363365 bytes | Modified Date = 3/21/2007 10:04:24 AM | Attr = ]
    DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 1, 1, 0, 73 | Size = 306688 bytes | Modified Date = 7/19/2004 8:51:24 AM | Attr = ]
    ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 6, 0, 100, 54472 | Size = 218032 bytes | Modified Date = 9/11/2006 5:40:32 AM | Attr = ]
    MoneyAgent -> %ProgramFiles%\Microsoft Money\System\MNYEXPR.EXE -> Microsoft Corp. [Ver = 12.00.0613 | Size = 200704 bytes | Modified Date = 6/18/2003 1:00:00 PM | Attr = ]
    NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe -> Ahead Software AG [Ver = 1, 2, 0, 24 | Size = 1871872 bytes | Modified Date = 8/25/2004 5:28:20 PM | Attr = ]
    Wallpaper Changer -> wallpaper.exe -> File not found
    < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/13/2004 3:44:06 PM | Attr = ]
    %AllUsersStartup%\Event Reminder.lnk -> %ProgramFiles%\Broderbund\Broderbund Party and Crafts Creator\pmremind.exe -> Broderbund Properties LLC [Ver = 4, 1, 0, 1061 | Size = 331776 bytes | Modified Date = 2/28/2002 10:19:20 PM | Attr = ]
    %AllUsersStartup%\LUMIX Simple Viewer.lnk -> %ProgramFiles%\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1.10L09.0057 | Size = 57344 bytes | Modified Date = 11/14/2005 12:25:02 PM | Attr = ]
    < User Startup > -> C:\Documents and Settings\Melanie\Start Menu\Programs\Startup
    %UserStartup%\Event Reminder.lnk -> %SystemDrive%\pmw\PMREMIND.EXE -> [Ver = 1, 0, 0, 1 | Size = 255408 bytes | Modified Date = 2/24/1998 12:02:42 PM | Attr = ]
    < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
    < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2104 | Size = 315392 bytes | Modified Date = 4/7/2003 1:06:48 AM | Attr = ]
    < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
    127.0.0.1 localhost -> ->
    < Internet Explorer Settings > ->
    HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Local Page -> C:\WINDOWS\system32\blank.htm ->
    HKLM: Search Bar -> ->
    HKLM: Search Page -> http://my.netzero.net/s/search?r=minisearch ->
    HKLM: Start Page -> http://home.bellsouth.net/ ->
    HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKLM: SearchAssistant -> about:blank ->
    HKCU: Default_Page_URL -> http://www.dell4me.com/myway ->
    HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
    HKCU: Search Bar -> about:blank ->
    HKCU: Search Page -> http://my.netzero.net/s/search?r=minisearch ->
    HKCU: Start Page -> http://home.bellsouth.net/ ->
    HKCU: ProxyEnable -> 1 ->
    < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    msn.com [ - ] -> ->
    musicmatch.com [*] -> ->
    < Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    musicmatch.com [*] -> ->
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/13/2004 12:56:50 PM | Attr = ]
    {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKLM] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 5:57:20 PM | Attr = ]
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 2:04:00 AM | Attr = ]
    {9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKLM] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> Symantec Corporation [Ver = 7.0.1.11 | Size = 126976 bytes | Modified Date = 11/21/2003 5:04:52 PM | Attr = ]
    {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 12.1.0.20 | Size = 140960 bytes | Modified Date = 12/8/2005 2:21:48 AM | Attr = ]
    SOFTWARE [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
    {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} [HKLM] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Web assistant] -> Symantec Corporation [Ver = 7.0.1.11 | Size = 126976 bytes | Modified Date = 11/21/2003 5:04:52 PM | Attr = ]
    {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKLM] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 5:57:20 PM | Attr = ]
    {C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.1.0.20 | Size = 140960 bytes | Modified Date = 12/8/2005 2:21:48 AM | Attr = ]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ]
    {F5735C15-1FB2-41FE-BA12-242757E69DDE} [HKLM] -> %ProgramFiles%\NetZero\toolbar.dll [ZeroBar] -> File not found
    < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
    ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Web assistant] -> Symantec Corporation [Ver = 7.0.1.11 | Size = 126976 bytes | Modified Date = 11/21/2003 5:04:52 PM | Attr = ]
    WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    WebBrowser\\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKLM] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 5:57:20 PM | Attr = ]
    WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ]
    WebBrowser\\{F5735C15-1FB2-41FE-BA12-242757E69DDE} [HKLM] -> %ProgramFiles%\NetZero\toolbar.dll [ZeroBar] -> File not found
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found
    {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -> Reg Data - Value does not exist [ButtonText: Encarta Search Bar] -> File not found
    {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
    {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
    < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
    &AIM Search -> Reg Data - Value does not exist -> File not found
    &Search -> http:\bar.mywebsearch.com\menusearch.htm -> File not found
    Display All Images with Full Quality -> -> File not found
    Display Image with Full Quality -> -> File not found
    < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
    SV1 -> ->
    < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
    {D95FE6A6-D042-4529-A798-6B0D6D57B8F0} -> (Broadcom 440x 10/100 Integrated Controller) ->
    < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
    ipp -> Reg Data - Key not found -> File not found
    msdaipp -> Reg Data - Key not found -> File not found
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
    {00000161-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.microsoft.com/codecs/i386/msaud.cab ->
    {02BCC737-B171-4746-94C9-0D8A0B2C0089} -> Microsoft Office Template and Media Control - CodeBase = http://office.microsoft.com/templates/ieawsdc.cab ->
    {17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
    {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> - CodeBase = http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab? ->
    {31E68DE2-5548-4B23-88F0-C51E6A0F695E} -> Microsoft PID Sniffer - CodeBase = https://support.microsoft.com/OAS/ActiveX/odc.cab ->
    {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} -> Pool Control - CodeBase = http://www.worldwinner.com/games/v48/pool/pool.cab ->
    {5ED80217-570B-4DA9-BF44-BE107C0EC166} -> Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab ->
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168119499000 ->
    {74C861A1-D548-4916-BC8A-FDE92EDFF62C} -> - CodeBase = http://mediaplayer.walmart.com/installer/install.cab ->
    {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> Wwlaunch Control - CodeBase = http://www.worldwinner.com/games/shared/wwlaunch.cab ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab ->
    {94299420-321F-4FF9-A247-62A23EBB640B} -> WordMojo Control - CodeBase = http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab ->
    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
    {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -> Paint Control - CodeBase = http://www.worldwinner.com/games/v42/paint/paint.cab ->
    {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->


    [Files/Folders - Created Within 30 days]
    Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 4/4/2007 12:20:28 PM | Attr = ]
    fcbc823b6a370499df830637f2 -> %SystemDrive%\fcbc823b6a370499df830637f2 -> [Folder | Created Date = 4/4/2007 12:21:09 PM | Attr = ]
    hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 266407936 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
    Stranger_Than_Fiction -> %SystemDrive%\Stranger_Than_Fiction -> [Folder | Created Date = 4/4/2007 12:21:09 PM | Attr = ]
    $NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 4/4/2007 2:01:09 AM | Attr = ]
    $NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 3/14/2007 2:02:40 AM | Attr = ]
    XoftSpy.job -> %SystemRoot%\tasks\XoftSpy.job -> [Ver = | Size = 304 bytes | Created Date = 4/5/2007 4:02:56 PM | Attr = ]
    ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 4/4/2007 11:25:32 AM | Attr = ]
    Bc450rtl.dll -> %System32%\Bc450rtl.dll -> Borland International [Ver = 1.5 | Size = 220672 bytes | Created Date = 2/15/2021 8:56:14 AM | Attr = ]
    PerfStringBackup.TMP -> %System32%\PerfStringBackup.TMP -> [Ver = | Size = 3412 bytes | Created Date = 4/4/2007 11:34:22 AM | Attr = ]
    SymNeti.dll -> %System32%\SymNeti.dll -> Symantec Corporation [Ver = 6.0.0.99 | Size = 534160 bytes | Created Date = 3/26/2007 5:10:48 PM | Attr = ]
    AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.3.3 | Size = 77000 bytes | Created Date = 3/15/2007 5:42:09 PM | Attr = ]

    [Files/Folders - Modified Within 30 days]
    686e0dbcc97266786b -> %SystemDrive%\686e0dbcc97266786b -> [Folder | Modified Date = 4/5/2007 6:34:52 AM | Attr = ]
    8bf7ac8b1d8c8f689a387388 -> %SystemDrive%\8bf7ac8b1d8c8f689a387388 -> [Folder | Modified Date = 4/5/2007 6:34:52 AM | Attr = ]
    Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 4/5/2007 6:21:20 AM | Attr = ]
    Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 4/5/2007 7:07:24 PM | Attr = ]
    fcbc823b6a370499df830637f2 -> %SystemDrive%\fcbc823b6a370499df830637f2 -> [Folder | Modified Date = 4/4/2007 1:21:10 PM | Attr = ]
    hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 266407936 bytes | Modified Date = 4/5/2007 8:36:30 PM | Attr = HS]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/7/2007 8:18:36 AM | Attr = ]
    RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 3/30/2007 4:20:16 PM | Attr = HS]
    Stranger_Than_Fiction -> %SystemDrive%\Stranger_Than_Fiction -> [Folder | Modified Date = 4/4/2007 1:21:10 PM | Attr = ]
    Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 4/5/2007 8:41:50 PM | Attr = ]
    WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/5/2007 9:00:06 PM | Attr = ]
    WINDOWSRegDefrag.dat -> %SystemRoot%RegDefrag.dat -> [Ver = | Size = 4 bytes | Modified Date = 4/5/2007 8:35:10 PM | Attr = ]
    $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/3/2007 5:12:48 PM | Attr = H ]
    $NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 4/4/2007 12:24:32 PM | Attr = ]
    $NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 4/4/2007 1:22:02 PM | Attr = ]
    AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 4/5/2007 7:19:06 AM | Attr = ]
    BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 4/5/2007 8:36:32 PM | Attr = S]
    dellstat.ini -> %SystemRoot%\dellstat.ini -> [Ver = | Size = 543 bytes | Modified Date = 4/5/2007 4:25:00 PM | Attr = ]
    Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 4/4/2007 1:18:56 PM | Attr = ]
    Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/5/2007 7:19:36 AM | Attr = S]
    Help -> %SystemRoot%\Help -> [Folder | Modified Date = 3/14/2007 4:46:10 PM | Attr = ]
    imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1891 bytes | Modified Date = 4/3/2007 6:37:06 PM | Attr = ]
    INF -> %SystemRoot%\INF -> [Folder | Modified Date = 4/5/2007 6:28:06 AM | Attr = H ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/5/2007 6:21:26 AM | Attr = HS]
    NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 4/5/2007 9:00:06 PM | Attr = ]
    network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 4/4/2007 5:45:36 PM | Attr = ]
    Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/7/2007 8:21:04 AM | Attr = ]
    Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 4/4/2007 12:28:16 PM | Attr = ]
    SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 4/5/2007 7:25:50 AM | Attr = ]
    SYSTEM32 -> %System32% -> [Folder | Modified Date = 4/5/2007 8:35:10 PM | Attr = ]
    Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/5/2007 5:02:58 PM | Attr = S]
    Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/7/2007 8:19:10 AM | Attr = ]
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/5/2007 8:36:38 PM | Attr = H ]
    XoftSpy.job -> %SystemRoot%\tasks\XoftSpy.job -> [Ver = | Size = 304 bytes | Modified Date = 4/5/2007 5:02:58 PM | Attr = ]
    ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 4/5/2007 4:22:24 PM | Attr = ]
    CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 4/4/2007 12:38:12 PM | Attr = ]
    CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 4/5/2007 7:26:08 AM | Attr = ]
    CONFIG -> %System32%\CONFIG -> [Folder | Modified Date = 4/5/2007 8:34:58 PM | Attr = ]
    DLLCACHE -> %System32%\DLLCACHE -> [Folder | Modified Date = 4/4/2007 1:19:42 PM | Attr = RHS]
    DRIVERS -> %System32%\DRIVERS -> [Folder | Modified Date = 4/5/2007 7:26:50 AM | Attr = ]
    FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 297256 bytes | Modified Date = 4/4/2007 12:29:16 PM | Attr = ]
    FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 4/5/2007 6:46:12 AM | Attr = ]
    Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 4/5/2007 4:21:46 PM | Attr = ]
    pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 4/5/2007 4:21:46 PM | Attr = ]
    PERFC009.DAT -> %System32%\PERFC009.DAT -> [Ver = | Size = 63132 bytes | Modified Date = 4/4/2007 12:34:30 PM | Attr = ]
    PERFH009.DAT -> %System32%\PERFH009.DAT -> [Ver = | Size = 402714 bytes | Modified Date = 4/4/2007 12:34:30 PM | Attr = ]
    PerfStringBackup.TMP -> %System32%\PerfStringBackup.TMP -> [Ver = | Size = 3412 bytes | Modified Date = 4/4/2007 12:34:30 PM | Attr = ]
    RO7F8B.bac -> %System32%\RO7F8B.bac -> [Ver = | Size = 61440 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
    RO7F90.bac -> %System32%\RO7F90.bac -> [Ver = | Size = 21495808 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
    RO7F93.bac -> %System32%\RO7F93.bac -> [Ver = | Size = 4980736 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
    RO7F98.bac -> %System32%\RO7F98.bac -> [Ver = | Size = 684032 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
    RO7F9B.bac -> %System32%\RO7F9B.bac -> [Ver = | Size = 24576 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
    RO7FA0.bac -> %System32%\RO7FA0.bac -> [Ver = | Size = 663552 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
    RO7FA8.bac -> %System32%\RO7FA8.bac -> [Ver = | Size = 663552 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
    RO7FB0.bac -> %System32%\RO7FB0.bac -> [Ver = | Size = 4718592 bytes | Modified Date = 4/5/2007 8:35:32 PM | Attr = ]
    RO7FB3.bac -> %System32%\RO7FB3.bac -> [Ver = | Size = 262144 bytes | Modified Date = 4/5/2007 6:58:08 PM | Attr = ]
    Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 4/5/2007 4:21:46 PM | Attr = ]
    WBEM -> %System32%\WBEM -> [Folder | Modified Date = 4/5/2007 7:29:00 AM | Attr = ]
    WPA.DBL -> %System32%\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 4/7/2007 8:18:22 AM | Attr = ]
    AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.3.3 | Size = 77000 bytes | Modified Date = 3/15/2007 6:42:10 PM | Attr = ]

    [File String Scan - Non-Microsoft Only]
    PEC2 , -> %System32%\DFRG.MSC -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
    Thawte Consulting , USERTRUST , -> %System32%\RO7F90.bac -> [Ver = | Size = 21495808 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
    abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\RO7F98.bac -> [Ver = | Size = 684032 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
    abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\RO7FA0.bac -> [Ver = | Size = 663552 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
    abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\RO7FA8.bac -> [Ver = | Size = 663552 bytes | Modified Date = 4/5/2007 8:36:00 PM | Attr = ]
    abetterinternet.com , web-nex , ad-w-a-r-e.com , USERTRUST , -> %System32%\RO7FB0.bac -> [Ver = | Size = 4718592 bytes | Modified Date = 4/5/2007 8:35:32 PM | Attr = ]
    Thawte Consulting , USERTRUST , -> %System32%\ROD127.bac -> [Ver = | Size = 18612224 bytes | Modified Date = 7/28/2006 4:36:36 PM | Attr = ]
    USERTRUST , -> %System32%\ROD147.bac -> [Ver = | Size = 3932160 bytes | Modified Date = 7/28/2006 4:36:06 PM | Attr = ]
    winsync , -> %System32%\WBDBASE.DEU -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ]
    Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 1.0.42.0 | Size = 236576 bytes | Modified Date = 10/2/2003 6:36:22 PM | Attr = ]
    PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/4/2004 1:41:38 AM | Attr = ]

    < End of report >
    Here we go / I redid the download on myacct and ran the scan
     
  20. KotaGuy

    KotaGuy Regular member

    Joined:
    Feb 14, 2007
    Messages:
    485
    Likes Received:
    0
    Trophy Points:
    26
    Nothing real serious in the WinPFind log.

    Run and scan with HijackThis and place checks beside the following:

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm342YYUS
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug/...ransporter.cab?


    I'd also fix place checks beside these as well...

    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)


    You don't need those in IE's Trusted Zone. Any entries in IE's Trusted Zone gives that website full control over your computer to install anything it wants to.

    Close all open browsers/windows and click the Fix button.

    Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

    The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

    Post a new HijackThis log when done please.
     

Share This Page