Is anyone familiar with a new program called True Sword

C

countrygirllyndafox

Joined
May 21, 2006
Messages
20
Reaction score
0
I would sure appreciate it if someone would tell me if they have any experience with anti-spyware and Trojan remover called TrueSword. Have used all ones suggested and still have about blank on my computer.
Thanks for your excellent help .
Lynda
 
From what I can see TrueSword is one to avoid:
TrueSword is a rogue anti-spyware application that has ridiculous false positives that may goad the user to purchase the full program
Click to expand...
About-blank is a notoriously difficult to remove.

Install, update and run Adaware/Spybot S&D/Windows Defender (available HERE) all in Safe Mode, then post your HijackThis log to have a look at :thumb:
 
Last edited:
Is Anyone Familiar With a new program called TrueSword

Logfile of HijackThis v1.99.1
Scan saved at 12:16:36 AM, on 6/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\DEFEND~2\DEFEND~3\PopUpKiller.exe
 
Is anyone familiar with a new program called TrueSword

Thanks for your help, I did what you said about running Spybot S&D and Adaware in safe mode. Have Defender Pro 5-in-one for anti virus and anti spyware also. Was afraid to use Defender until I checked with you again, so I have not done that yet. Appreciate your guidance. I am sending a HJT to you and will await your help. Thanks again
countrygirllyndafoxLogfile of HijackThis v1.99.1
Scan saved at 12:16:36 AM, on 6/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\DEFEND~2\DEFEND~3\PopUpKiller.exe
 
It won't do any harm to run Defender in Safe Mode as well, re-boot then please post the FULL HijackThis log - you appear to have missed a bit ;)

Can you also let me know if after running these whether you still have about-blank showing on your system.
 
Is anyone familiar with a program called TrueSword

Sorry, about the Hijack This file, I am resending it. I have not seen the about blank in my task bar since but I really don't know for sure that it is not here. There was a Cool Web Search, and AdCom in the Spybot search. I think that whatever problem I have might be coming from Yahoo as I see it often after I have checked my mail there. I appreciate your help very much.
countrygirllyndafoxLogfile of HijackThis v1.99.1
Scan saved at 1:05:36 AM, on 6/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\DEFEND~2\DEFEND~3\PopUpKiller.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tnets.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.alltheweb.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tnets.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.alltheweb.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tnets.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mw-proxy:80
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~2\DEFEND~3\PopUp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~2\DEFEND~3\PopUpKiller.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/04c241de522875f13921/netzip/RdxIE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135301558562
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAB8C1CC-6C6B-4D1D-AE99-BE00A8DDB567}: NameServer = 207.65.4.25 216.153.94.101
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
 
Is anyone familiar with a program called TrueSword

I just signed in toYahoo mail and when I logged out, I saw the about blank thing again, Just wanted to let you know. Thanks again
countrygirllyndafox
 
OK - please firstly go to add/remove programs and see if Search Assistant is there, likewise Yahoo toolbar.

Delete both - reboot then re-post your HijackThis log.
 
Is anyone familiar with a new program called TrueSword

Thanks so much for helping me. I looked for Search Assistant and it wasn't there as such. I removed the Yahoo Toolbar though. I am sending my HJT log again.
Thanks again
countrygirllyndafox
Logfile of HijackThis v1.99.1
Scan saved at 2:08:42 AM, on 6/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\DEFEND~2\DEFEND~3\PopUpKiller.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tnets.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.alltheweb.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tnets.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.alltheweb.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tnets.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mw-proxy:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking\Program\web_ie.dll
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~2\DEFEND~3\PopUp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~2\DEFEND~3\PopUpKiller.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/04c241de522875f13921/netzip/RdxIE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135301558562
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAB8C1CC-6C6B-4D1D-AE99-BE00A8DDB567}: NameServer = 207.65.4.25 216.153.94.101
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missin
 
Run HijackThis, select the following entries and Fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tnets.net

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.alltheweb.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tnets.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.alltheweb.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tnets.net/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/04c241de522875...etzip/RdxIE.cab

O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

Please then re-boot and post your log again:thumb:
 
Last edited:
Is anyone familiar with a new program called TrueSword

Hi Adywebb
Thanks again. I just wanted to ask one thing before I removed the entries. On the entry, RO-HKLM\Microsoft\InternetExplorer\Main,StartPage=http://tnets.net/ (it is the 5th entry). I just wanted you know that I have tnets.net as an ISP dial-up to connect me to the internet. Wasn't sure if I should remove this before checking with you. Don't mean to be a problem, just a lot dumb on this subject.
Thanks so much. And again it is so nice of you to help me.
countrygirllyndafox
 
Last edited:
countrygirllyndafox said:
Hi Adywebb
Thanks again. I just wanted to ask one thing before I removed the entries. On the entry, RO-HKLM\Microsoft\InternetExplorer\Main,StartPage=http://tnets.net/ (it is the 5th entry). I just wanted you know that I have tnets.net as an ISP dial-up to connect me to the internet. Wasn't sure if I should remove this before checking with you. Don't mean to be a problem, just a lot dumb on this subject.
Thanks so much. And again it is so nice of you to help me.
countrygirllyndafox
Click to expand...
No, no need to 'fix' that ...

Countrygirl, can you do me a little task ... open

Internet Exploter / Tools / Internet options

... and change the home page, put in what you like, say "www.google.com" ... press apply & OK and then press the little House on the toolbar of IE ... what happens?

:)
 

Attachments

  • IE-Internet-Options.gif
    IE-Internet-Options.gif
    66.9 KB · Views: 210
countrygirllyndafox said:
Hi Adywebb
Thanks again. I just wanted to ask one thing before I removed the entries. On the entry, RO-HKLM\Microsoft\InternetExplorer\Main,StartPage=http://tnets.net/ (it is the 5th entry). I just wanted you know that I have tnets.net as an ISP dial-up to connect me to the internet. Wasn't sure if I should remove this before checking with you. Don't mean to be a problem, just a lot dumb on this subject.
Thanks so much. And again it is so nice of you to help me.
countrygirllyndafox
Click to expand...
I want to remove all registry entries relating to your IE start pages so we can start from scratch - deleting it will do no permanent harm.

About-Blank is very difficult to remove in one go, there are about 11 different variants, and it has an uncanny habit of replicating itself - it has be done in a number of planned stages.
 
Last edited:
Back
Top