Proxy Server Problem!

**lakers** · 12-20-2006, 01:29 PM

I only backed up the two registry files I deleted. However, they have come back in the registry again. Yes, the DNS is set to automatic.

-Thank you for all the help!

**jholland1964** · 12-20-2006, 03:50 PM

We would like for you to download and run WinPFind 1.4.1
Save the log and post it here.
Judy

**lakers** · 12-20-2006, 04:52 PM

This is the WinPFind report:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 20/12/2006 21:30:32
WinPFind v1.5.0 Folder = C:\Documents and Settings\Dilan Shah\Desktop\Downloads\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2 28/10/2005 19:47:56 16232461 C:\WINDOWS\LPT$VPN.917 ()
qoologic 28/10/2005 19:47:56 16232461 C:\WINDOWS\LPT$VPN.917 ()
SAHAgent 28/10/2005 19:47:56 16232461 C:\WINDOWS\LPT$VPN.917 ()
UPX! 28/10/2005 19:47:58 170053 C:\WINDOWS\tsc.exe (Trend Micro Inc.)
PECompact2 28/10/2005 19:47:56 16232461 C:\WINDOWS\VPTNFILE.917 ()
qoologic 28/10/2005 19:47:56 16232461 C:\WINDOWS\VPTNFILE.917 ()
SAHAgent 28/10/2005 19:47:56 16232461 C:\WINDOWS\VPTNFILE.917 ()
UPX! 28/10/2005 19:47:58 1044560 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)
aspack 28/10/2005 19:47:58 1044560 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)

Checking %System% folder...
PEC2 05/01/2002 10:18:20 2011136 C:\WINDOWS\SYSTEM32\atl70.pdb ()
PEC2 23/08/2001 12:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PTech 19/06/2006 15:19:42 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PEC2 05/01/2002 12:48:16 9546752 C:\WINDOWS\SYSTEM32\mfc70.pdb ()
PEC2 05/01/2002 11:54:06 7564288 C:\WINDOWS\SYSTEM32\mfc70d.pdb ()
PEC2 05/01/2002 12:36:36 9538560 C:\WINDOWS\SYSTEM32\mfc70u.pdb ()
PEC2 05/01/2002 11:56:56 7597056 C:\WINDOWS\SYSTEM32\mfc70ud.pdb ()
PECompact2 07/12/2006 23:13:44 10716584 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 07/12/2006 23:13:44 10716584 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 03/08/2004 23:56:56 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 03/08/2004 23:56:38 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 03/08/2004 23:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 03/08/2004 23:56:46 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 23/08/2001 12:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 19/06/2006 15:19:26 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 03/08/2004 21:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
20/12/2006 11:19:28 S 2048 C:\WINDOWS\bootstat.dat ()
05/08/2040 18:05:14 H 0 C:\WINDOWS\inf\oem9.inf ()
07/11/2006 21:04:24 S 42340 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ie7.cat ()
08/12/2006 01:30:20 S 9057 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat ()
08/11/2006 05:24:16 S 11671 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923694.cat ()
20/12/2006 21:30:14 H 1024 C:\WINDOWS\system32\config\default.LOG ()
20/12/2006 11:38:34 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
20/12/2006 21:23:52 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
20/12/2006 21:32:12 H 1024 C:\WINDOWS\system32\config\software.LOG ()
20/12/2006 21:40:10 H 1024 C:\WINDOWS\system32\config\system.LOG ()
14/12/2006 07:34:10 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.da t.LOG ()
05/08/2040 16:16:42 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\682ed65e-da9f-4eca-ba76-2bdfa6c602dc ()
04/11/2006 23:18:20 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\d65c6890-54c0-4f35-a5ff-0f013bdc77e6 ()
04/11/2006 23:18:20 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
20/12/2006 11:22:42 H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job ()
20/12/2006 11:19:38 H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
03/08/2004 23:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
03/08/2004 23:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
03/08/2004 23:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
03/08/2004 23:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
03/08/2004 23:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
03/08/2004 23:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
17/10/2006 12:05:48 1817088 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
03/08/2004 23:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
03/08/2004 23:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
03/08/2004 23:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
23/08/2001 12:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
03/08/2004 23:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
23/08/2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
03/08/2004 23:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
03/08/2004 23:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
03/08/2004 23:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
03/08/2004 23:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
25/11/2004 23:34:20 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl (RealNetworks, Inc.)
04/10/2001 17:25:22 475136 C:\WINDOWS\SYSTEM32\slcpappl.cpl ()
03/08/2004 23:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
23/08/2001 12:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
03/08/2004 23:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
03/08/2004 23:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
26/05/2005 03:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
17/10/2006 12:05:48 1817088 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
23/08/2001 12:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
23/08/2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
23/08/2001 12:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsof...?1143894569182
{6E5A37BF-FD42-463A-877C-4EB7002E68AE} - Housecall ActiveX 6.5 - CodeBase = http://us-housecall.trendmicro-europ...vex/hcImpl.cab
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} - HouseCall Control - CodeBase = http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/actives...ree/asinst.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/s...sh/swflash.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
29/07/2006 14:50:02 737 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk ()
15/12/2004 11:24:24 1793 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Broadband Check-Up.lnk ()
01/12/2002 19:20:30 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
01/12/2002 19:09:52 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()

Checking files in %USERPROFILE%\Startup folder...
01/12/2002 19:20:30 HS 84 C:\Documents and Settings\Dilan Shah\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
01/12/2002 19:09:50 HS 62 C:\Documents and Settings\Dilan Shah\Application Data\desktop.ini ()
07/11/2004 18:08:44 19952 C:\Documents and Settings\Dilan Shah\Application Data\GDIPFONTCACHEV1.DAT ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://go.microsoft.com/fwlink/?LinkId=69157
\\Search Page - http://go.microsoft.com/fwlink/?LinkId=54896
\\Default_Page_URL - http://go.microsoft.com/fwlink/?LinkId=69157
\\Default_Search_URL - http://go.microsoft.com/fwlink/?LinkId=54896
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.aol.co.uk/
\\Search Page -
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar = C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Toolbar = C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar = C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN Toolbar = C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} - 8192 = AOL Toolbar
\\NEXTID - 8197
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8193 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 = Windows Messenger
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8196 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\CmdMapping - MenuText: = ()
\{4982D40A-C53B-4615-B15B-B5B5E98D167C} - ButtonText: AOL Toolbar =
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com =
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{BDA77241-42F6-11d0-85E2-00AA001FE28C} - LDVP Shell Extensions = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{950FF917-7A57-46BC-8017-59D9BF474000} - Shell Extension for CDRW = C:\Program Files\Ahead\InCD\incdshx.dll (Nero AG)
\\{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\Cont extMenuHandlers]
\ewido - {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll (ewido networks)
\LDVPMenu - {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemO bjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shel lex\ContextMenuHandlers]
\ewido - {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll (ewido networks)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\Back Ground\shellex\ContextMenuHandlers]
\InCDMenu - {950FF917-7A57-46BC-8017-59D9BF474000} = C:\Program Files\Ahead\InCD\incdshx.dll (Nero AG)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex \ContextMenuHandlers]
\LDVPMenu - {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers]
\{7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalExt.NeroDigitalColumnHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
HPDJ Taskbar Utility - C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe (HP)
AOLDialer - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
AOL Spyware Protection - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe ()
DSLSTATEXE - C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe (GlobespanVirata, Inc.)
DSLAGENTEXE - C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe ()
%FP%Friendly fts.exe - C:\Program Files\VoyagerTest\fts.exe (Friendly Technologies)
MPFExe - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe (McAfee Security)
Name of App - C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe ( )
NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
Windows Defender - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0b\aoltray.exe (America Online, Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Broadband Check-Up.lnk - C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe (Motive Communications, Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Dilan Shah\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BearShare
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BearShare
hkey HKLM
command "C:\Program Files\BearShare\BearShare.exe" /pause
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command C:\Program Files\iTunes\iTunesHelper.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RealPlay
hkey HKLM
command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{54D9498B-CF93-414F-8984-8CE7FDE0D391} - CShellExecuteHookImpl Object = C:\Program Files\ewido\security suite\shellhook.dll ()
\\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - Microsoft AntiMalware ShellExecuteHook = C:\PROGRA~1\WIFD1F~1\MpShHook.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\NavLogon - C:\WINDOWS\System32\NavLogon.dll = ()
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{9DA712BA-2A8D-44DB-8AD9-C5DF0CBAAC0A} - (GlobeSpan USB ADSL LAN Modem)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WinSock2\Parameters\NameSpace_Catalog5\Catalog_ Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WinSock2\Parameters\Protocol_Catalog9\Catalog_E ntries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler]
\ipp - ()
\ms-itss - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filt er]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

**jholland1964** · 12-20-2006, 11:15 PM

We are still trying here. PP says there doesn't appear to be much showing in your WPFinder log that is suspicious.
~TL would like you to run
AnalyzerXP 3.4
which is an ongoing project of his. Download and run the program and post the log here and he will take a look at it for any suspicious looking files and let us know.

**PhilliePhan** · 12-21-2006, 12:02 AM

While you're at it, could you please navigate to C:\Windows\System32\drivers\etc\hosts and open up your HOSTS file with notepad and post the results?

PP

**lakers** · 12-21-2006, 07:39 AM

This is the AnalyzerXP log:

[======================] AnalyzerXP by TurcoLoco [======================]

21/12/2006
12:31

The files listed below could be safe and valid, so before you do anything, research further.
You could also submit this log on www.iamnotageek.com - HijackThis forum for help.

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 21/12/2006 at 12:28:12

RSOP results for DILAN\Dilan Shah on DILAN : Logging Mode
----------------------------------------------------------

OS Type: Microsoft Windows XP Professional
OS Configuration: Standalone Workstation
OS Version: 5.1.2600
Domain Name: DILAN
Domain Type: N/A<Local Computer>
Site Name: N/A
Roaming Profile:
Local Profile: C:\Documents and Settings\Dilan Shah
Connected over a slow link?: Yes

COMPUTER SETTINGS
------------------

Last time Group Policy was applied: 21/12/2006 at 11:57:28
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps

Applied Group Policy Objects
-----------------------------
N/A

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)

The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users

USER SETTINGS
--------------

Last time Group Policy was applied: 21/12/2006 at 11:57:28
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps

Applied Group Policy Objects
-----------------------------
N/A

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)

The user is a part of the following security groups:
----------------------------------------------------
None
Everyone
Debugger Users
BUILTIN\Administrators
BUILTIN\Users
LOCAL
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users

Volume in drive C has no label.
Volume Serial Number is 20E8-C18D

Directory of C:\WINDOWS\Tasks

04/12/2006 23:34 284 AppleSoftwareUpdate.job
1 File(s) 284 bytes
0 Dir(s) 4,031,694,848 bytes free

TaskName Next Run Time Status
==================================== ======================== ===============
AppleSoftwareUpdate 16:26:00, 22/12/2006
MP Scheduled Scan 01:52:00, 22/12/2006

INFO: No event triggers found.

=====] Examining the executables in INTERNET EXPLORER folder:

W32i APP ENU 9.0.3790.2428 shp 33,792 11-07-2006 c:\program files\internet explorer\custsat.dll
W32i DLL ENU 7.0.5730.11 shp 60,416 10-17-2006 c:\program files\internet explorer\hmmapi.dll
W32i APP ENU 5.50.4134.100 shp 143,360 06-08-2000 c:\program files\internet explorer\ie4.dll
W32i APP ENU 5.50.4134.100 shp 32,768 06-08-2000 c:\program files\internet explorer\iedetect.dll
W32i APP ENU 7.0.5730.11 shp 69,120 10-17-2006 c:\program files\internet explorer\iedw.exe
W32i DLL ENU 7.0.5730.11 shp 287,744 11-07-2006 c:\program files\internet explorer\ieproxy.dll
W32i APP ENU 7.0.5730.11 shp 622,080 10-17-2006 c:\program files\internet explorer\iexplore.exe
{ If listed above, please ignore hmmapi.dll, iedw.exe and iexplore.exe }

=====] Looking for suspicious file types in WINDOWS folder:

W32i - - - - 53,248 09-15-2003 c:\windows\apprun.exe
W32i - - - - 129,536 07-23-1999 c:\windows\auhccup1.dll
W32i - - - - 224,256 03-31-1999 c:\windows\comctl32.oca
W32i - - - - 71,749 10-28-2005 c:\windows\hcextoutput.dll
W32i - - - - 12,288 09-28-2004 c:\windows\impborl.dll
W32i - - - - 43,520 03-31-1999 c:\windows\msmapi32.oca
W32i - - - - 36,864 10-19-2003 c:\windows\restart.exe

Volume in drive C has no label.
Volume Serial Number is 20E8-C18D

Directory of C:\WINDOWS

05/12/2002 17:23 19,274 001299_.tmp
02/04/2006 12:37 19,528 003920_.tmp
10/12/2002 16:15 69,632 DUMP478c.tmp
10/12/2002 16:15 69,632 DUMP4b39.tmp
10/12/2002 16:15 69,632 DUMP4c0b.tmp
10/12/2002 16:15 69,632 DUMP4fc3.tmp
10/12/2002 16:15 69,632 DUMP546b.tmp
10/12/2002 16:15 69,632 DUMP57d2.tmp
10/12/2002 16:15 69,632 DUMP59c7.tmp
10/12/2002 16:15 69,632 DUMP60c7.tmp
10/12/2002 16:15 69,632 DUMP6121.tmp
10/12/2002 16:15 69,632 DUMP6199.tmp
10/12/2002 16:15 69,632 DUMP6515.tmp
10/12/2002 16:15 69,632 DUMP66d7.tmp
10/12/2002 16:15 69,632 DUMP6c29.tmp
10/12/2002 16:15 69,632 DUMP6d6a.tmp
10/12/2002 16:15 69,632 DUMP6eb4.tmp
19 File(s) 2,182,803 bytes
0 Dir(s) 4,031,625,216 bytes free

DOS - - - - 12,498 08-23-2001 c:\windows\system32\append.exe
W32i - - - - 262,416 10-17-1999 c:\windows\system32\asfv2.dll
W32i - - - - 2,067,140 11-29-2005 c:\windows\system32\avcodec.dll
W32i - - - - 24,576 08-15-2003 c:\windows\system32\coinst.dll
W32i - - - - 23,040 09-18-2000 c:\windows\system32\cssms_in.dll
DOS - - - - 9,833 09-03-2001 c:\windows\system32\ddmi.vxd
DOS - - - - 20,634 08-23-2001 c:\windows\system32\debug.exe
DOS - - - - 9,321 11-11-2001 c:\windows\system32\dlpt.vxd
DOS - - - - 53,840 08-03-2004 c:\windows\system32\dosx.exe
DOS - - - - 69,886 08-23-2001 c:\windows\system32\edit.com
DOS - - - - 12,642 08-23-2001 c:\windows\system32\edlin.exe
DOS - - - - 8,424 08-23-2001 c:\windows\system32\exe2bin.exe
DOS - - - - 882 08-23-2001 c:\windows\system32\fastopen.exe
DOS - - - - 7,315 02-28-2003 c:\windows\system32\javasup.vxd
DOS - - - - 39,274 08-23-2001 c:\windows\system32\mem.exe
W32i - - - - 20,480 07-01-2002 c:\windows\system32\mpfapi.dll
DOS - - - - 25,225 11-27-2002 c:\windows\system32\mpfirewl.vxd
DOS - - - - 817 08-23-2001 c:\windows\system32\mscdexnt.exe
W32i - - - - 45,056 09-24-2001 c:\windows\system32\navlogon.dll
W16 - - - - 2,656 08-23-2001 c:\windows\system32\netware.drv
DOS - - - - 7,052 08-23-2001 c:\windows\system32\nlsfunc.exe
DOS - - - - 3,252 08-23-2001 c:\windows\system32\nw16.exe
DOS - - - - 5,672 08-17-1998 c:\windows\system32\quartz.vxd
DOS - - - - 3,338 08-03-2004 c:\windows\system32\redir.exe
DOS - - - - 11,753 08-23-2001 c:\windows\system32\setver.exe
DOS - - - - 882 08-23-2001 c:\windows\system32\share.exe
DOS - - - - 120,379 09-24-2001 c:\windows\system32\symevnt.386
W16 - - - - 10,240 08-17-1998 c:\windows\system32\vidx16.dll
DOS - - - - 1,129 08-23-2001 c:\windows\system32\vwipxspx.exe
W16 - - - - 13,312 08-23-2001 c:\windows\system32\win87em.dll
W16 - - - - 11,776 03-25-2003 c:\windows\system32\zport4as.dll
{ If listed above, please ignore append.exe, chcfg.exe, choice.exe, debug.exe, dosx.exe, edit.com, edlin.exe, exe2bin.exe, fastopen.exe, javasup.vxd, mem.exe, mscdexnt.exe, netware.drv, nlsfunc.exe, nw16.exe, redir.exe, setver.exe, share.exe, vwipxspx.exe, win87em.dll }

02/03/2006 11:17 0 02.tmp
{ If listed above, please ignore CONFIG.TMP, OLDx.tmp and setbX.tmp files }

10/12/2006 19:50 1,744 d3d9caps.dat
05/09/2006 23:01 2,451,824 ieapfltr.dat
{ If listed above, please ignore emptyreg.dat, emptyregdb.dat and FNTCACHE.DAT }

W32i DLL ENU 58.6.0.0 shp 141,424 08-24-2006 c:\windows\downloaded program files\asinst.dll
W32i DLL ENU 6.5.2.7 shp 357,376 02-02-2006 c:\windows\downloaded program files\housecall_activex.dll
W32i DLL ENU 1.0.0.2 shp 113,152 03-17-2005 c:\windows\downloaded program files\msnmessengersetupdownloader.ocx
W32i DLL ENU 2004.3.0.20 shp 124,072 12-22-2004 c:\windows\downloaded program files\naveng32.dll
W32i DLL ENU 2004.3.0.20 shp 685,224 12-22-2004 c:\windows\downloaded program files\navex32a.dll
W32i DLL ENU 5.70.0.1088 shp 435,712 10-03-2005 c:\windows\downloaded program files\xscan53.ocx

=====] List of files located at the root of the C Drive:

Volume in drive C has no label.
Volume Serial Number is 20E8-C18D

Directory of C:\

21/09/2006 08:49 9,820 2EF.tmp
01/12/2002 11:21 245,792 CLASSES.1ST
01/12/2002 11:38 0 CONFIG.BAK
01/12/2002 11:38 0 CONFIG.SYS
20/12/2006 00:29 0 conmgr.log
02/12/2002 00:09 16 CTJINI.INI
20/12/2006 16:01 189,354 hpfr5550.log
26/12/2004 15:43 348 install.log
02/12/2002 00:10 82 OUT1.TXT
01/12/2002 11:10 3,833 RECOVERY.LOG
01/12/2002 15:04 470 SCANDISK.LOG
26/12/2004 15:59 3,723 _NavCClt.Log
29 File(s) 467,381 bytes
0 Dir(s) 4,031,501,312 bytes free
{ If listed above, please ignore CONFIG.SYS and AUTOEXEC.BAT }

=====] Directory Analysis - PROGRAM FILES:

03/04/2006 12:30 <DIR> Ahead
29/07/2006 14:46 <DIR> AOL 9.0b
04/12/2006 23:34 <DIR> Apple Software Update
24/04/2006 09:23 <DIR> ArcSoft
17/08/2006 15:46 <DIR> Driving Test Success 2006-2007
01/04/2006 09:38 <DIR> Elaborate Bytes
30/03/2006 18:03 <DIR> FileZilla
04/12/2006 23:37 <DIR> iPod
04/12/2006 23:37 <DIR> iTunes
02/04/2006 12:56 <DIR> messenger
04/04/2006 22:19 <DIR> Microsoft ActiveSync
02/04/2006 15:49 <DIR> Microsoft Device Emulator
02/04/2006 15:51 <DIR> Microsoft SQL Server
04/04/2006 22:15 <DIR> Microsoft Visual Studio
02/04/2006 15:05 <DIR> Microsoft Visual Studio 8
02/04/2006 15:11 <DIR> Microsoft.NET
20/11/2006 00:01 <DIR> MSXML 4.0
04/12/2006 23:35 <DIR> QuickTime
01/04/2006 15:59 <DIR> SAMSUNG
21/08/2006 14:46 <DIR> Windows Defender
16/03/2006 22:41 <DIR> WinRAR
(The above folders were created in 2006, ignore the ones you know of)

=====] Directory Analysis - COMMON FILES (subfolder of Program Files folder):

03/04/2006 12:31 <DIR> Ahead
04/04/2006 22:21 <DIR> L&H
03/04/2006 12:32 <DIR> Nero
{ if listed above, please ignore Adobe, Microsoft Shared, MSSoap, ODBC, Services, SpeechEngines, System and others you recognize)

=====] Directory Analysis - WINDOWS folder:

Volume in drive C has no label.
Volume Serial Number is 20E8-C18D

Directory of C:\WINDOWS

01/12/2002 19:02 <DIR> .
01/12/2002 19:02 <DIR> ..
01/12/2002 19:02 <DIR> addins
01/12/2002 19:02 <DIR> AppPatch
24/08/2005 19:24 <DIR> AU_Backup
24/08/2005 19:20 <DIR> AU_Log
28/10/2005 19:44 <DIR> AU_Temp
01/12/2002 19:02 <DIR> Config
01/12/2002 19:02 <DIR> Connection Wizard
01/12/2002 19:02 <DIR> Cursors
01/12/2002 19:02 <DIR> Debug
09/05/2005 17:05 <DIR> Downloaded Installations
01/12/2002 19:02 <DIR> Driver Cache
05/12/2002 20:51 <DIR> ehome
01/12/2002 19:02 <DIR> Help
31/03/2004 20:55 <DIR> henry screensaver dir
09/12/2006 11:58 <DIR> ie7
05/12/2002 11:31 <DIR> IIS Temporary Compressed Files
01/12/2002 19:02 <DIR> ime
03/04/2006 12:33 <DIR> InCD
01/12/2002 19:02 <DIR> inf
01/12/2002 19:02 <DIR> java
01/12/2002 19:02 <DIR> Media
05/12/2002 21:26 <DIR> Microsoft.NET
04/12/2002 23:48 <DIR> Minidump
04/12/2002 09:59 <DIR> Modio
15/12/2004 11:25 <DIR> Motive
01/12/2002 19:02 <DIR> msagent
01/12/2002 19:02 <DIR> msapps
01/12/2002 19:02 <DIR> mui
10/10/2004 18:21 <DIR> occache
01/12/2002 19:16 <DIR> Offline Web Pages
01/12/2002 19:14 <DIR> PCHEALTH
02/04/2006 12:54 <DIR> peernet
03/12/2002 13:34 <DIR> PIF
02/04/2006 14:26 <DIR> Prefetch
02/04/2006 12:54 <DIR> provisioning
01/04/2006 12:44 <DIR> pss
01/12/2002 19:12 <DIR> Registration
01/12/2002 19:02 <DIR> repair
24/08/2005 19:24 <DIR> report
01/12/2002 19:02 <DIR> Resources
01/12/2002 19:02 <DIR> security
05/12/2002 20:51 <DIR> ServicePackFiles
04/04/2006 22:14 <DIR> SHELLNEW
01/09/2005 10:33 <DIR> SoftwareDistribution
01/12/2002 19:15 <DIR> srchasst
01/12/2002 19:02 <DIR> system
01/12/2002 19:02 <DIR> system32
01/12/2002 19:02 <DIR> Temp
01/12/2002 19:02 <DIR> twain_32
09/12/2006 12:00 <DIR> WBEM
01/12/2002 19:02 <DIR> Web
01/12/2002 19:02 <DIR> WinSxS
0 File(s) 0 bytes
188 Dir(s) 4,031,488,512 bytes free
{ If listed above, please ignore addins, AppPatch, assembly, Config, Connection Wizard, Cursors, Debug, Downloaded Program Files, Driver Cache, EHome, ERDNT, Fonts, Help, ime, inf, Installer, java, LastGood, Media, Microsoft.NET, msagent, msapps, mui, Offiline Web Pages, PCHealth, peernet, Prefetch, Profiles, provisioning, RegisteredPackages, Registration, repair, Resources, security, ServicePackFiles, SoftwareDistribution, srchasst, system, system32, Tasks, Temp, twain_32, Web and WinSxs folders }

=====] Process Analysis - User-based processes with their Services:

Image Name PID Services
========================= ====== =============================================
WebClient
explorer.exe 1720 N/A
sqlservr.exe 232 MSSQL$SQLEXPRESS
AOLDial.exe 1348 N/A
AOLSP Scheduler.exe 1468 N/A
dslstat.exe 1516 N/A
dslagent.exe 1536 N/A
fts.exe 1556 N/A
MpfTray.exe 1504 N/A
MSASCui.exe 2096 N/A
ctfmon.exe 2116 N/A
MpfAgent.exe 2212 N/A
alg.exe 3208 ALG
MpCmdRun.exe 2232 N/A
cmd.exe 2192 N/A
tasklist.exe 936 N/A
find.exe 3644 N/A
wmiprvse.exe 3224 N/A
{ If listed above, please ignore CMD.EXE, EXPLORER.EXE, FIND.EXE and TASKLIST.EXE }

=====] Process Analysis - Currently running Service based Processes:

Image Name PID Services
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 624 N/A
csrss.exe 676 N/A
winlogon.exe 700 N/A
services.exe 744 Eventlog, PlugPlay
lsass.exe 756 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 916 DcomLaunch, TermService
svchost.exe 960 RpcSs
MsMpEng.exe 1056 WinDefend
svchost.exe 1100 AudioSrv, BITS, CryptSvc, Dhcp, dmserver,
ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
lanmanserver, lanmanworkstation, Netman,
Nla, RasMan, Schedule, seclogon, SENS,
SharedAccess, ShellHWDetection, TapiSrv,
Themes, TrkWks, W32Time, winmgmt, wscsvc,
wuauserv, WZCSVC
InCDsrv.exe 1120 InCDsrvR
svchost.exe 1220 Dnscache
svchost.exe 1372 Alerter, LmHosts, RemoteRegistry, SSDPSRV,
WebClient
spoolsv.exe 1604 Spooler
explorer.exe 1720 N/A
AOLacsd.exe 1780 AOL ACS
defwatch.exe 1824 DefWatch
ewidoctrl.exe 1856 ewido security suite control
inetinfo.exe 1876 IISADMIN, SMTPSVC, W3SVC
mdm.exe 1940 MDM
MpfService.exe 1996 MpfService
sqlservr.exe 232 MSSQL$SQLEXPRESS
AOLDial.exe 1348 N/A
AOLSP Scheduler.exe 1468 N/A
dslstat.exe 1516 N/A
dslagent.exe 1536 N/A
fts.exe 1556 N/A
MpfTray.exe 1504 N/A
MSASCui.exe 2096 N/A
ctfmon.exe 2116 N/A
MpfAgent.exe 2212 N/A
alg.exe 3208 ALG
wmiprvse.exe 3568 N/A
wuauclt.exe 2444 N/A
MpCmdRun.exe 2232 N/A
cmd.exe 2192 N/A
wmiprvse.exe 3224 N/A
tasklist.exe 2836 N/A

[======================] End of Log [======================]

This is the HOSTS file:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

**lakers** · 12-21-2006, 07:42 AM

I have also noticed that in the Internet Options under Lan Settings, whenever the "Use Proxy Server" becomes checked(when I "Fix" the two R1 files in HJT), the "Port" is shown as "8080."

**jholland1964** · 12-22-2006, 02:06 AM

Try flushing the DNS cache (For Windows XP, "Start -> Run -> ipconfig /flushdns") then try loading the sites again.

**lakers** · 12-22-2006, 08:09 AM

Nope, it didn't work.

**PhilliePhan** · 12-22-2006, 02:54 PM

Hi Guys,

The Hosts file is OK. I just wanted to double-check it, though it showed OK in the PFind.

-- We could probably address this issue via hacking the registry. I do seem to remember having a similar issue 5 or 6 years ago with dialup MSN.
Probably best to wait for TL to weigh in with his $.02

Happy Holidays, etc. . .

pp

Thread: Proxy Server Problem!

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions