1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Pop-ups will not stop

Discussion in 'Virus & Other Malware Removal' started by philker21, Jan 23, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. philker21

    philker21 Thread Starter

    Joined:
    Sep 21, 2006
    Messages:
    22
    OK, I'll do it on Monday. Thanks!
     
  2. philker21

    philker21 Thread Starter

    Joined:
    Sep 21, 2006
    Messages:
    22
    Cybertech,

    I am sorry I have not replied recently, but i have had some other problems pop up on the work computer. My homepage will not work and this website will not work but all the other web pages do. Weird, huh?!! So, i did a "hijack this" run again and hopefully it will tell you something. So here it is:

    Logfile of HijackThis v1.99.1
    Scan saved at 5:33:46 PM, on 2/1/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\msdtc.exe
    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\aeeprqeq.dll",setvm
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


    Sorry about the delay but i have had to work around my computer trouble. :eek:

    Thanks again Cybertech!!
    philker21
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download (save) combofix from one of these two sites:
    Double click combofix.exe & follow the prompts.
    When finished, it will produce a log for you.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall.


     
  4. philker21

    philker21 Thread Starter

    Joined:
    Sep 21, 2006
    Messages:
    22
    Cybertech,

    I have ran the ComboFix on my computer, I have to post it from another employees computer since my computer will not access this page. So here it is:


    "PEaker" - 07-02-05 8:28:11 Service Pack 2
    ComboFix 07.02.04 - Running from: "C:\Program Files\Mozilla Firefox"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\secure32.html
    C:\Program Files\Common Files\{ACE11~1
    C:\DOCUME~1\PEaker\Application Data\SearchToolbarCorp
    C:\Program Files\VSAdd-in
    C:\WINDOWS\system32\components


    ((((((((((((((((((((((((((((((( Files Created from 2007-01-05 to 2007-02-05 ))))))))))))))))))))))))))))))))))


    2007-01-31 16:19 <DIR> d-------- C:\DOCUME~1\PEaker\Graphisoft
    2007-01-31 16:19 <DIR> d-------- C:\DOCUME~1\PEaker\Application Data\Graphisoft
    2007-01-30 10:52 44,165 --a------ C:\WINDOWS\system32\egxskknr.dll
    2007-01-29 15:05 <DIR> d-------- C:\DOCUME~1\PEaker\Application Data\Acronis
    2007-01-29 15:04 96,320 --a------ C:\WINDOWS\system32\drivers\snapman.sys
    2007-01-29 15:03 98,880 --a------ C:\WINDOWS\system32\drivers\psh_drv.sys
    2007-01-29 15:03 <DIR> d-------- C:\Program Files\Acronis
    2007-01-29 15:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Acronis
    2007-01-29 12:06 <DIR> d-------- C:\WINDOWS\WBEM
    2007-01-29 12:06 <DIR> d-------- C:\WINDOWS\system32\en-US
    2007-01-29 12:05 <DIR> d--h-c--- C:\WINDOWS\ie7
    2007-01-29 12:03 121,856 --------- C:\WINDOWS\system32\xmllite.dll
    2007-01-29 11:59 <DIR> d---s---- C:\DOCUME~1\PEaker\UserData
    2007-01-25 10:30 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
    2007-01-25 10:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
    2007-01-25 10:30 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2007-01-25 10:30 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
    2007-01-25 10:30 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
    2007-01-25 10:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
    2007-01-25 10:30 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
    2007-01-25 10:30 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2007-01-25 10:30 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
    2007-01-24 15:52 <DIR> d-------- C:\!KillBox
    2007-01-23 10:35 <DIR> d-------- C:\WINDOWS\pss
    2007-01-18 09:27 <DIR> dr------- C:\DOCUME~1\PEaker\Application Data\Brother
    2007-01-12 09:06 <DIR> d-------- C:\Program Files\Autodesk
    2007-01-12 09:03 <DIR> d-------- C:\DOCUME~1\PEaker\Application Data\Downloaded Installations
    2007-01-11 14:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
    2007-01-11 09:16 <DIR> d-------- C:\WINDOWS\system32\FxsTmp
    2007-01-05 09:51 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-02-05 08:31 -------- d-------- C:\Program Files\mozilla firefox
    2007-02-01 17:33 -------- d-------- C:\Program Files\hijackthis
    2007-01-29 13:59 -------- d-------- C:\Program Files\quicktime
    2007-01-25 15:07 -------- d--h----- C:\Program Files\installshield installation information
    2007-01-25 15:06 -------- d-------- C:\Program Files\google
    2007-01-24 09:22 -------- d-------- C:\DOCUME~1\PEaker\Application Data\corel
    2007-01-23 10:49 -------- d-------- C:\Program Files\lavasoft
    2007-01-23 10:49 -------- d-------- C:\DOCUME~1\PEaker\Application Data\lavasoft
    2007-01-23 10:39 -------- d-------- C:\Program Files\Common Files\symantec shared
    2007-01-11 15:57 -------- d---s---- C:\DOCUME~1\PEaker\Application Data\microsoft
    2007-01-11 14:40 -------- d-------- C:\DOCUME~1\PEaker\Application Data\adobeum
    2007-01-10 09:02 -------- d-------- C:\Program Files\java
    2007-01-09 10:06 -------- d-------- C:\Program Files\craftsman
    2006-12-21 07:55 -------- d-------- C:\Program Files\grisoft
    2006-12-14 09:49 61678 --a------ C:\DOCUME~1\PEaker\Application Data\pfp120jpr.{pb
    2006-12-14 09:49 12358 --a------ C:\DOCUME~1\PEaker\Application Data\pfp120jcm.{pb
    2006-12-11 11:46 -------- d-------- C:\Program Files\itunes
    2006-12-11 11:46 -------- d-------- C:\Program Files\ilike
    2006-12-08 13:16 74520 --a------ C:\WINDOWS\dsetup.dll
    2006-12-08 13:16 484632 --a------ C:\WINDOWS\dxsetup.exe
    2006-12-08 13:16 1670936 --a------ C:\WINDOWS\dsetup32.dll
    2006-12-07 01:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
    2006-11-22 13:06 122448 --a------ C:\DOCUME~1\PEaker\Application Data\cosmos prefs
    2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
    2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
    2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
    2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\aeeprqeq.dll\",setvm"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ClearRecentDocsOnExit"=dword:00000001
    "NoRecentDocsMenu"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvesa
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjrs32

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\b4a_My Documents.job
    C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - PEaker.job


    ********************************************************************

    catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-02-05 8:33:00


    Thanks again for your help.
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please go to this web site: http://virusscan.jotti.org/
    and in the File to upload & scan box copy and paste
    C:\WINDOWS\system32\egxskknr.dll
    Copy the information to notepad and paste it back here in your next reply.



    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will shutdown your computer, click OK.
    • Turn your computer back on.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
     
  6. philker21

    philker21 Thread Starter

    Joined:
    Sep 21, 2006
    Messages:
    22
    Cybertech,

    So here we go! First is the jottiscan, second is the vundofix, and last will be the hijackthis report.

    JOTTISCAN

    Scan taken on 06 Feb 2007 13:40:19 (GMT)
    AntiVir
    Found TR/Juan.E
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found nothing
    BitDefender
    Found Trojan.Juan.E
    ClamAV
    Found nothing
    Dr.Web
    Found Trojan.Virtumod
    F-Prot Antivirus
    Found nothing
    F-Secure Anti-Virus
    Found nothing
    Fortinet
    Found nothing
    Kaspersky Anti-Virus
    Found nothing
    NOD32
    Found Win32/BHO.G
    Norman Virus Control
    Found nothing
    VirusBuster
    Found Trojan.DL.Vundo.Gen!Pac4
    VBA32
    Found nothing


    VUNDO FIX



    VundoFix V6.3.5

    Checking Java version...

    Java version is 1.4.2.3

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 8:45:02 AM 2/6/2007

    Listing files found while scanning....

    C:\WINDOWS\security\Database\asevwa.bak1
    C:\WINDOWS\security\Database\asevwa.bak2
    C:\WINDOWS\security\Database\asevwa.ini
    C:\WINDOWS\security\Database\awvesa.dll
    C:\WINDOWS\system32\ahwjkyxk.dll
    C:\WINDOWS\system32\blkgwqso.dll
    C:\WINDOWS\system32\dlxywdyc.dll
    C:\WINDOWS\system32\egxskknr.dll
    C:\WINDOWS\system32\perjaech.dll
    C:\WINDOWS\system32\phyrliaa.dll
    C:\WINDOWS\system32\pljqgred.dll
    C:\WINDOWS\system32\qrbmofbb.dll
    C:\WINDOWS\system32\uphvcxld.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\security\Database\asevwa.bak1
    C:\WINDOWS\security\Database\asevwa.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\security\Database\asevwa.bak2
    C:\WINDOWS\security\Database\asevwa.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\security\Database\asevwa.ini
    C:\WINDOWS\security\Database\asevwa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\security\Database\awvesa.dll
    C:\WINDOWS\security\Database\awvesa.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\egxskknr.dll
    C:\WINDOWS\system32\egxskknr.dll Has been deleted!

    Performing Repairs to the registry.
    Done!



    HIJACKTHIS


    Logfile of HijackThis v1.99.1
    Scan saved at 8:55:43 AM, on 2/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\egxskknr.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {C46D229F-CFCF-4642-A799-991C2029CAEA} - C:\WINDOWS\security\Database\awvesa.dll (file missing)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


    Ok, that's it! :D Thanks alot!!
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\egxskknr.dll (file missing)
    O2 - BHO: (no name) - {C46D229F-CFCF-4642-A799-991C2029CAEA} - C:\WINDOWS\security\Database\awvesa.dll (file missing)
    O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)

    Close all applications and browser windows before you click "fix checked".


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.





    Download and install AVG Anti-Spyware 7.5 AVG ANTI-SPYWARE IS ONLY FOR SYSTEMS RUNNING WIN 2K and XP
    (This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware)
    1. After download, double click on the file to launch the install process.
    2. Choose a language, click "OK" and then click "Next".
    3. Read the "License Agreement" and click "I Agree".
    4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
    5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
    6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
    7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
    8. Go to Start > Run and type: services.msc
    • Press "OK".
    • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
    • When you find the guard service, double-click on it.
    • In the Properties Window > General Tab that opens, click the "Stop" button.
    • From the drop-down menu next to "Startup Type", click on "Manual".
    • Now click "Apply", then "OK" and close the Services window.
    9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here. Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

    Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Scan with AVG Anti-Spyware as follows:
    1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
    • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
    • Under "How to Scan?" check all (default).
    • Under "Possibly unwanted software" check all (default).
    • Under "What to Scan?" make sure "Scan every file" is selected (default).
    • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
    2. Click the "Scan" tab to return to scanning options.
    3. Click "Complete System Scan" to start.
    4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

    IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

    5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
    6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.

    Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

    Note: If AVG Anti-Spyware "crashes" or "hangs" during the scan, try scanning again by doing this:
    1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

    2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.
     
  8. philker21

    philker21 Thread Starter

    Joined:
    Sep 21, 2006
    Messages:
    22
    Cybertech,

    AVG's scan found nothing, here is the report:

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 3:24:05 PM 2/6/2007

    + Scan result:



    Nothing found.


    ::Report end



    So, what do you think? My problem is still occuring, do you think we hit a brick wall?
    Thanks for your help, let me know what I need to do next.

    philker21
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\egxskknr.dll (file missing)
    O2 - BHO: (no name) - {C46D229F-CFCF-4642-A799-991C2029CAEA} - C:\WINDOWS\security\Database\awvesa.dll (file missing)
    O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)

    Close all applications and browser windows before you click "fix checked".




    Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Don&#8217;t do anything with it yet!


    Click here for info on how to boot to safe mode if you don't already know how.


    Reboot into Safe Mode.


    Double click WinPFind.exe
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    Reboot back to Normal Mode!


    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Copy and paste WinPFind.txt in your next post here please.
     
  10. philker21

    philker21 Thread Starter

    Joined:
    Sep 21, 2006
    Messages:
    22
    Cybertech,

    It took me a little longer because my computer wouldn't access the bleepingcomputers website. But, I finally got a hold of WinPFind and got this report:


    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Logfile created on: 2/7/2007 9:13:59 PM
    WinPFind v1.5.0 Folder = C:\Documents and Settings\PEaker\My Documents\Surfer My Documents\WinPFind\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 7.0.5730.11)

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...
    PEC2 12/8/2006 1:16:52 PM 13265040 C:\WINDOWS\dxnt.cab ()
    PEC2 12/8/2006 1:16:52 PM 1336890 C:\WINDOWS\Jun2005_d3dx9_26_x64.cab ()

    Checking %System% folder...
    aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
    aspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
    aspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
    aspack 12/5/2005 6:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
    aspack 2/3/2006 8:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
    aspack 3/31/2006 12:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
    aspack 9/28/2006 4:05:20 PM 2414360 C:\WINDOWS\SYSTEM32\d3dx9_31.dll (Microsoft Corporation)
    aspack 11/29/2006 1:06:18 PM 3426072 C:\WINDOWS\SYSTEM32\d3dx9_32.dll (Microsoft Corporation)
    PEC2 8/4/2004 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
    PTech 6/19/2006 3:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
    PECompact2 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    aspack 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    aspack 8/4/2004 5:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
    WSUD 8/4/2004 5:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    Umonitor 8/4/2004 5:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
    winsync 8/4/2004 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
    PTech 6/19/2006 3:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

    Checking %System%\Drivers folder and sub-folders...

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    2/6/2007 3:27:56 PM S 2048 C:\WINDOWS\bootstat.dat ()
    2/6/2007 9:07:02 AM H 54156 C:\WINDOWS\QTFont.qfn ()
    1/17/2007 3:41:18 PM HS 968303 C:\WINDOWS\system32\qeqrpeea.ini ()
    12/22/2006 11:53:02 AM S 7894 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat ()
    2/7/2007 7:04:28 PM H 81920 C:\WINDOWS\system32\config\default.LOG ()
    2/6/2007 3:28:12 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
    2/7/2007 5:57:20 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
    2/7/2007 7:06:08 PM H 290816 C:\WINDOWS\system32\config\software.LOG ()
    2/7/2007 7:06:02 PM H 28672 C:\WINDOWS\system32\config\system.LOG ()
    1/14/2007 3:00:46 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
    12/14/2006 4:28:50 PM S 1039 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
    12/14/2006 4:28:50 PM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
    1/29/2007 1:00:32 PM H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG ()
    2/5/2007 8:38:30 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini ()
    2/5/2007 8:38:30 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini ()
    1/5/2007 10:46:32 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\f7a1ed9e-1bee-4f87-8c66-74e7d583952d ()
    1/5/2007 10:46:32 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
    1/17/2007 4:35:10 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\c056f07d-2611-4baf-b636-943e8100a7cd ()
    1/17/2007 4:35:10 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
    2/6/2007 3:28:04 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

    Checking for CPL files...
    2/10/2006 1:45:46 PM 402040 C:\WINDOWS\SYSTEM32\agcpl.cpl (iAnywhere Solutions, Inc.)
    8/4/2004 5:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
    10/7/2003 1:39:00 PM 184320 C:\WINDOWS\SYSTEM32\bdeadmin.cpl (Borland Software Corporation)
    8/4/2004 5:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
    8/4/2004 5:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
    8/4/2004 5:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
    8/4/2004 5:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
    9/20/2005 9:35:12 AM 77824 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
    10/17/2006 12:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
    8/4/2004 5:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
    8/4/2004 5:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
    7/27/2004 4:50:48 PM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
    8/4/2004 5:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
    11/9/2006 3:07:28 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
    8/4/2004 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
    8/4/2004 5:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
    8/4/2004 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
    8/4/2004 5:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
    8/4/2004 5:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    8/4/2004 5:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
    3/5/2006 4:20:34 AM 266856 C:\WINDOWS\SYSTEM32\plotman.cpl (Autodesk, Inc.)
    8/4/2004 5:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
    12/9/2004 1:44:58 PM 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl (Intel(R) Corporation)
    3/5/2006 4:21:32 AM 266856 C:\WINDOWS\SYSTEM32\styleman.cpl (Autodesk, Inc.)
    8/4/2004 5:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
    8/4/2004 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
    8/4/2004 5:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
    8/4/2004 5:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
    5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
    10/17/2006 12:05:48 PM 1817088 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
    1/23/2005 4:33:44 PM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0009\DriverFiles\igfxcpl.cpl (Intel Corporation)

    Checking for Downloaded Program Files...
    {31435657-9980-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    {8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    {D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    1/11/2007 2:42:32 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
    10/18/2006 1:32:48 PM 1949 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk ()
    8/10/2004 1:04:12 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    8/10/2004 12:57:42 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
    1/10/2007 11:59:28 AM 3380 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

    Checking files in %USERPROFILE%\Startup folder...
    8/10/2004 1:04:12 PM HS 84 C:\Documents and Settings\PEaker\Start Menu\Programs\Startup\desktop.ini ()

    Checking files in %USERPROFILE%\Application Data folder...
    11/22/2006 1:06:50 PM 122448 C:\Documents and Settings\PEaker\Application Data\Cosmos Prefs ()
    8/10/2004 12:57:42 PM HS 62 C:\Documents and Settings\PEaker\Application Data\desktop.ini ()
    12/14/2006 9:49:12 AM 12358 C:\Documents and Settings\PEaker\Application Data\PFP120JCM.{PB ()
    12/14/2006 9:49:12 AM 61678 C:\Documents and Settings\PEaker\Application Data\PFP120JPR.{PB ()

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    >>> Internet Explorer Settings <<<


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - about:blank
    \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Local Page - %SystemRoot%\system32\blank.htm

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Local Page - C:\WINDOWS\system32\blank.htm

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    \\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

    >>> BHO's <<<
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    \{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - = ()
    \{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
    \{BDF3E430-B101-42AD-A544-FADC6B084872} - CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

    >>> Internet Explorer Bars, Toolbars and Extensions <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    \{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
    \{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
    \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \WebBrowser\\{74DD705D-6834-439C-A735-A6DBE2677452} - = ()

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
    \\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Console
    \\NEXTID - 8197
    \\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8193 =
    \\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 =
    \\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - 8195 =
    \\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - 8196 =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.)
    \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)

    >>> Approved Shell Extensions (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    \\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
    \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
    \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
    \\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll ()
    \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
    \\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
    \\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
    \\{36A21736-36C2-4C11-8ACB-D4136F2B57BD} - AutoCAD Digital Signatures Icon Overlay Handler = C:\WINDOWS\system32\AcSignIcon.dll (Autodesk)
    \\{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} - Autodesk Drawing Preview = C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll (Autodesk)
    \\{6DEA92E9-8682-4b6a-97DE-354772FE5727} - Autodesk DWF Preview = C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll (Autodesk)
    \\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


    >>> Context Menu Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
    \Autodesk.DWF.ContextMenu - {6C18531F-CA85-45F7-8278-FF33CF0A5964} = C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtension.dll ()
    \AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
    \Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

    [HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
    \AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
    \igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation)

    [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
    \Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

    >>> Column Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
    \{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)
    \{FC66F851-FFAB-11D1-B226-0000C01A73E9} - Graphisoft Shell Extension 3.0 = E:\Archicad\Archicad10\ArchiCAD 10\GSShellX.dll (Graphisoft R&D)

    >>> Registry Run Keys <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
    iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
    SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    H/PC Connection Agent - C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
    ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    >>> Startup Links <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
    C:\Documents and Settings\PEaker\Start Menu\Programs\Startup\desktop.ini ()

    >>> MSConfig Disabled Items <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini 0
    win.ini 0
    bootini 0
    services 0
    startup 0


    [All Users Startup Folder Disabled Items]

    [Current User Startup Folder Disabled Items]

    >>> User Agent Post Platform <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

    >>> AppInit Dll's <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

    >>> Image File Execution Options <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    \Your Image File Name Here without a path - Debugger = ntsd -d

    >>> Shell Service Object Delay Load <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
    \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

    >>> Shell Execute Hooks <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    \\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)
    \\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

    >>> Shared Task Scheduler <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    \\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
    \\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

    >>> Winlogon <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    \\UserInit = C:\WINDOWS\system32\userinit.exe,
    \\Shell = Explorer.exe
    \\System =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
    \crypt32chain - crypt32.dll = (Microsoft Corporation)
    \cryptnet - cryptnet.dll = (Microsoft Corporation)
    \cscdll - cscdll.dll = (Microsoft Corporation)
    \igfxcui - igfxdev.dll = (Intel Corporation)
    \ScCertProp - wlnotify.dll = (Microsoft Corporation)
    \Schedule - wlnotify.dll = (Microsoft Corporation)
    \sclgntfy - sclgntfy.dll = (Microsoft Corporation)
    \SensLogn - WlNotify.dll = (Microsoft Corporation)
    \termsrv - wlnotify.dll = (Microsoft Corporation)
    \WgaLogon - WgaLogon.dll = (Microsoft Corporation)
    \wlballoon - wlnotify.dll = (Microsoft Corporation)

    >>> DNS Name Servers <<<
    {C37D8F0F-FEF7-4930-9AEB-ADA9EC012159} - (Intel(R) PRO/100 VE Network Connection)

    >>> All Winsock2 Catalogs <<<
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
    \000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    \000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
    \000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
    \000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

    >>> Protocol Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
    \ipp - ()
    \msdaipp - ()

    >>> Protocol Filters (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

    >>> Selected AddOn's <<<


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»



    It's a big one! :eek:

    Thanks again

    philker21
     
  11. philker21

    philker21 Thread Starter

    Joined:
    Sep 21, 2006
    Messages:
    22
    I also deleted those files from HiJackThis, just FYI
     
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    How is it running now? Any problems? You should post one more HJT log.
     
  13. philker21

    philker21 Thread Starter

    Joined:
    Sep 21, 2006
    Messages:
    22
    Well, I don't have pop-ups, but on my internet at work this page and alot of other pages won't come up. I can't access many pages and was wondering what might be causing that. Have you seen anything in the reports that might indicate a problem? I will post another HiJackThis report tomorrow.
     
  14. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    For you machine at work you should have your IT staff look into the problem. It could be blocked by the server administrator or many other things.
     
  15. philker21

    philker21 Thread Starter

    Joined:
    Sep 21, 2006
    Messages:
    22
    What's weird is I could access them a couple days ago and all the other computers in the office can access this page, but what's worse is we have no IT staff. :D I appreciate your help though. If you can think of anything that might be the cause of this let me know
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/537670

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice