HJT log plz help me

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

wishb0n3

Thread Starter
Joined
Jan 21, 2007
Messages
60
New at this.. i do virus scans and always freezes half way through on files like xpob2res.dll and some others here is my log.

Logfile of HijackThis v1.99.1
Scan saved at 10:55:47 PM, on 1/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.denverbroncos.com
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

wishb0n3

Thread Starter
Joined
Jan 21, 2007
Messages
60
here is combo fix log...

"HP_Administrator" - 07-01-21 14:24:39 Service Pack 2
ComboFix 07-01-21 - Running from: "C:\Documents and Settings\HP_Administrator\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-21 to 2007-01-21 ))))))))))))))))))))))))))))))))))


2007-01-21 14:27 <DIR> d--h----- C:\WINDOWS\PIF
2007-01-19 19:16 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll
2007-01-19 19:16 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll
2007-01-19 19:16 7,552 --a------ C:\WINDOWS\system32\drivers\pxcom.sys
2007-01-19 19:16 274,688 --a------ C:\WINDOWS\system32\drivers\pxfsf.sys
2007-01-19 19:16 18,560 --a------ C:\WINDOWS\system32\drivers\pxtdi.sys
2007-01-19 19:16 13,952 --a------ C:\WINDOWS\system32\drivers\pxrd.sys
2007-01-19 19:16 11,648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2007-01-19 19:16 100,864 --a------ C:\WINDOWS\system32\drivers\PxEmu.sys
2007-01-19 19:16 <DIR> d-------- C:\Program Files\Prevx1
2007-01-19 19:16 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Prevx
2007-01-19 19:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Prevx
2007-01-14 17:49 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\ATI
2007-01-14 17:47 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-01-14 17:47 <DIR> d-------- C:\Program Files\ATI Technologies
2007-01-14 17:46 <DIR> d-------- C:\ATI
2007-01-14 15:01 <DIR> d-------- C:\Program Files\RegCure
2007-01-14 12:47 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-01-14 12:47 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-01-14 12:47 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-01-14 12:47 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-01-14 12:47 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-01-14 12:47 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-01-14 12:47 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-01-14 12:47 <DIR> d-------- C:\Program Files\Alwil Software
2007-01-13 22:58 <DIR> d-------- C:\Program Files\RegCleaner
2007-01-13 20:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\TuneUp Software
2007-01-13 20:33 <DIR> d-------- C:\Program Files\LIUtilities
2007-01-13 00:18 <DIR> d-------- C:\Program Files\Uniblue
2007-01-13 00:18 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Uniblue
2007-01-12 21:08 <DIR> d-------- C:\spoolerlogs
2007-01-10 17:48 487,424 --------- C:\WINDOWS\RtlExUpd.dll
2007-01-10 17:48 40,960 --------- C:\WINDOWS\system32\ChCfg.exe
2007-01-10 17:48 2,879,488 --------- C:\WINDOWS\SkyTel.exe
2007-01-10 17:48 143,360 --------- C:\WINDOWS\system32\RtlCPAPI.dll
2007-01-10 17:48 <DIR> d-------- C:\Program Files\Realtek
2007-01-10 17:23 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-08 21:05 <DIR> d-------- C:\WINDOWS\Performance
2007-01-08 21:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Corporation
2007-01-07 14:41 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-01-07 14:41 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2007-01-07 14:41 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\TuneUp Software
2007-01-07 14:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-07 14:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\TuneUp Software
2007-01-07 14:29 <DIR> d-------- C:\Program Files\CCleaner
2007-01-05 20:23 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-01-03 20:46 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-01-02 22:41 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-01-02 22:41 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-01-02 22:38 <DIR> d-------- C:\Program Files\Warcraft III
2006-12-30 19:39 19,456 --a------ C:\WINDOWS\system32\Partizan.exe
2006-12-30 19:38 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
2006-12-30 19:38 (2) -rahs-ot- C:\WINDOWS\winstart.bat
2006-12-30 19:37 <DIR> d-------- C:\backreg
2006-12-30 19:36 <DIR> d-------- C:\Program Files\Greatis
2006-12-30 19:36 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Regrun
2006-12-30 13:50 <DIR> d-------- C:\Program Files\ImTOO
2006-12-30 13:31 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Leadertech
2006-12-23 15:01 <DIR> d-------- C:\Program Files\MSBuild
2006-12-23 14:59 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2006-12-23 14:58 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2006-12-23 14:58 <DIR> d-------- C:\Program Files\Reference Assemblies
2006-12-23 14:46 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2006-12-23 14:39 168,832 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys
2006-12-23 09:58 <DIR> d-------- C:\Program Files\Kaspersky Lab
2006-12-23 09:57 <DIR> d-------- C:\kav
2006-12-22 23:26 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\InstallShield
2006-12-22 16:49 <DIR> d-------- C:\Program Files\InstallShield Installation Information(2)
2006-12-21 18:28 <DIR> d-------- C:\Program Files\RegistryFix


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-19 20:38 41 --a------ C:\WINDOWS\system32\febcf5_s.dll
2007-01-16 18:57 202 --a------ C:\DOCUME~1\HP_ADM~1\Application Data\g-force prefs (windowsmediaplayer).txt
2007-01-14 18:47 -------- d-------- C:\Program Files\starwarsgalaxies
2007-01-13 22:42 -------- d---s---- C:\DOCUME~1\HP_ADM~1\Application Data\microsoft
2007-01-13 22:42 -------- d-------- C:\Program Files\bug doctor
2007-01-13 21:31 -------- d-------- C:\Program Files\guild wars
2007-01-13 20:00 -------- d-------- C:\Program Files\java
2007-01-10 17:48 -------- d--h----- C:\Program Files\installshield installation information
2007-01-02 23:00 -------- d-------- C:\DOCUME~1\HP_ADM~1\Application Data\bittorrent
2006-12-30 13:35 -------- d-a------ C:\Program Files\Common Files\lightscribe
2006-12-22 23:26 -------- d-------- C:\Program Files\intel
2006-12-22 23:25 -------- d-------- C:\Program Files\jv16 powertools 2006
2006-12-22 23:25 -------- d-------- C:\Program Files\Common Files\ahead
2006-12-16 19:21 -------- d-------- C:\DOCUME~1\HP_ADM~1\Application Data\ahead
2006-12-16 18:50 263168 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-12-16 18:50 1918464 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-12-16 18:44 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-12-16 18:44 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2006-12-16 18:44 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-12-16 18:44 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-12-16 18:44 102400 --a------ C:\WINDOWS\system32\oemdspif.dll
2006-12-16 18:42 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2006-12-16 18:42 434176 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-12-16 18:41 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-12-16 18:35 2676672 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-12-16 18:30 1289472 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-12-16 18:23 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-12-16 18:21 5304320 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-12-16 18:17 241664 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-12-16 18:16 303104 --a------ C:\WINDOWS\system32\atidemgr.dll
2006-12-16 18:16 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-12-16 18:10 315392 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-12-16 15:03 -------- d-------- C:\Program Files\nero
2006-12-16 00:30 0 --a------ C:\WINDOWS\system32\ultra.dll
2006-12-11 20:18 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-11 16:39 -------- d-------- C:\Program Files\activision
2006-12-06 20:14 2330624 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-20 21:44 0 --a------ C:\DOCUME~1\HP_ADM~1\Application Data\wklnhst.dat
2006-11-07 21:06 679424 --------- C:\WINDOWS\system32\inetcomm.dll
2006-11-04 20:25 1321744 --a------ C:\WINDOWS\system32\msxml6.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-30 03:33 9480 --a------ C:\WINDOWS\system32\icardres.dll
2006-10-30 03:33 83968 --a------ C:\WINDOWS\system32\infocardapi.dll
2006-10-30 03:33 556296 --a------ C:\WINDOWS\system32\icardagt.exe
2006-10-24 12:30 716288 --------- C:\WINDOWS\system32\windowscodecs.dll
2006-10-24 12:30 412160 --------- C:\WINDOWS\system32\photometadatahandler.dll
2006-10-24 12:30 276992 --------- C:\WINDOWS\system32\wmphoto.dll
2006-10-24 12:29 352256 --------- C:\WINDOWS\system32\windowscodecsext.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\0]
"Operation"=dword:00000001
"Source"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EzTune.lnk]
"backup"="C:\\WINDOWS\\pss\\EzTune.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Gateway\\EzTune\\dthtml.exe -startup_folder"
"item"="EzTune"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCMTR"
"hkey"="HKLM"
"command"="ALCMTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avp"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DTHtml"
"hkey"="HKLM"
"command"="C:\\Program Files\\Gateway\\EzTune\\DTHtml.exe -startup_folder"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ehome\\ehtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe ftutil2.dll,SetWriteCacheMode"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPBootOp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cfgwiz"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSPM"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroHomeFirstStart]
"item"="NeroHomeFirstStart"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NMFirstStart.exe"
"hkey"="HKEY"
"key"="RunOnce"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wpctrl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Portrait Displays\\Pivot Software\\wpctrl.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Remind_XP"
"hkey"="HKLM"
"command"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="C:\\Program Files\\Valve\\Steam\\Steam.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=dword:00000002
"SPBBCSvc"=dword:00000002
"SNDSrvc"=dword:00000002
"SAVScan"=dword:00000003
"navapsvc"=dword:00000002
"ccSetMgr"=dword:00000002
"ccProxy"=dword:00000002
"ccEvtMgr"=dword:00000002
"LightScribeService"=dword:00000002
"Themes"=dword:00000002
"Fax"=dword:00000003
"DTSRVC"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\RegCure.job

Completion time: 07-01-21 14:28:26
 

wishb0n3

Thread Starter
Joined
Jan 21, 2007
Messages
60
SDFix: Version 1.60

Sun 01/21/2007 - 14:36:04.25

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Files Found..




Alternate Streams Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\NTDETECT.COM
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp
C:\Documents and Settings\HP_Administrator\NTUSER.DAT.tmp.LOG
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.tmp.LOG
C:\Documents and Settings\LocalService\NTUSER.DAT.tmp.LOG
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.tmp.LOG
C:\Documents and Settings\NetworkService\NTUSER.DAT.tmp.LOG
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.tmp.LOG
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Finished
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top