1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HJT log plz help me

Discussion in 'Virus & Other Malware Removal' started by wishb0n3, Jan 21, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. wishb0n3

    wishb0n3 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    60
    New at this.. i do virus scans and always freezes half way through on files like xpob2res.dll and some others here is my log.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:55:47 PM, on 1/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
    O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://www.denverbroncos.com
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  2. wishb0n3

    wishb0n3 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    60
    here is combo fix log...

    "HP_Administrator" - 07-01-21 14:24:39 Service Pack 2
    ComboFix 07-01-21 - Running from: "C:\Documents and Settings\HP_Administrator\Desktop"

    ((((((((((((((((((((((((((((((( Files Created from 2006-12-21 to 2007-01-21 ))))))))))))))))))))))))))))))))))


    2007-01-21 14:27 <DIR> d--h----- C:\WINDOWS\PIF
    2007-01-19 19:16 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll
    2007-01-19 19:16 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll
    2007-01-19 19:16 7,552 --a------ C:\WINDOWS\system32\drivers\pxcom.sys
    2007-01-19 19:16 274,688 --a------ C:\WINDOWS\system32\drivers\pxfsf.sys
    2007-01-19 19:16 18,560 --a------ C:\WINDOWS\system32\drivers\pxtdi.sys
    2007-01-19 19:16 13,952 --a------ C:\WINDOWS\system32\drivers\pxrd.sys
    2007-01-19 19:16 11,648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
    2007-01-19 19:16 100,864 --a------ C:\WINDOWS\system32\drivers\PxEmu.sys
    2007-01-19 19:16 <DIR> d-------- C:\Program Files\Prevx1
    2007-01-19 19:16 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Prevx
    2007-01-19 19:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Prevx
    2007-01-14 17:49 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\ATI
    2007-01-14 17:47 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
    2007-01-14 17:47 <DIR> d-------- C:\Program Files\ATI Technologies
    2007-01-14 17:46 <DIR> d-------- C:\ATI
    2007-01-14 15:01 <DIR> d-------- C:\Program Files\RegCure
    2007-01-14 12:47 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-01-14 12:47 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2007-01-14 12:47 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-01-14 12:47 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-01-14 12:47 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-01-14 12:47 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-01-14 12:47 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-01-14 12:47 <DIR> d-------- C:\Program Files\Alwil Software
    2007-01-13 22:58 <DIR> d-------- C:\Program Files\RegCleaner
    2007-01-13 20:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\TuneUp Software
    2007-01-13 20:33 <DIR> d-------- C:\Program Files\LIUtilities
    2007-01-13 00:18 <DIR> d-------- C:\Program Files\Uniblue
    2007-01-13 00:18 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Uniblue
    2007-01-12 21:08 <DIR> d-------- C:\spoolerlogs
    2007-01-10 17:48 487,424 --------- C:\WINDOWS\RtlExUpd.dll
    2007-01-10 17:48 40,960 --------- C:\WINDOWS\system32\ChCfg.exe
    2007-01-10 17:48 2,879,488 --------- C:\WINDOWS\SkyTel.exe
    2007-01-10 17:48 143,360 --------- C:\WINDOWS\system32\RtlCPAPI.dll
    2007-01-10 17:48 <DIR> d-------- C:\Program Files\Realtek
    2007-01-10 17:23 <DIR> d-------- C:\WINDOWS\ie7updates
    2007-01-08 21:05 <DIR> d-------- C:\WINDOWS\Performance
    2007-01-08 21:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Corporation
    2007-01-07 14:41 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
    2007-01-07 14:41 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
    2007-01-07 14:41 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\TuneUp Software
    2007-01-07 14:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-01-07 14:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\TuneUp Software
    2007-01-07 14:29 <DIR> d-------- C:\Program Files\CCleaner
    2007-01-05 20:23 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
    2007-01-03 20:46 <DIR> d-------- C:\WINDOWS\BDOSCAN8
    2007-01-02 22:41 2,829 --a------ C:\WINDOWS\War3Unin.pif
    2007-01-02 22:41 139,264 --a------ C:\WINDOWS\War3Unin.exe
    2007-01-02 22:38 <DIR> d-------- C:\Program Files\Warcraft III
    2006-12-30 19:39 19,456 --a------ C:\WINDOWS\system32\Partizan.exe
    2006-12-30 19:38 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
    2006-12-30 19:38 (2) -rahs-ot- C:\WINDOWS\winstart.bat
    2006-12-30 19:37 <DIR> d-------- C:\backreg
    2006-12-30 19:36 <DIR> d-------- C:\Program Files\Greatis
    2006-12-30 19:36 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Regrun
    2006-12-30 13:50 <DIR> d-------- C:\Program Files\ImTOO
    2006-12-30 13:31 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\Leadertech
    2006-12-23 15:01 <DIR> d-------- C:\Program Files\MSBuild
    2006-12-23 14:59 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
    2006-12-23 14:58 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2006-12-23 14:58 <DIR> d-------- C:\Program Files\Reference Assemblies
    2006-12-23 14:46 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
    2006-12-23 14:39 168,832 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys
    2006-12-23 09:58 <DIR> d-------- C:\Program Files\Kaspersky Lab
    2006-12-23 09:57 <DIR> d-------- C:\kav
    2006-12-22 23:26 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Application Data\InstallShield
    2006-12-22 16:49 <DIR> d-------- C:\Program Files\InstallShield Installation Information(2)
    2006-12-21 18:28 <DIR> d-------- C:\Program Files\RegistryFix


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-19 20:38 41 --a------ C:\WINDOWS\system32\febcf5_s.dll
    2007-01-16 18:57 202 --a------ C:\DOCUME~1\HP_ADM~1\Application Data\g-force prefs (windowsmediaplayer).txt
    2007-01-14 18:47 -------- d-------- C:\Program Files\starwarsgalaxies
    2007-01-13 22:42 -------- d---s---- C:\DOCUME~1\HP_ADM~1\Application Data\microsoft
    2007-01-13 22:42 -------- d-------- C:\Program Files\bug doctor
    2007-01-13 21:31 -------- d-------- C:\Program Files\guild wars
    2007-01-13 20:00 -------- d-------- C:\Program Files\java
    2007-01-10 17:48 -------- d--h----- C:\Program Files\installshield installation information
    2007-01-02 23:00 -------- d-------- C:\DOCUME~1\HP_ADM~1\Application Data\bittorrent
    2006-12-30 13:35 -------- d-a------ C:\Program Files\Common Files\lightscribe
    2006-12-22 23:26 -------- d-------- C:\Program Files\intel
    2006-12-22 23:25 -------- d-------- C:\Program Files\jv16 powertools 2006
    2006-12-22 23:25 -------- d-------- C:\Program Files\Common Files\ahead
    2006-12-16 19:21 -------- d-------- C:\DOCUME~1\HP_ADM~1\Application Data\ahead
    2006-12-16 18:50 263168 --a------ C:\WINDOWS\system32\ati2dvag.dll
    2006-12-16 18:50 1918464 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
    2006-12-16 18:44 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
    2006-12-16 18:44 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
    2006-12-16 18:44 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
    2006-12-16 18:44 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll
    2006-12-16 18:44 102400 --a------ C:\WINDOWS\system32\oemdspif.dll
    2006-12-16 18:42 53248 --a------ C:\WINDOWS\system32\atiddc.dll
    2006-12-16 18:42 434176 --a------ C:\WINDOWS\system32\ati2evxx.exe
    2006-12-16 18:41 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
    2006-12-16 18:35 2676672 --a------ C:\WINDOWS\system32\ati3duag.dll
    2006-12-16 18:30 1289472 --a------ C:\WINDOWS\system32\ativvaxx.dll
    2006-12-16 18:23 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
    2006-12-16 18:21 5304320 --a------ C:\WINDOWS\system32\atioglxx.dll
    2006-12-16 18:17 241664 --a------ C:\WINDOWS\system32\atikvmag.dll
    2006-12-16 18:16 303104 --a------ C:\WINDOWS\system32\atidemgr.dll
    2006-12-16 18:16 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
    2006-12-16 18:10 315392 --a------ C:\WINDOWS\system32\ati2cqag.dll
    2006-12-16 15:03 -------- d-------- C:\Program Files\nero
    2006-12-16 00:30 0 --a------ C:\WINDOWS\system32\ultra.dll
    2006-12-11 20:18 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
    2006-12-11 16:39 -------- d-------- C:\Program Files\activision
    2006-12-06 20:14 2330624 --a------ C:\WINDOWS\system32\wmvcore.dll
    2006-11-20 21:44 0 --a------ C:\DOCUME~1\HP_ADM~1\Application Data\wklnhst.dat
    2006-11-07 21:06 679424 --------- C:\WINDOWS\system32\inetcomm.dll
    2006-11-04 20:25 1321744 --a------ C:\WINDOWS\system32\msxml6.dll
    2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
    2006-10-30 03:33 9480 --a------ C:\WINDOWS\system32\icardres.dll
    2006-10-30 03:33 83968 --a------ C:\WINDOWS\system32\infocardapi.dll
    2006-10-30 03:33 556296 --a------ C:\WINDOWS\system32\icardagt.exe
    2006-10-24 12:30 716288 --------- C:\WINDOWS\system32\windowscodecs.dll
    2006-10-24 12:30 412160 --------- C:\WINDOWS\system32\photometadatahandler.dll
    2006-10-24 12:30 276992 --------- C:\WINDOWS\system32\wmphoto.dll
    2006-10-24 12:29 352256 --------- C:\WINDOWS\system32\windowscodecsext.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\""
    "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
    "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\0]
    "Operation"=dword:00000001
    "Source"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EzTune.lnk]
    "backup"="C:\\WINDOWS\\pss\\EzTune.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Gateway\\EzTune\\dthtml.exe -startup_folder"
    "item"="EzTune"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ALCMTR"
    "hkey"="HKLM"
    "command"="ALCMTR.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="avp"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bittorrent"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ccApp"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DTHtml"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Gateway\\EzTune\\DTHtml.exe -startup_folder"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ehtray"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\ehome\\ehtray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="rundll32"
    "hkey"="HKLM"
    "command"="rundll32.exe ftutil2.dll,SetWriteCacheMode"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="HPBootOp"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="cfgwiz"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ISUSPM"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -k"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -k"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroHomeFirstStart]
    "item"="NeroHomeFirstStart"
    "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NMFirstStart.exe"
    "hkey"="HKEY"
    "key"="RunOnce"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="wpctrl"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Portrait Displays\\Pivot Software\\wpctrl.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RECGUARD"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Remind_XP"
    "hkey"="HKLM"
    "command"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RTHDCPL"
    "hkey"="HKLM"
    "command"="RTHDCPL.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="UsrPrmpt"
    "hkey"="HKLM"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Steam"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Valve\\Steam\\Steam.exe -silent"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Symantec Core LC"=dword:00000002
    "SPBBCSvc"=dword:00000002
    "SNDSrvc"=dword:00000002
    "SAVScan"=dword:00000003
    "navapsvc"=dword:00000002
    "ccSetMgr"=dword:00000002
    "ccProxy"=dword:00000002
    "ccEvtMgr"=dword:00000002
    "LightScribeService"=dword:00000002
    "Themes"=dword:00000002
    "Fax"=dword:00000003
    "DTSRVC"=dword:00000002

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
    63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
    6d,73,73,74,79,6c,65,73,00
    "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
    73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0

    HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
    UxTuneUp

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
    Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\1-Click Maintenance.job
    C:\WINDOWS\tasks\RegCure.job

    Completion time: 07-01-21 14:28:26
     
  3. wishb0n3

    wishb0n3 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    60
    anyone?
     
  4. wishb0n3

    wishb0n3 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    60
    can someone please help me?
     
  5. wishb0n3

    wishb0n3 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    60
    SDFix: Version 1.60

    Sun 01/21/2007 - 14:36:04.25

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:

    Path:


    Restoring Windows Registry Entries
    Restoring Default Hosts File


    Rebooting...

    Normal Mode:
    Checking Files:

    No Files Found..




    Alternate Streams Check:

    C:\WINDOWS\system32
    No streams found.

    Final Check:

    Remaining Services:
    ------------------


    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"


    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip


    Checking For Files with Hidden Attributes :

    C:\NTDETECT.COM
    C:\WINDOWS\system32\cdplayer.exe.manifest
    C:\WINDOWS\system32\logonui.exe.manifest
    C:\IO.SYS
    C:\MSDOS.SYS
    C:\pagefile.sys
    C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp
    C:\Documents and Settings\HP_Administrator\NTUSER.DAT.tmp.LOG
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.tmp.LOG
    C:\Documents and Settings\LocalService\NTUSER.DAT.tmp.LOG
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.tmp.LOG
    C:\Documents and Settings\NetworkService\NTUSER.DAT.tmp.LOG
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.tmp.LOG
    C:\WINDOWS\system32\config\default.tmp.LOG
    C:\WINDOWS\system32\config\SAM.tmp.LOG
    C:\WINDOWS\system32\config\SECURITY.tmp.LOG
    C:\WINDOWS\system32\config\software.tmp.LOG
    C:\WINDOWS\system32\config\system.tmp.LOG

    Finished
     
  6. wishb0n3

    wishb0n3 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    60
    come on.. anyone..?
     
  7. wishb0n3

    wishb0n3 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    60
    Hello?
     
  8. wishb0n3

    wishb0n3 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    60
    why wont anyone help me...?
     
  9. wishb0n3

    wishb0n3 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    60
    anyone?:mad: :mad: :confused:
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/537229

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice