NEED HELP NOW.. .scans stop on xpob2res.dll

This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.


Thread Starter
Jan 21, 2007
All scans i do.. ( avast , trend micro, etc.. ) all freeze on file scan of this file then my comp restarts.. what do i do? cant figure it out dont wanna have to reformat


Gone but Never Forgotten
Jan 24, 2002

go to Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

That file is part of Networking and legitimate, but there may be some problem with it.

You can scan that one file, or any file one at a time and have it checked by some of the best antimalware scans around at at least two places:

Go to either site, use the Browse button there, and navigate to the location the of file you want to upload highlight by clicking ONCE on file, and the path will show in the Submit space, then hit the Submit (Upload) button to send it in. You will have an answer in a few seconds. Tell us what it finds, by copying and pasting the results for that file, into a reply here.

Compare the results from the two, if same send in just one.


Thread Starter
Jan 21, 2007
Thanks for the reply here is my hjt log.. i will do the other now :)

Logfile of HijackThis v1.99.1
Scan saved at 5:47:55 PM, on 1/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone:
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) -
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Gone but Never Forgotten
Jan 24, 2002
Hi, The file xpob2res.dll comes with XP Service Pack 2, which you do have installed. I still have not found any good information as to scans freezing on this file.
I am not sure, but something could have happened to the file, then if you fix that one file, it will find another sometimes to freeze at.

There could have been a bad Windows Update along the way somewhere, and I use Belarc Advisor to spot those easily.

Download to the desktop and double click to install it.

The Advisor is an Internet Explorer page when it opens...scroll down to Windows Update section and see if any are marked "X" which means they have to be reinstalled.

The Advisor has a link in it, to go right to the particular update that needs to be reinstalled.

Do NOT copy and paste the entire Advisor information, as it does show some personal information you do not want to display.

If you copy anything,just copy that one part about the missing or Damaged update.


Thread Starter
Jan 21, 2007
Service Packs and Hotfixes
Current Service Pack Section Score: 1.25 of 1.25
1. Latest Service Pack

Critical and Security Hotfixes Section Score: 1.25 of 1.25
1. Latest Critical and Security Hotfixes

Account and Audit Policies
Password Policies Section Score: 0.00 of 0.83
1. Current Password Ages

2. Minimum Password Length

Audit and Account Policies Section Score: 0.00 of 0.83
1. Audit Account Logon Events

2. Audit Account Management

3. Audit Logon Events

4. Audit Object Access

5. Audit Policy Change

6. Audit Privilege Use

7. Audit System Events

8. Minimum Password Age

9. Maximum Password Age

10. Password Complexity

11. Store Passwords using Reversible Encryption

12. Password History Size

13. Account Lockout Duration

14. Account Lockout Threshold

15. Reset Account Lockout Count Time

Event Log Policies Section Score: 0.00 of 0.83
1. Application Event Log: Maximum Size

2. Application Event Log: Restrict Guest Access

3. Security Event Log: Maximum Size

4. Security Event Log: Restrict Guest Access

5. System Event Log: Maximum Size

6. System Event Log: Restrict Guest Access

Security Settings
Anonymous Account Restrictions Section Score: 0.00 of 0.83
1. Network Access: Allow Anonymous SID/Name Translation

2. Network Access: Do not allow Anonymous Enumeration of SAM Accounts

3. Network Access: Do not allow Anonymous Enumeration of SAM Accounts and Shares

Security Options Section Score: 0.00 of 0.83
1. Accounts: Guest Account Status

2. Accounts: Limit Local Account Use of Blank Passwords to Console Logon Only

3. Accounts: Rename administrator account

4. Accounts: Rename guest account

5. Devices: Allowed to format and eject removable media

6. Devices: Unsigned Driver Installation Behavior

7. Domain Member: Digitally Encrypt or Sign Secure Channel Data (Always)

8. Domain Member: Digitally Encrypt Secure Channel Data (When Possible)

9. Domain Member: Digitally Sign Secure Channel Data (When Possible)

10. Domain Member: Disable Machine Account Password Changes

11. Domain Member: Maximum Machine Account Password Age

12. Interactive Logon: Do Not Display Last User Name

13. Interactive Logon: Do Not Require CTRL+ALT+DEL

14. Interactive Logon: Message Text for Users Attempting to Log On

15. Interactive Logon: Message Title for Users Attempting to Log On

16. Interactive Logon: Number of Previous Logons to Cache

17. Interactive Logon: Prompt User to Change Password Before Expiration

18. Interactive Logon: Smart Card Removal Behavior

19. Microsoft Network Client: Digitally Sign Communication (if server agrees)

20. Microsoft Network Client: Send Unencrypted Password to Connect to Third-Party SMB Server

21. Microsoft Network Server: Amount of Idle Time Required Before Disconnecting Session

22. Microsoft Network Server: Digitally Sign Communication (if client agrees)

23. Microsoft Network Server: Disconnect Clients When Logon Hours Expire

24. Network Access: Let Everyone Permissions Apply to Anonymous Users

25. Network Access: Shares that can be accessed anonymously

26. Network Access: Sharing and Security Model for Local Accounts

27. Network Security: LAN Manager Authentication Level

28. Network Security: LDAP Client Signing Requirements

29. Recovery Console: Allow Automatic Administrative Log On

30. Shutdown: Allow System to be Shut Down Without Having to Log On

31. Shutdown: Clear Virtual Memory Pagefile

32. System Objects: Default Owner for Objects Created by Members of the Administrators Group

Additional Security Settings Section Score: 0.00 of 0.83
1. Suppress Dr. Watson Crash Dumps

2. Disable Automatic Execution of the System Debugger

3. Disable Autoplay from any Disk Type, Regardless of Application

4. Disable Autoplay from the Default Profile

5. Disable Automatic Logon

6. Disable Automatic Reboots After a Blue Screen of Death

7. Disable CD Autorun

8. Protect Against Computer Browser Spoofing Attacks

9. Protect Against Source-routing Spoofing

10. Protect the Default Gateway Network Setting

11. Ensure ICMP Routing via Shortest Path First

12. Help Protect Against Packet Fragmentation

13. Manage Keep-alive Times

14. Protect Against Malicious Name-release Attacks

15. Ensure Router Discovery is Disabled

16. Protect Against SYN Flood Attacks

17. SYN Attack Protection - Manage TCP Maximum Half-open Sockets

18. SYN Attack Protection - Manage TCP Maximum Half-open Retired Sockets

19. Enable IPSec to Protect Kerberos RSVP Traffic

20. Hide Workstation from Network Browser Listing

21. Enable Safe DLL Search Mode

Available Services and Other Requirements
Available Services Section Score: 0.00 of 0.63
1. Alerter Service Permissions

2. Clipbook Service Permissions

3. FTP Publishing Service Permissions

4. IIS Admin Service Permissions

5. Messenger Service Permissions

6. NetMeeting Remote Desktop Sharing Service Permissions

7. Remote Desktop Help Session Manager Permissions

8. Routing and Remote Access Service Permissions

9. SMTP Service Permissions

10. SNMP Service Permissions

11. SNMP Trap Permissions

12. Telnet Service Permissions

13. World Wide Web Publishing Services Permissions

User Rights Section Score: 0.00 of 0.63
1. Access this Computer from the Network

2. Act as Part of the Operating System

3. Allow Logon through Terminal Services

4. Back up Files and Directories

5. Bypass Traverse Checking

6. Change the System Time

7. Create a Pagefile

8. Create a Token Object

9. Create Permanent Shared Objects

10. Debug Programs

11. Deny Access to this Computer from the Network

12. Force Shutdown from a Remote System

13. Generate Security Audits

14. Increase Scheduling Priority

15. Load and Unload Device Drivers

16. Lock Pages in Memory

17. Log on Locally

18. Manage Auditing and Security Log

19. Modify Firmware Environment Values

20. Perform Volume Maintenance Tasks

21. Profile Single Process

22. Profile System Performance

23. Remove Computer from Docking Station

24. Replace a Process Level Token

25. Restore Files and Directories

26. Shut Down the System

27. Take Ownership of File or Other Objects

Other System Requirements Section Score: 0.00 of 0.63
1. All Local Volumes NTFS

2. Restricted Group: Remote Desktop Users

File and Registry Permissions Section Score: 0.00 of 0.63
1. Permissions for HKLM\software\microsoft\windows\currentversion\installer

2. Permissions for HKLM\software\microsoft\windows\currentversion\policies

3. Permissions for HKLM\system\currentcontrolset\enum

4. Permissions for HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers

5. Permissions for HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities

6. Permissions for USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots

7. Permissions for HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit

8. Permissions for %SystemRoot%\system32\tlntsvr.exe

9. Permissions for %SystemRoot%\system32\tftp.exe

10. Permissions for %SystemRoot%\system32\telnet.exe

11. Permissions for %SystemRoot%\system32\subst.exe

12. Permissions for %SystemRoot%\system32\sc.exe

13. Permissions for %SystemRoot%\system32\runas.exe

14. Permissions for %SystemRoot%\system32\rsh.exe

15. Permissions for %SystemRoot%\system32\rexec.exe

16. Permissions for %SystemRoot%\system32\regsvr32.exe

17. Permissions for %SystemRoot%\system32\regedt32.exe

18. Permissions for %SystemRoot%\regedit.exe

19. Permissions for %SystemRoot%\system32\reg.exe

20. Permissions for %SystemRoot%\system32\rcp.exe

21. Permissions for %SystemRoot%\system32\netsh.exe

22. Permissions for %SystemRoot%\system32\net1.exe

23. Permissions for %SystemRoot%\system32\net.exe

24. Permissions for %SystemRoot%\system32\ftp.exe

25. Permissions for %SystemRoot%\system32\eventtriggers.exe

26. Permissions for %SystemRoot%\system32\eventcreate.exe

27. Permissions for %SystemRoot%\system32\edlin.exe

28. Permissions for %SystemRoot%\system32\drwtsn32.exe

29. Permissions for %SystemRoot%\system32\drwatson.exe

30. Permissions for %SystemRoot%\system32\debug.exe

31. Permissions for %SystemRoot%\system32\cacls.exe

32. Permissions for %SystemRoot%\system32\attrib.exe

33. Permissions for %SystemRoot%\system32\at.exe

Why are benchmarks important for IT security? Many current threats are not stopped by perimeter security systems such as firewall and anti-virus systems. Setting and monitoring configurations based on consensus benchmarks is a critical step because this is a pro-active way to avoid many successful attacks. The U.S. National Security Agency has found that configuring computers with proper security settings blocks 90% of the existing threats (IA Newsletters "Security Benchmarks: A Gold Standard." Click here to request a copy.) For our white paper, "Security Within", click here to request a copy.

What is the Center for Internet Security (CIS)? The CIS is an open association consisting of industry, government and academic members. Its mission is to help IT organizations more effectively manage their risks related to information security. Click here for details.

What are the CIS Benchmarks? The Benchmarks are developed by CIS members and staff and are consensus based, best-practice security configurations for computers connected to the Internet. Click here for details.

What is the CIS Benchmark Score? The Belarc Advisor has performed a security audit of your system using the CIS Level-I benchmark appropriate to your operating system. The result is a number between zero and ten that gives a measure of the vulnerability of your system to potential threats. The higher the number the less vulnerable your system.

How can you reduce your security vulnerability? The CIS configurations are available as Microsoft security template files from the CIS. Warning: Applying these security templates may cause some applications to stop working correctly. Back up your system prior to applying these security templates or apply the templates on a test system first.
Click here to download the templates from the CIS (requires registration and acceptance of the CIS license agreement).

Copyright 2000-6, Belarc, Inc. All rights reserved.
Legal notice. U.S. Patents 6085229, 5665951 and Patents pending.


Gone but Never Forgotten
Jan 24, 2002
Hi, The red "x" for updates means they either are not installed correctly, missing or need to be reinstalled.

In the Belarc Advisor category at the start of the list of hotfixes, check under "Missing Microsoft Security Hotfixes", you can use a link to that hotfix, one at a time, and install them. Running the update will sometimes give a message similar to "You do not need this..." or that it was installed already. So, precheck in your Add/Remove Programs list of updates, but you may have to Unhide them first by

putting a check-mark into the box "Show Updates" at the top.

For any updates marked with the "X" click Details, or look for something that tells you it is damaged, or needs reinstalling. There should be a link right around there to go right to the update for download and install. You do want to check in Add/Remove and see if any of them have been installed, and try uninstalling just those that Belarc says are damaged etc.

After you get those that Belarc says need reinstalling,

I would visit Windows Updates and see if they offer any.

Is Automatic Updates on> check by opening the Security Center in your Control Panel. Even if it is set to get Automatic Updates, visit the site by using the Windows Update button from Start menu, or in Internet Explorer> Tools at top of browser window. See if you get any.

When you are done, run Belarc again, and see how it looks, each time you run the Advisor, it scans and gives the latest info.

Tip: When you have an IE page open, and open Belarc Advisor, it will use that page ( unless you have IE 7 and tabbed browsing)
so, when you close Belarc, it will close whatever you had open. It doesn't take too many times before you are wise to this!

If you do not have tabbed browsing, using IE 6, first open a new IE window, then run Belarc so when you close, it doesn't close a site you had that you need to keep open.


Thread Starter
Jan 21, 2007
under users slot on the belarcs.. local system accounts all have x's except ASPNET

SP3 has a x.. and try 2 install and it says not found..

and it says i have all updates when i do windows update\

system security status has a 2.50 out of 10... everything else is up to date

and on my stopzilla trial thing pops up i cant get rid of unless i register called

System Policies.DisableRegistryTools

says its a Hijacker

any suggestions bro? thanks alot


Gone but Never Forgotten
Jan 24, 2002
Hi, The user accounts with red "X" is OK, it means the security is OK, the guest account is turned off as it should be.

I am not sure why you do not have anything for SP3, mine with XP Home, has a lot of entries under SP3. Who knows?

Are you trying the Express Install when you do Windows Updates manually? If it says you are up to date, leave well enough alone.

What does the Security Center say for Automatic Updates, is it on or off?


Thread Starter
Jan 21, 2007
hey ya its turned on.. and what do u think i should do about that "hijacker" thing that pops up on stopzilla? any ideas? still cant figure out the xpob2ress.dll thing.. still freezes then restarts.. and for like 2 secs a screen pops up saying.. THIER IS A PROBLEM with alot more.. but doesnt give me time to read it all... this before it restarts .. takes me to a blue screen.. after waiting like 5 min being frozen... any ideas bro?


Gone but Never Forgotten
Jan 24, 2002
Hi. Let's have you try this:

Download the Malicious Software removal tool to your desktop.

To start the installation immediately, click Run. or...
To save the download to your computer for installation at a later time, click Save.

If your logon account does not have the required permissions, the tool exits. If the tool is not being run in quiet mode, it displays a dialog box that describes the failure.
• If the computer is not running a required operating system, the tool exits.
• If the tool is more than 60 days out-of-date, the tool displays a dialog box that recommends that you download the latest version of the tool.
If the prerequisites are met, the tool displays the EULA. For the tool to continue to run, you must accept the EULA.

After the EULA has been accepted, the user can select a type of scan to perform. Only users of the Download Center version of the tool will see this screen.
• A quick scan is the default scan type. Sometimes, if malicious software is found, the user may be prompted to perform a full scan also.

See if the Quick Scan tells you anything.

You will have to run the full scan if anythin is found, but I dont expect anything to be found.
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online