1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

cant add programs to startup in "Registry\All Users\Run"

Discussion in 'Windows XP' started by ranasrule, 2006/06/23.

  1. 2006/06/23
    ranasrule

    ranasrule Inactive Thread Starter

    Joined:
    2006/06/23
    Messages:
    2
    Likes Received:
    0
    have no idea whats going on....whenever windows starts up the programs that i set to autorun in "Registry\All Users\Run" disappear but those in the startup folder remain there and run fine....i can add them but when i reboot my PC and check if the entry is there it no longer is....i have no idea whats goin on....iam logged in as adiministrator....please i need help.here is a copy of my HIJAKTHIS log if it helps

    Logfile of HijackThis v1.99.1
    Scan saved at 6:14:59 PM, on 6/23/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5346.0005)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\winsersec.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\sdaemon.exe
    C:\WINDOWS\winwd.exe
    D:\Program Files\Eset\nod32kui.exe
    D:\Program Files\TV-FM Tuner Player\TvPanel.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    D:\Program Files\Samurize\Client.exe
    d:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    d:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    D:\Program Files\firefox\firefox.exe
    C:\Program Files\osk.exe
    D:\Program Files\TuneUp Utilities 2006\StartUpManager.exe
    C:\WINDOWS\system32\taskmgr.exe
    D:\Program Files\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.128.11:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [SDaemon] C:\WINDOWS\sdaemon.exe
    O4 - HKLM\..\Run: [SWd] C:\WINDOWS\winwd.exe
    O4 - Startup: Client Default.lnk = D:\Program Files\Samurize\Client.exe
    O4 - Startup: YzDock.lnk = D:\Program Files\yz-dock\YzDock.exe
    O4 - Global Startup: Control Panel.lnk = D:\Program Files\TV-FM Tuner Player\TvPanel.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0787.00.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.0.0787.00.dll
    O20 - AppInit_DLLs: ????????????????????
    Ã?u:u:???????????????????:?C????
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - d:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - d:\Program Files\Eset\nod32krn.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    O23 - Service: winser - Unknown owner - C:\WINDOWS\system32\winsersec.exe
     
    ranasrule,
    #1
  2. 2006/06/23
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    ranasrule - Welcome to the Board :)

    I see a couple of items in your log which are suspicious ....

    C:\Program Files\osk.exe - this is adware You should delete this from C:\Program Files\

    O20 - AppInit_DLLs: ????????????????????
    Ã?u:u:???????????????????:?C???? this is very suspicious.

    Please download the trial version of Ewido. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu ". Once installed please update it by clicking on the Update button. Do not run it yet.

    Boot into Safe Mode and log onto your usual account.
    Run Ewido ....

    Click on Scanner and select a 'Complete System Scan'.
    If anything is found during scanning you will be prompted to clean the files.
    Select "Remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" and then click on OK

    Once the scan has completed save the report to a known location.

    Stay in Safe Mode and Scan with HJT and place a check mark against this entry and click on Fix selected ....

    O20 - AppInit_DLLs: ????????????????????
    Ã?u:u:???????????????????:?C????


    Boot into normal mode, scan again with HJT and post the Ewido and HJT logs here.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2006/06/23
    ranasrule

    ranasrule Inactive Thread Starter

    Joined:
    2006/06/23
    Messages:
    2
    Likes Received:
    0
    thanks for ur reply....osk.exe is the on screen keyboard that comes with windows....i accidently del4eted it so i got it from a friend and put it in c\program files....i run the software u mentioned and post back soon...thanks again
     
    ranasrule,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...