Board index » Windows Vista » Think something is wrong with registry...

Windows Vista16
Not sure what is going on but I have been having some strange thing

occuring with-in my Vista system. 1st thing is when I open Interne

Explorer it asks me to install add-ons which I click no and it stil

acts normal. Here is a post of what Hijackthis found, not tha

comfortable yet with Vista to do editing without others confirming wha

needs to go...



Thanks in advance for any insight and here is the copy of my log...





Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:54:28 PM, on 2/21/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 'Liv

Search' (go.microsoft.com/fwlink/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page

'MSN.com' (go.microsoft.com/fwlink/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

'MSN.com' (go.microsoft.com/fwlink/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_UR

= 'Live Search' (go.microsoft.com/fwlink/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 'Liv

Search' (go.microsoft.com/fwlink/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page

'MSN.com' (go.microsoft.com/fwlink/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Interne

Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderNam

=

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Commo

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program File

(x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analo

Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program File

(x86)\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.ex

oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Policies\Explorer\Run: [System Patcher] BTCPatcher.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program File

(x86)\Java\jre1.6.0_03\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLaunche

Control)

www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class)

www.adobe.com/products/acrobat/nos/gp.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknow

owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner

C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner

C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Servic

(LightScribeService) - Hewlett-Packard Company - C:\Program File

(x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner

C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon)

Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner -

C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner -

C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300

(ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file

missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) -

Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown

owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown

owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) -

Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) -

Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program

Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program

Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) -

Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown

owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown

owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv)

- Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101

(WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media

Player\wmpnetwk.exe (file missing)

--

End of file - 5489 bytes





--

brad72


-

brad72 wrote:

Oops. You're a beta tester?



Alias

-

brad72 wrote:



(snip HJT log)



We don't analyze HijackThis logs here in the MS newsgroups. It takes a great

deal of time and expertise to work with HJT logs and there are privacy

issues as well. You will not get the attention you need here.



Register at one of the specialty forums listed below in no particular order

to get guided help with your issue:



aumha.org/downloads/hijackthis.zip" >aumha.org/downloads/hijackthis.zip

www.aumha.org/a/hjttutor.htm" >www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn

www.bleepingcomputer.com/forums/index.php >www.bleepingcomputer.com/forums/index.php - another

tutorial

aumha.net/" >aumha.net/ - Click on the HijackThis forum. Read the announcement and

the stickies *first*.

www.atribune.org/forums/index.php >www.atribune.org/forums/index.php

aumha.net/viewforum.php >aumha.net/viewforum.php

www.bleepingcomputer.com/forums/forum22.html" >www.bleepingcomputer.com/forums/forum22.html

castlecops.com/forum67.html" >castlecops.com/forum67.html

www.dslreports.com/forum/cleanup" >www.dslreports.com/forum/cleanup

www.cybertechhelp.com/forums/forumdisplay.php >www.cybertechhelp.com/forums/forumdisplay.php

www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html" >www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html



Malke

--

MS-MVP

Elephant Boy Computers

www.elephantboycomputers.com

Don't Panic!

-

The homepage you are trying to access whenever IE opens probably has an

activeX control or some such that it asks you to load. Either don't visit

that page (change homepage) or install the control if you trust the location

or continue to decline it. What you describe is not necessarily a registry

issue.





"brad72" <brad72.355db0@no-mx.forums.net>wrote in message

-

Thanks for your reply I will look into a few of these links you

sent....Thanks for the links...





--

brad72

-

Alias wrote:

Oops you're an idiot!

Frank

-

"Alias" <iamalias@removethisgmail.com>wrote in message

Oops - You Are An Idiot - Just FYI





-

Kevpan815@nospam.hotmale.com wrote:



No, dimwit, idiots capitalize every word in a sentence. Just FYI.



Cheers.



--

The three Rs of Microsoft support: Retry, Reboot, Reinstall.



Proprietary Software: a 20th Century software business model.



Q: What OS is built for lusers?

A: Which one requires running lusermgr.msc to create them?



Frank, hard at work on his Vista computer all day:

redwing.hutman.net/~mreed/warriorshtm/compost.htm" >redwing.hutman.net/~mreed/warriorshtm/compost.htm



-