Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Strange Registry Entries


  • Please log in to reply

#1
Tone Loc

Tone Loc

    Member

  • Member
  • PipPip
  • 31 posts
OK! I searched thru the registry & found an entry like this:

HKey_Current_User\Software\Microsoft\Search Assistant\ACMru\5603

There are 2 subkeys under this path:

One for Visual C++ & one for www.nfl.com

There values differ but I don't think these values even need be there in the registry. Are these created from the errors I'm receiving or have these been secretly placed there to cause my problem? If these are not legit then is it safe to delete this particular path? Thanks! :whistling:

Here's a HJT log just to be safe because this stuff appears to have been entered into the registry without my knowledge:


Logfile of HijackThis v1.99.1
Scan saved at 12:51:11 AM, on 9/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shavlik Technologies\NetChk\5.6.0.446\HfNetChkProService.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\ProPatches\Scheduler\stSchedEx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bluetack\ProtoWall\ProtoWall.exe
C:\WINDOWS\explorer.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://phoenixlabs.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1156646007062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1156645999625
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetChk Patch Service (NetChkPatch) - Unknown owner - C:\Program Files\Shavlik Technologies\NetChk\5.6.0.446\HfNetChkProService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Shavlik Remote Scheduler Service (Shavlik Scheduler) - Shavlik Technologies - C:\WINDOWS\ProPatches\Scheduler\stSchedEx.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Edited by Tone Loc, 02 September 2006 - 10:58 PM.

  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Hi Tone Loc,

Evidence Eliminator should get rid off the items under HKEY_Current_User\Software\Microsoft\Search Assistant\ACMru since they are usage trackers.

MRU stands for Most Recently Used.

Your HijackThis log looks clean enough.

One thing certainly worth trying is to Update Java and Clear the Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
Also:
1. Start Internet Explorer.
2. On the Tools menu, click Internet Options.
3. On the Advanced tab, click to select the Disable Script Debugging check box in the Browsing section.
4. Click OK, and then restart Windows.

Let me know if this helps.

Regards,
  • 0

#3
Tone Loc

Tone Loc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hi Tone Loc,

Evidence Eliminator should get rid off the items under HKEY_Current_User\Software\Microsoft\Search Assistant\ACMru since they are usage trackers.

MRU stands for Most Recently Used.

Your HijackThis log looks clean enough.

One thing certainly worth trying is to Update Java and Clear the Cache

  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.


































  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
Also:
1. Start Internet Explorer.
2. On the Tools menu, click Internet Options.
3. On the Advanced tab, click to select the Disable Script Debugging check box in the Browsing section.
4. Click OK, and then restart Windows.

Let me know if this helps.

Regards,


Tried the above steps & still getting the crashes from www.nfl.com website from both Firefox & IE. I know you probably didn't know my exact problem from to the original thread topic. I'm getting constant crashes from this one website only. What I noticed today was even when I try to visit some of the individual NFL team sites that's also crashing my browsers. Something is going on that's being run on these NFL sites to cause my crashes. What the crap could it be? I have a clean HJT & everything else runs really well. Not all NFL sites are crashing my browsers but some certainly are at this time. I mean what could cause the crashing of browsers from only NFL related sites? I can go to espn.com & cnn.com to view NFL material but if I go to the NFL website or even directly to certain team sites then the crash happens. It's almost like something has been installed onto the PC when I first attempted to go the NFL website after a fresh install of XP. Thanks & tell me either what to try next or where I can go to possibly correct this issue. Thanks again!
:whistling:
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Your browsers crash when you go to the main site?

It's easy enough to look at the code and see what's special about it.

Let me know if that is true and I will have a look at the sorce.

Regards,
  • 0

#5
Tone Loc

Tone Loc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Your browsers crash when you go to the main site?

It's easy enough to look at the code and see what's special about it.

Let me know if that is true and I will have a look at the sorce.

Regards,


Yes! Both IE & Firefox are crashing when just trying to visit the main site. Actually, with Firefox the main page from the NFL site loads up fine but when I try to click on absolutely anything(link) then that crashes Firefox. I don't know anything about where to find the codes for the virtual library & that's way out of my league but if you can point me in the right direction then I'll post something back for help. I've read via Google about the source codes but really that's too much for me. Thanks again! :whistling:
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Most of it is javascript.

Select the correct language here:
http://www.microsoft...EB-95A22B832CAA
follow the instruction to install the software.

If that doesn't help, can you try for me if you can see and use the Select boxes at my site:
http://www.pieter-arntz.info/

Regards,
  • 0

#7
Tone Loc

Tone Loc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Most of it is javascript.

Select the correct language here:
http://www.microsoft...EB-95A22B832CAA
follow the instruction to install the software.

If that doesn't help, can you try for me if you can see and use the Select boxes at my site:
http://www.pieter-arntz.info/

Regards,


Wow! What language is that from your site? Sorry, but not familar with Dutch I believe. What are you asking me to click from all those pull-down links? Forums? Windows Links? I don't know what to use mainly because I don't know the language. How do I get into using the JavaScript software that was installed? When it was installed I know the files were copied to the system folder but how do I use it for checking codes? Thanks!
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
It doesn't matter much which one you choose.
As long as you can see the drop down links and you can use them, javascript should work on your computer.

If you run the executable you downloaded from the Miscrosoft site, it will install the latest version of Windows Scipt Host on your computer. That often helps with this sort of problems.

Let me know if you did that successfully and if the NFL site now works for you.

Regards,
  • 0

#9
Tone Loc

Tone Loc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

It doesn't matter much which one you choose.
As long as you can see the drop down links and you can use them, javascript should work on your computer.

If you run the executable you downloaded from the Miscrosoft site, it will install the latest version of Windows Scipt Host on your computer. That often helps with this sort of problems.

Let me know if you did that successfully and if the NFL site now works for you.

Regards,


Installed javascript>rebooted! Still getting the crashes from both browsers. From Firefox now a total lockup when trying the NFL site. From IE I'm getting the virtual runtime error for explorer.exe as soon as the site tries to load. I've read more into javascript but that's like reading a foreign language to me. What's so aggravating is that before the fresh install of XP this site NEVER gave me any problems whatsoever. Thanks!

Edited by Tone Loc, 08 September 2006 - 07:11 AM.

  • 0

#10
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Did my site work for you or not?
  • 0

Advertisements


#11
Tone Loc

Tone Loc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Did my site work for you or not?


Yes! I tried several of the pull-down links & they all loaded up just fine. I even tried other links from within the pull-down links & those worked too. It's weird because no other sites seem to be giving me problems but the NFL website & those links to the team sites. What in the world could cause this behavior from my browsers? Thanks! :whistling:
  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Very strange indeed.

Can you go to this site by clicking the link?
  • 0

#13
Tone Loc

Tone Loc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Very strange indeed.

Can you go to this site by clicking the link?


When I use your link provided everything seems to work well from within the site. When I use this link http://www.nfl.com/ then that's where the problems start. This is the site where the NFL news is located. With your link I can navigate to team sites & other areas from within the site without any crashes. What's up with that? Thanks! :whistling:
  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
When you go back from the link that I posted to the main site, does your browser crash then?
Or only if you go there directly?
  • 0

#15
Tone Loc

Tone Loc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

When you go back from the link that I posted to the main site, does your browser crash then?
Or only if you go there directly?


I've had the main NFL site saved in my bookmarks/favorites with both Firefox & IE for quite some time now. I've been using that as the direct link to the site & not having to type the web address into the search bar. I'm gonna try & actually copy/paste your link into the search address bar to see what that does. I do know that if I use that saved bookmark/favorite then the crashes are still happening. However, with the link that you directly provided all the navigation from within that link works without any problems. Team sites,player search,etc. works without crashing my browsers. What might be causing that situation? Thanks! :whistling:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP