Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Plz read having problems [RESOLVED]


  • This topic is locked This topic is locked

#1
Reyman

Reyman

    Member

  • Member
  • PipPip
  • 15 posts
im having some weird problems plz read my log.......ty for the time

Logfile of HijackThis v1.99.1
Scan saved at 7:40:11 PM, on 6/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Documents and Settings\reinaldo\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DME] C:\Program Files\Zero Knowledge\DM\DownloadManagerR.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  • 0

Advertisements


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Reyman,

Welcome to Geeks to Go !!!!

U have probably taken the HJT log while you were in Safe Mode. In the safe mode, only the minimum system files are loaded and therefore the infection is not clearly evident.

Please do the following -

1. Run an Online Scan on your PC (details in my signature - please visit any one of them).

2. While you are in Normal Mode, Run Hijack This, Scan and then post a HJT log here.
  • 0

#3
Reyman

Reyman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
well ty for your help


i wasn't in safe when i took the log but anyways to be sure again here it is(i did all kinds of scans ad-aware,the one in ur sig etc,if the log is wrong again then im doing something wrong ) :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 6:00:57 PM, on 6/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\LVComS.exe
C:\Documents and Settings\reinaldo\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DME] C:\Program Files\Zero Knowledge\DM\DownloadManagerR.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Edited by Reyman, 11 June 2005 - 04:04 PM.

  • 0

#4
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Reyman,

Your log looks basically clear !!! Wondering what you were doing at PCpitstop website !!! ANyway can you tell me about the problems you may be having ??

You can fix the following -

Run Hijack This. Click on Scan after closing all other windows. Check the boxes next to the following items and click on Fix Checked -

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

  • 0

#5
Reyman

Reyman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ok ty again.im gona fix what u told me........so everythings clear good
well my problem is that i can't turn on the windows update i tried doing the regedit.exe thing (i dont remember)

PS whats wrong with pcpitsop...... i wont do it again :tazz:

Edited by Reyman, 11 June 2005 - 07:02 PM.

  • 0

#6
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hey Reyman,

Didnt say anything was wrong with PCpitstop !!!!! Just asking.

Did you have any recent history of infection ?? This may give me some clues of what is interfering with your Windows Update.

Anyway let me check and get back on what u would need to do to get Windows Update

:tazz:
  • 0

#7
Reyman

Reyman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
tha last problem i had was the flashing desktop.....that flashing think dint let me open norton antivirus......dint let me open microsoft anti-spyware......i resolved that going to display properties->custimize desktop->web then delete what was in the list
and ty again for the help :tazz:
  • 0

#8
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hey Reyman,

All I can say if oh la la !!!!


Download this file rkfiles.zip. Unzip the files.

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

While in safemode go to the folder you unzipped rkfiles to and run rkfiles.bat. It will take a long time and it will make a log log.txt. Reboot into normal mode and post that log here in a reply.

That should help us in resolving the issues
  • 0

#9
Reyman

Reyman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
k heres the log(hope i did ut right) ty :tazz:

C:\Documents and Settings\reinaldo\Desktop\rkfiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\SYSTEM32\atgffaaa.exe: UPX!
C:\WINDOWS\SYSTEM32\fmod.dll: UPX!
C:\WINDOWS\SYSTEM32\in10b6.dll: UPX!
C:\WINDOWS\SYSTEM32\vlhuaaaa.exe: UPX!
C:\WINDOWS\SYSTEM32\DFRG.MSC: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\SYSTEM32\DivX.dll: PEC2

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\daemon.dll: UPX!
Finished
bye
  • 0

#10
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Reyman,

looks like we have some unwanted stuff on your PC. Lets take care of them.

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*In the field labeled Full Path of File to Delete enter the file paths listed below ONE AT A TIME (EXACTLY as it appears, please double check to make sure!):

C:\WINDOWS\SYSTEM32\atgffaaa.exe
C:\WINDOWS\SYSTEM32\in10b6.dll
C:\WINDOWS\SYSTEM32\vlhuaaaa.exe


Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered, press the YES button at both prompts so that your computer restarts. If you receive a message and your computer does not restart automatically, please restart it manually.

Please try the Windows Update now and let me know if it works.
  • 0

Advertisements


#11
Reyman

Reyman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
hey tampabelle

still cant turn on my windows update but thanks for the big help.
my last optiom would be reformatting my computer? :tazz:
  • 0

#12
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Reyman,

Lets check the registry settings and make sure that everything is fine.

Lets make sure of these 2 things -
1. You have administrative rights on the PC
2. You have already tried to set up the automatic updates. (right click on My Compouter and then CLick on Properties. In the pop-up window click on Automatic Updates tab. The setting should be at Automatic

Copy the text in bold into a text file in Notepad and save the file as Updatestatus.bat (make sure that Save as Type is set as All Types) -

regedit /e peek.txt "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\WindowsUpdate\AU"
regedit /e peek2.txt "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU"
regedit /e peek3.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate"
regedit /e peek4.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate"
regedit /e peek5.txt "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile"
regedit /e peek6.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile"
regedit /e peek7.txt "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile"
regedit /e peek8.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile"
regedit /e peek9.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy"
regedit /e peek10.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore"
regedit /e peek11.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore"
type peek.txt>>look.txt
type peek2.txt>>look.txt
type peek3.txt>>look.txt
type peek4.txt>>look.txt
type peek5.txt>>look.txt
type peek6.txt>>look.txt
type peek7.txt>>look.txt
type peek8.txt>>look.txt
type peek9.txt>>look.txt
type peek10.txt>>look.txt
type peek11.txt>>look.txt
del peek*.txt

start notepad look.txt


Post the look.txt here for review
  • 0

#13
Reyman

Reyman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
hello

here:
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\\Program Files\\Call of Duty\\CoDMP.exe"="C:\\Program Files\\Call of Duty\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\WINDOWS\\kdx\\khost.exe"="C:\\WINDOWS\\kdx\\khost.exe:*:Enabled:Secure Delivery Plug-In"
"C:\\Program Files\\netomat\\netomat.exe"="C:\\Program Files\\netomat\\netomat.exe:*:Enabled:netomat"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Doom 3\\Doom3.exe"="C:\\Program Files\\Doom 3\\Doom3.exe:*:Enabled:Doom 3"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Paltalk\\paltalk.exe"="C:\\Program Files\\Paltalk\\paltalk.exe:*:Enabled:PalTalk for Windows"
"C:\\Program Files\\Dell\\Support\\Alert\\bin\\AlertView.exe"="C:\\Program Files\\Dell\\Support\\Alert\\bin\\AlertView.exe:*:Enabled:A l e r t s"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\eXeem\\eXeem.exe"="C:\\Program Files\\eXeem\\eXeem.exe:*:Enabled:eXeem"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Steam-Down\\Steamengine.exe"="C:\\Program Files\\Steam-Down\\Steamengine.exe:*:Enabled:Steamengine"
"C:\\Program Files\\Steam-Down\\Steam.exe"="C:\\Program Files\\Steam-Down\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Steam-Down\\Steam-Down.exe"="C:\\Program Files\\Steam-Down\\Steam-Down.exe:*:Enabled:Steam-Down"
"C:\\Program Files\\Steam-Down\\SteamApps\\mcrey\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Steam-Down\\SteamApps\\mcrey\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam-Down\\SteamApps\\mcrey\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam-Down\\SteamApps\\mcrey\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\sysreset\\mirc.exe"="C:\\sysreset\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\UT2004Demo\\System\\UT2004.exe"="C:\\UT2004Demo\\System\\UT2004.exe:*:Enabled:UT2004"
"C:\\Program Files\\Kazaa Lite\\kazaa.core"="C:\\Program Files\\Kazaa Lite\\kazaa.core:*:Enabled:Kazaa"
"C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe:*:Enabled:Battlefield 2"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]
"AllowInboundEchoRequest"=dword:00000000

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000000
"RestoreSafeModeStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{B37680B2-BA0A-4E5D-BF30-83E44C588624}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\SnapshotCallbacks]
@=""
  • 0

#14
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Reyman,

Can you delete Look.txt and then run the batch file again ?? and post the text file here.

Can you confirm that the Automatic updates are turned on and that u have administrative rights on this PC through your current profile??
  • 0

#15
Reyman

Reyman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
hello and yes its on but in the window secutity center says is not :tazz:
here

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=dword:00000000
"DoNotAllowExceptions"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"cnbjimdm.exe"="cnbjimdm.exe:*:enabled:Client Media"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DisableNotifications"=dword:00000000
"DoNotAllowExceptions"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\\Program Files\\Call of Duty\\CoDMP.exe"="C:\\Program Files\\Call of Duty\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\WINDOWS\\kdx\\khost.exe"="C:\\WINDOWS\\kdx\\khost.exe:*:Enabled:Secure Delivery Plug-In"
"C:\\Program Files\\netomat\\netomat.exe"="C:\\Program Files\\netomat\\netomat.exe:*:Enabled:netomat"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Doom 3\\Doom3.exe"="C:\\Program Files\\Doom 3\\Doom3.exe:*:Enabled:Doom 3"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Paltalk\\paltalk.exe"="C:\\Program Files\\Paltalk\\paltalk.exe:*:Enabled:PalTalk for Windows"
"C:\\Program Files\\Dell\\Support\\Alert\\bin\\AlertView.exe"="C:\\Program Files\\Dell\\Support\\Alert\\bin\\AlertView.exe:*:Enabled:A l e r t s"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\eXeem\\eXeem.exe"="C:\\Program Files\\eXeem\\eXeem.exe:*:Enabled:eXeem"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Steam-Down\\Steamengine.exe"="C:\\Program Files\\Steam-Down\\Steamengine.exe:*:Enabled:Steamengine"
"C:\\Program Files\\Steam-Down\\Steam.exe"="C:\\Program Files\\Steam-Down\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Steam-Down\\Steam-Down.exe"="C:\\Program Files\\Steam-Down\\Steam-Down.exe:*:Enabled:Steam-Down"
"C:\\Program Files\\Steam-Down\\SteamApps\\mcrey\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Steam-Down\\SteamApps\\mcrey\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam-Down\\SteamApps\\mcrey\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam-Down\\SteamApps\\mcrey\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\sysreset\\mirc.exe"="C:\\sysreset\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\UT2004Demo\\System\\UT2004.exe"="C:\\UT2004Demo\\System\\UT2004.exe:*:Enabled:UT2004"
"C:\\Program Files\\Kazaa Lite\\kazaa.core"="C:\\Program Files\\Kazaa Lite\\kazaa.core:*:Enabled:Kazaa"
"C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe:*:Enabled:Battlefield 2"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]
"AllowInboundEchoRequest"=dword:00000000

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"CreateFirstRunRp"=dword:00000001
"DSMin"=dword:000000c8
"DSMax"=dword:00000190
"RPSessionInterval"=dword:00000000
"RPGlobalInterval"=dword:00015180
"RPLifeInterval"=dword:0076a700
"CompressionBurst"=dword:0000003c
"TimerInterval"=dword:00000078
"DiskPercent"=dword:0000000c
"ThawInterval"=dword:00000384
"RestoreDiskSpaceError"=dword:00000000
"RestoreStatus"=dword:00000000
"RestoreSafeModeStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Cfg]
"DiskPercent"=dword:0000000c
"MachineGuid"="{B37680B2-BA0A-4E5D-BF30-83E44C588624}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\SnapshotCallbacks]
@=""
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP