Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hklm Or Hkcu Question


  • Please log in to reply
5 replies to this topic

#1 AlwaysMaple

AlwaysMaple

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Scotland
  • Local time:03:22 AM

Posted 09 June 2007 - 04:41 PM

Having used Autoruns on my Acer Laptop I have come across 50 HKey_Local_Machine entries with no programs attached.
I've googled it but not found any reliable source to help, only lots of programs to sort out my HKLMs.
Any suggestions or is this a reasonable find?
Any software suggestions to clean would also be useful.

Did find this however, so big Kudos!
logonui.exe X detected by Ewido as Backdoor.SdBot.aad.


Maple

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,675 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:22 PM

Posted 09 June 2007 - 10:40 PM

Can you save your results and post them as a reply. It is strange to have 50 run entries with no programs.

#3 AlwaysMaple

AlwaysMaple
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Scotland
  • Local time:03:22 AM

Posted 10 June 2007 - 06:29 AM

Have had to save file and send via Messenger to my 'clean' PC as this is from my Acer Aspire 5100 using Autorun

I've run CCleaner and tried twice to repair the installation of my AVG7.5 via support instructions but ... :thumbsup:
Oh it's scanning but I'm not sure that it's alright as the installation didn't complete as anticipated.
Keeping the wireless OFF at the moment.


HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Acer ePresentation HPD AcerePre Application c:\acer\empowering technology\epresentation\epresentation.exe
+ ATICCC c:\program files\ati technologies\ati.ace\clistart.exe
+ AVG7_CC AVG Control Center (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgcc.exe
+ AzMixerSel Azalia Mixer Selector (Not verified) Realtek Semiconductor Corp. c:\program files\realtek\installshield\azmixersel.exe
+ Boot c:\acer\empowering technology\epower\boot.exe
+ ePower_DMC Acer ePower Management DMC c:\acer\empowering technology\epower\epower_dmc.exe
+ eRecoveryService eRecovery agent (Not verified) Acer Inc. c:\acer\empowering technology\erecovery\eragent.exe
+ LManager Acer Launch Manager Keyboard Application (Not verified) Dritek System Inc. c:\program files\launch manager\lmanager.exe
+ NeroFilterCheck NeroCheck (Not verified) Ahead Software Gmbh c:\windows\system32\nerocheck.exe
+ ntiMUI c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntimui.exe
+ QuickTime Task (Not verified) Apple Computer, Inc. c:\program files\quicktime\qttask.exe
+ RealTray RealPlayer (Not verified) RealNetworks, Inc. c:\program files\real\realplayer\realplay.exe
+ RTHDCPL Realtek HD Audio Control Panel (Not verified) Realtek Semiconductor Corp. c:\windows\rthdcpl.exe
+ SunJavaUpdateSched Java™ Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre1.6.0_01\bin\jusched.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
+ Acer Empowering Technology.lnk Acer Empowering Techonology Framework Launcher (Not verified) Acer Inc. c:\acer\empowering

technology\acer.empowering.framework.launcher.exe
+ Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher (Not verified) Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0

\reader\reader_sl.exe
C:\Documents and Settings\jakki temp\Desktop\Startup
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Classes\Protocols\Filter
+ application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ n/a Microsoft .NET IE SECURITY REGISTRATION (Not verified) Microsoft Corporation c:\windows\system32\mscories.dll
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ AVG7 Find Extension AVG Shell Extension (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgse.dll
+ AVG7 Shell Extension AVG Shell Extension (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgse.dll
+ Catalyst Context Menu extension ACE Context Menu c:\program files\ati technologies\ati.ace\atiacmxx.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ EPM-PO Shell Extension EPM-PO DLL (Not verified) Acer Labs USA c:\windows\system32\epm-po.dll
+ Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ Shell Icon Handler for Application References Application Deployment Support Library (Not verified) Microsoft Corporation c:\windows\system32

\dfshim.dll
+ ShellLink for Application References Application Deployment Support Library (Not verified) Microsoft Corporation c:\windows\system32\dfshim.dll
+ SnagIt SnagIt Add-in for Internet Explorer (Verified) TechSmith Corporation c:\program files\techsmith\snagit 8\snagitieaddin.dll
+ SnagIt Shell Extension SnagIt Shell Extension DLL (Verified) TechSmith Corporation c:\program files\techsmith\snagit 8

\snagitshellext.dll
HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
HKCU\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 7.0 for ActiveX (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 7.0

\activex\acroiehelper.dll
+ SnagIt Toolbar Loader SnagIt Browser Helper Object for Internet Explorer (Verified) TechSmith Corporation c:\program files\techsmith\snagit 8

\snagitbho.dll
+ SSVHelper Class Java™ Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre1.6.0_01\bin\ssv.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ snagitieaddin.dll SnagIt Add-in for Internet Explorer (Verified) TechSmith Corporation c:\program files\techsmith\snagit 8\snagitieaddin.dll
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
Task Scheduler
HKLM\System\CurrentControlSet\Services
+ AcerMemUsageCheckService Monitor memory usage and provide the ability to release unused memory. (Not verified) Acer Inc. c:\acer\empowering

technology\eperformance\memcheck.exe
+ Avg7Alrt AVG Alert Manager (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgamsvr.exe
+ Avg7UpdSvc AVG Update Service (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgupsvc.exe
+ AvgCoreSvc AVG Resident Shield Service (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgrssvc.exe
+ AVGEMS AVG E-Mail Scanner (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgemc.exe
+ AVGFwSrv AVG Firewall Service (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgfwsrv.exe
+ LightScribeService Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application

Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work. (Not verified) Hewlett-Packard Company c:\program

files\common files\lightscribe\lssrvc.exe
+ spupdsvc Enables File not found: C:\WINDOWS\system32\spupdsvc.exe
HKLM\System\CurrentControlSet\Services
+ AvgClean AVG7 Clean Driver (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avgclean.sys
+ AvgTdi AVG Network connection watcher (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avgtdi.sys
+ DritekPortIO General Port I/O (Not verified) Dritek System Inc. c:\program files\launch manager\dportio.sys
+ int15 c:\windows\system32\drivers\int15.sys
+ NTIDrvr NTI CD-ROM Filter Driver (Not verified) NewTech Infosystems, Inc. c:\windows\system32\drivers\ntidrvr.sys
+ Secdrv SafeDisc driver (Not verified) Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32

\drivers\secdrv.sys
+ tvicport TVicPort Driver for Windows NT/2000/XP (Not verified) EnTech Taiwan c:\windows\system32\drivers\tvicport.sys
+ wanatw File not found: system32\DRIVERS\wanatw4.sys
+ zntport zntport (Not verified) Zeal SoftStudio c:\windows\system32\drivers\zntport.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\Software\Microsoft\Command Processor\Autorun
HKCU\Software\Microsoft\Command Processor\Autorun
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
+ pushow65.dll File not found: pushow65.dll
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
+ advapi32 Advanced Windows 32 Base API (Not verified) Microsoft Corporation c:\windows\system32\advapi32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
+ logonui.exe Windows Logon UI (Not verified) Microsoft Corporation c:\windows\system32\logonui.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ avgwlntf AVG Winlogon Notify Library (Not verified) GRISOFT, s.r.o. c:\windows\system32\avgwlntf.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKCU\Control Panel\Desktop\Scrnsave.exe
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ Grisoft Firewall AFU over [MSAFD Tcpip [RAW/IP]] AVG Firewall Filter Unit (Not verified) GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll
+ Grisoft Firewall AFU over [MSAFD Tcpip [TCP/IP]] AVG Firewall Filter Unit (Not verified) GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll
+ Grisoft Firewall AFU over [MSAFD Tcpip [UDP/IP]] AVG Firewall Filter Unit (Not verified) GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll
+ Grisoft Firewall AFU over [RSVP TCP Service Provider] AVG Firewall Filter Unit (Not verified) GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll
+ Grisoft Firewall AFU over [RSVP UDP Service Provider] AVG Firewall Filter Unit (Not verified) GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll
+ MSAFD Irda [IrDA] Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{5B969422-05E9-4E23-A915-9EABBE3E4008}] DATAGRAM 4 Microsoft Windows Sockets 2.0 Service Provider (Not verified)

Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{5B969422-05E9-4E23-A915-9EABBE3E4008}] SEQPACKET 4 Microsoft Windows Sockets 2.0 Service Provider (Not

verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{69A8FCC9-FA44-456E-B9AC-F53025AC6351}] DATAGRAM 5 Microsoft Windows Sockets 2.0 Service Provider (Not verified)

Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{69A8FCC9-FA44-456E-B9AC-F53025AC6351}] SEQPACKET 5 Microsoft Windows Sockets 2.0 Service Provider (Not

verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{7CE42D1D-5504-43C5-A9AF-A26EB3DBD9A8}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider (Not verified)

Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{7CE42D1D-5504-43C5-A9AF-A26EB3DBD9A8}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider (Not

verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{AC80FEFF-A3F5-46FB-800C-0BDC9DD99572}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider (Not verified)

Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{AC80FEFF-A3F5-46FB-800C-0BDC9DD99572}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider (Not

verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B48C683E-C513-46D4-AFDA-9E9A8B39B1C9}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider (Not verified)

Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B48C683E-C513-46D4-AFDA-9E9A8B39B1C9}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider (Not

verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E1B0F2A7-C721-44A2-A943-1408D8E0A19C}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider (Not verified)

Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E1B0F2A7-C721-44A2-A943-1408D8E0A19C}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider (Not

verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider (Not verified) Microsoft Corporation c:\windows\system32\mswsock.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,675 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:22 PM

Posted 10 June 2007 - 07:50 AM

Other than what appears to be a remnant of advertismen you seem to be ok.

Click on start, settings, control panel and double-click on add/remove programs. From with add/remove program uninstall the following if they exist:

advertismen

#5 AlwaysMaple

AlwaysMaple
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Scotland
  • Local time:03:22 AM

Posted 10 June 2007 - 08:28 AM

Will try that thanx but just for the record I downloaded RegistryBooster and it found 248 invalid entries :thumbsup:

Backed up and realised that I had lost the screen that said repair soooo... rescanned and it now found 250 :flowers:

Getting out the credit card yet again!

Maple

#6 AlwaysMaple

AlwaysMaple
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Scotland
  • Local time:03:22 AM

Posted 10 June 2007 - 08:35 AM

No advertismen found.

Just registered that program and rescanned and am back to 248 errors. Think it's time for a coffee again.

Thanx for the input.

Maple




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users