Thread: Dialogue box opens on start up?
View Single Post
Old 03-06-2006, 03:11 AM   #5 (permalink)
buckster1
Registered User
 
Join Date: Feb 2006
Posts: 7
OS: xp


results from startdreck
rsults from startdreck attached

StartDreck (build 2.1.7 public stable) - 2006-03-04 @ 07:51:18 (GMT +10:30)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Buck at STUDY

»Registry
»Run Keys
»Current User
»Run
»RunOnce
»Default User
»Run
*CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE
»RunOnce
*SRUUninstall="C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress
»Local Machine
»Run
*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
*NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
*WinFast Schedule=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
*zBrowser Launcher=C:\Program Files\Logitech\iTouch\iTouch.exe
*Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
*SoundMan=SOUNDMAN.EXE
*NVMixerTray=C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
*SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
*ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
*NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
*Easy-PrintToolBox=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
*PinnacleDriverCheck=C:\WINDOWS\system32\\PSDrvCheck.exe
*PDF Converter Registry Controller="C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\RegistryController.exe"
*CloneCDElbyCDFL="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\System32\mshta.exe "%1" %*
+.htm
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile="C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
»Browser Helper Objects (LM)
*BHO.HelperObject.1/{00C6482D-C502-44C8-8409-FCE54AD9C208}
`InprocServer32=C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHelper.dll
*{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
`InprocServer32=
*Nisbho.CNisExtBho.1/{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
`InprocServer32=C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
*Adobe.AcroIEToolbarHelper.1/{AE7CD045-E861-484f-8273-0445EE161910}
`InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
*Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872}
`InprocServer32=C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
»Internet Explorer
»Current User
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Bar=http://www.google.com/ie
*Search Page=http://www.google.com
*Start Page=http://www.aapt.com.au/
+SearchUrl
*provider=
*=http://www.google.com/keyword/%s
»Default User
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://www.google.com/ie
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\System32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\System32\stobject.dll
*UPnPMonitor={e57ce738-33e8-4c51-8354-bb4de9d215d1}
`InprocServer32=C:\WINDOWS\system32\upnpui.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Start Menu\Programs\Startup\desktop.ini
»Default User
*\data
*\Thumbs.db

<<< erronous data removed >>>

»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\autoexec.bat
`SET PATH=C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
*C:\WINDOWS\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
`lh %SystemRoot%\system32\nw16
`lh %SystemRoot%\system32\vwipxspx
*C:\WINDOWS\hosts
*C:\WINDOWS\system32\drivers\etc\hosts

<< Host Files entries removed >>

»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\notepad.exe
+C:\WINDOWS\system32\slrundll.exe
*C:\WINDOWS\slrundll.exe
+C:\WINDOWS\system32\taskman.exe
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+568=\SystemRoot\System32\smss.exe
+636=\??\C:\WINDOWS\system32\csrss.exe
+660=\??\C:\WINDOWS\system32\winlogon.exe
+704=C:\WINDOWS\system32\services.exe
+716=C:\WINDOWS\system32\lsass.exe
+880=C:\WINDOWS\system32\svchost.exe
+928=C:\WINDOWS\system32\svchost.exe
+992=C:\WINDOWS\System32\svchost.exe
+1048=C:\WINDOWS\System32\svchost.exe
+1092=C:\WINDOWS\System32\svchost.exe
+1224=C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
+1256=C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
+1268=C:\Program Files\Norton Internet Security\ISSVC.exe
+1284=C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
+1308=C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
+1332=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
+1792=C:\WINDOWS\system32\spoolsv.exe
+1936=C:\WINDOWS\Explorer.EXE
+260=C:\WINDOWS\System32\DVDRAMSV.exe
+352=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
+348=C:\Program Files\ewido anti-malware\ewidoctrl.exe
+400=C:\Program Files\Logitech\iTouch\iTouch.exe
+424=C:\WINDOWS\SOUNDMAN.EXE
+436=C:\Program Files\ewido anti-malware\ewidoguard.exe
+460=C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
+468=C:\Program Files\Common Files\Symantec Shared\ccApp.exe
+848=C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
+968=C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
+1396=C:\WINDOWS\system32\nvsvc32.exe
+1696=C:\WINDOWS\System32\svchost.exe
+1848=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
+1944=C:\WINDOWS\system32\wdfmgr.exe
+2336=C:\WINDOWS\system32\RAMASST.exe
+3252=C:\WINDOWS\System32\alg.exe
+2808=C:\Program Files\Ahead\Nero\nero.exe
+1920=C:\WINDOWS\System32\imapi.exe
+2752=C:\Program Files\Internet Explorer\iexplore.exe
+3828=C:\PROGRA~1\WINZIP\winzip32.exe
+3900=C:\Documents and Settings\buck\Local Settings\Temp\StartDreck.exe
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User
Attached Files
File Type: txt StartDreck.txt (485.6 KB, 3 views)
Last edited by sUBs; 03-14-2006 at 12:27 AM.
buckster1 is offline