Failed to Attach Driver Kernel

Discussion in 'ProcessGuard' started by redwolfe_98, Dec 5, 2003.

Thread Status:
Not open for further replies.
  1. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    i get "failed to attach driver kernel, make sure pg is properly installed" every time i bootup. is everyone else having the same problem?
     
  2. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    What version of Process Guard?

    -Jason-
     
  3. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    i experienced it both with the free version of 1.1 and the full version.. (i never used the 1.0 version) PG still seems to run properly, as far as i can tell, despite that message.. (except for the major shutdown problem) if i disable processguard from startup, but not the other related process, i don't see the message. . my computer is pretty clean, not a lot of junk installed. i use kerio 2.15, trojan hunter, and etrust's ez av. it still happens when everything else is disabled.
     
  4. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    ok, i have 1.15 installed now. i am still getting that same message at bootup, "could not attach driver kernel". the program seems to be running properly, and my msinfo32 shows that the procguard.sys driver is running.. i have found that if procguard is disabled in msconfig/startup, then i don't get the message. here is the way things look in my msinfo32: procguard   procguard   \??\c:\windows\system32\drivers\procguard.sys   Kernel Driver   Yes   Auto   Running   OK   Normal   No   Yes-end... i am curious about the question marks at the beginning of the line.. does that indicate that something is wrong?..
    i am interested in knowing if this is a common problem that everyone else is also experiencing.
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Not here, I have had the non attach problem in the past but not with the latest builds.

    Try bootvis to see if that will optimize your start up as it is possibly a timing problem :)
    http://www.chip.de/downloads/c_downloads_8833486.html

    HTH Pilli
     
  6. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    yes phil. that is what i was thinking, too. the program seems to run ok, otherwise, and if i don't have procguard auto-starting, i don't get the message. it says at the top of the procguard window that "this program does not have to be running for you to be protected" (or something like that). so.. if it isn't necessary for procguard to be running, it doesn't need to autostart, and the program will still be protecting me.that would suit me fine, if that is right.
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    redwolfe_98.
    Yep, procguard.exe does not need to run once you hav enabled protection and completed your list.
    Procguard.sys will stay enabled until such a time as you alter the contents via procguard.exe.
    So in effect, once you have your list set it is "set it and forget it" :)
    You can aleays check that procguard.sys is woorking through Sys Indo, Environmental settings, drivers

    Still might be worth trying Bootvis to ensure your boot is set to the optimal.
     

    Attached Files:

  8. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    it is a conflict with the kerio 2.15 firewall.. i disabled it in msconfig/services, and then the message from procguard didn't pop up. that is what i thought was causing the problem.. i remember, when i first started using tiny's tpf, which is now kerio 2.15, their saying something about it working at a low level.. everything is back to normal now.. i can easily run procguard from start/all programs.
     
  9. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hm.. I've had a think about it and as much as I hope you DONT have a rootkit, there is a small chance. Either that or a low level driver which is doing something unusual.

    So.. can you tell us everything that is installed on the system ? I'll PM you my home email and take a look, please run ASViewer from Safe Mode and turn on the options to show drivers etc.

    http://www.diamondcs.com.au/index.php?page=asviewer
     
  10. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Redwolf_98, Take Gavin's advice as I run Kerio 2.1.5 & PG with not conflicts whatsoever on my laptop.
     
  11. fguest

    fguest Guest

    Gavin:

    I also experienced this problem. It did not occur on my real computer (Kerio 2.15 is running on it). It did occur on my clean VMWare machine. It did not occur on my clean VirtualPC 2004 machine.

    Maybe it's really a timing problem?

    Cheers.
     
  12. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    VMWare machine ? :D

    But thats not a real machine. Its emulator translation deficiencies. Rootkits and other patchers dont run under VMware either because its not a REAL OS and the patching they attempt isnt emulated.

    MS Virtual PC is the former Connectix Virtual PC and we are familiar with this :) Microsoft have a better knowledge of their own OS and emulation of the OS obviously, I am sure that theirs will become the best virtual machine. Im also sure we are going to be using this soon (read : everyone else will be too)

    I havent tried Virtual PC (Connectix) because there is no point testing low level device drivers on a virtual OS.. but it might be that THEY implemented the emulation better. But I still think its probably a matter of MS knowing their own OS better ? ;)
     
  13. gguest

    gguest Guest

    @Gavin I agree. But it seems that the problem has also occurred on a real computer (i.e., neither VMWare nor a rootkit seem to be the reason for the problem). Anyway, I just wanted to let you know that there is not only one but two persons who have experienced the same problem.

    Btw.: Does or will PG support the native NT API ?

    Cheers.
     
  14. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I downloaded 1.15 yesterday and this morning it did not connect. I have Windows XP Norton firewall ,NOD32,TDS3, AD-Aware,and Spy Bot S&D. Other than the not connect which I also had with 1.0 ,no problems.
     
  15. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I just wanted to add that I can't load TDS3 on boot either. So I have a program Boot Man and I don't let it start at boot . I double click on the short cut and start it. I guess I'll have to do the same thing with PG. Maybe NOD doesn't want them to start. I can live with it.
     
  16. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Looking at the few reports there might be timing issue, it wont be long before we isolate whatever is happening. Please ensure if you have the problem that you send as much info about your machine as possible along with an ASViewer log

    Has anyone tried not starting PG at boot or at least delaying it until last ?. If this works then you can add a shortcut to PG to the start menu "StartUp" which would confirm its a timing or other driver conflict.
     
  17. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Jason & Gavin, I have found that running Bootvis - Next boot + driver delays, this will show you graphically what is booting etc. Then use Bootviz Optimise system as this rearranges the boot area for optimal operation.

    New drivers such as the Windows update from MP8 to MP9 can also cause the PG not to attach correctly. (I found this out last night)

    So a timing error or more like a driver boot up execution race :)
     
  18. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Pilli ,as I stated in my previous post ,it doesn't want to attach at boot. No problems at all if I start it from the short cut. Here is my iamondCS Autostart Viewer (www.diamondcs.com.au) - Report for Lou Preto@LULU, 12-07-2003
    c:\windows\system32\autoexec.nt
    C:\WINDOWS\system32\mscdexnt.exe
    C:\WINDOWS\system32\redir.exe
    C:\WINDOWS\system32\dosx.exe
    c:\windows\system32\config.nt
    C:\WINDOWS\system32\himem.sys
    c:\windows\wininit.ini [rename]
    NULL=C:\WINDOWS\emu10k1f.sys
    NULL=C:\WINDOWS\2gmgsmt.sf2
    NULL=C:\WINDOWS\SYSTEM32\devldr16.exe
    NULL=C:\WINDOWS\SYSTEM32\ctwdm16.drv
    NULL=C:\WINDOWS\ctlface.sys
    NULL=C:\WINDOWS\sfman.sys
    NULL=C:\WINDOWS\eapci2m.ecw
    NULL=C:\WINDOWS\inf\other\oem30.inf
    NULL=C:\WINDOWS\inf\Creativeoem30.inf
    NULL=C:\WINDOWS\inf\other\Creativeoem30.inf
    c:\windows\system.ini [drivers]
    timer=timer.drv
    c:\windows\system.ini [boot]\shell
    C:\WINDOWS\Explorer.exe
    c:\windows\system.ini [boot]\scrnsave.exe
    C:\WINDOWS\System32\plusspac.scr
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
    C:\WINDOWS\Explorer.exe
    HKCU\Control Panel\Desktop\scrnsave.exe
    C:\WINDOWS\System32\plusspac.scr
    HKCR\htafile\shell\open\command\
    C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %*
    HKCR\vbsfile\shell\open\command\
    C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %*
    HKCR\vbefile\shell\open\command\
    C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %*
    HKCR\jsfile\shell\open\command\
    C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %*
    HKCR\jsefile\shell\open\command\
    C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %*
    HKCR\wshfile\shell\open\command\
    C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %*
    HKCR\wsffile\shell\open\command\
    C:\Program Files\Script Sentry\ScriptSentry.exe "%1" %*
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task
    C:\WINDOWS\System32\qttask.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon
    RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\iamapp
    C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HP Lamp
    C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\DellTouch
    C:\WINDOWS\DELLMMKB.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\BJCFD
    C:\Program Files\BellSouth\Client Foundation\CFD.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Tweak UI
    RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\nod32kui
    C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ScriptSentry
    C:\Program Files\Script Sentry\ScriptSentry.exe /check
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe
    C:\WINDOWS\System32\ctfmon.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    C:\WINDOWS\system32\SHELL32.dll
    C:\WINDOWS\system32\SHELL32.dll
    C:\WINDOWS\System32\webcheck.dll
    C:\WINDOWS\System32\stobject.dll
    C:\WINDOWS\Tasks\Symantec NetDetect.job
    C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    C:\Documents and Settings\Lou Preto\Start Menu\Programs\Startup\Cookie Pal.lnk
    C:\Program Files\CPal\CPal.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
    C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PageKeeper Jobs.lnk
    C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
    HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
    autocheck autochk *
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
    C:\WINDOWS\system32\userinit.exe
    HKLM\System\CurrentControlSet\Control\WOW\cmdline
    C:\WINDOWS\system32\ntvdm.exe
    HKLM\System\CurrentControlSet\Control\WOW\wowcmdline
    C:\WINDOWS\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
    C:\WINDOWS\system32\imon.dll
    C:\WINDOWS\system32\mswsock.dll
    C:\WINDOWS\system32\rsvpsp.dll
    HKLM\System\CurrentControlSet\Services\VxD\JAVASUP\
    C:\WINDOWS\system32\JAVASUP.VXD
    autostart
     
  19. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    OK Williamp, One thing I notice is that you do not have a procguard autostart entry? Or maybe I am missing it :) I have put a space around my AsViewer entry.

    DiamondCS Autostart Viewer (www.diamondcs.com.au) - Report for 127.0.0.1 12-07-2003
    c:\windows\system32\autoexec.nt
    C:\WINDOWS\system32\mscdexnt.exe
    C:\WINDOWS\system32\redir.exe
    C:\WINDOWS\system32\dosx.exe
    c:\windows\system32\config.nt
    C:\WINDOWS\system32\himem.sys
    c:\windows\wininit.ini [rename]
    NUL=C:\DOCUME~1\Alan\LOCALS~1\Temp\ginstall.dll
    c:\windows\system.ini [drivers]
    timer=timer.drv
    c:\windows\system.ini [boot]\shell
    C:\WINDOWS\Explorer.exe
    c:\windows\system.ini [boot]\scrnsave.exe
    C:\WINDOWS\System32\logon.scr
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
    C:\WINDOWS\Explorer.exe
    HKCU\Control Panel\Desktop\scrnsave.exe
    C:\WINDOWS\System32\logon.scr
    HKCR\vbsfile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\vbefile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\jsfile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\jsefile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\wshfile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\wsffile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon
    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\nwiz
    nwiz.exe /install
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SystemTray
    C:\WINDOWS\system32\SysTray.Exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\FmctrlTray
    C:\WINDOWS\system32\Fmctrl.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\AVPCC
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NeroCheck
    C:\WINDOWS\System32\NeroCheck.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\GhostStartTrayApp
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SmcService
    C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RCScheduleCheck
    C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ProcGuard_Startup
    C:\Program Files\ProcessGuard\procguard.exe
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE

    C:\WINDOWS\System32\ctfmon.exe
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\b9
    C:\Program Files\Firetrust\Benign\B9.exe /minimize
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MailWasher
    C:\PROGRA~1\MAILWA~1\MAILWA~1.EXE
    HKU\.Default\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE
    C:\WINDOWS\System32\CTFMON.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    C:\WINDOWS\system32\SHELL32.dll
    C:\WINDOWS\system32\SHELL32.dll
    C:\WINDOWS\System32\webcheck.dll
    C:\WINDOWS\System32\stobject.dll
    C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~AMD8 Alan.job
    C:\Program Files\Copernic Agent\CopernicAgent.exe
    C:\WINDOWS\Tasks\2 Copernic Daily ~AMD8 Alan.job
    C:\Program Files\Copernic Agent\CopernicAgent.exe
    C:\WINDOWS\Tasks\3 Copernic Weekly ~AMD8 Alan.job
    C:\Program Files\Copernic Agent\CopernicAgent.exe
    C:\WINDOWS\Tasks\4 Copernic Monthly ~AMD8 Alan.job
    C:\Program Files\Copernic Agent\CopernicAgent.exe
    C:\WINDOWS\Tasks\Scheduled Checkpoint.job
    C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE
    C:\Documents and Settings\Alan\Start Menu\Programs\Startup\SpywareGuard.lnk
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
    C:\Program Files\Microsoft Office\OFFICE10\ONENOTEM.EXE
    HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
    autocheck autochk *
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
    C:\WINDOWS\system32\userinit.exe
    HKLM\System\CurrentControlSet\Control\WOW\cmdline
    C:\WINDOWS\system32\ntvdm.exe
    HKLM\System\CurrentControlSet\Control\WOW\wowcmdline
    C:\WINDOWS\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
    C:\WINDOWS\System32\dcsws2.dll
    C:\WINDOWS\system32\mswsock.dll
    C:\WINDOWS\system32\rsvpsp.dll
    HKLM\System\CurrentControlSet\Services\VxD\JAVASUP\
    C:\WINDOWS\system32\JAVASUP.VXD
    HKLM\System\CurrentControlSet\Services\VxD\VGARTD\
    vgartd.vxd
     
  20. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I have a program called Start Man and have PG set up to not start at boot. I did that so I could start it after boot. Then I have no problems with it connecting.
     
  21. donsan709

    donsan709 Registered Member

    Joined:
    Jun 18, 2003
    Posts:
    54
    Location:
    dallas tx
    help poss problem with PG 1.150

    after installing the new version of PG which went very well i didn't think there would be any problems. I was very aware of the shut down problem with version 1.1 and from reading the post i thought this was fixed with 1.150.So this morning i figured i would do a restart just to check if all was working.There was no problem with the shut down but on the restart when the log into windows screen came up and i clicked to log in the computer went though another restart and a scan disk for fatal errors after that went back to log in screen and once again went though the same problem and after the third time everything went ok but ms reported a fatal error and ask if i would like to send which i didn't for the time being.My concern is what happens when you have updates where you need to restart your computer is this going to botch the update process?I like this program and want to keep it but not tech enough to deal with possible problems.system xp home dsl
     
  22. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hmm, Well at least Jason will have some AsViewer.txt's to peruse, hopefully others will also post.
     
  23. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Re:help poss problem with PG 1.150

    Hello & welcome donsan709,
    DCS are trying to ascertain start up problems at the moment, it would be a help if you could run Autostart Viewer available from here: http://www.diamondcs.com.au/index.php?page=asviewer
    Start the Asviewer and make sure that "Main - Show drivers" is enabled The save as asviewer.txt - cut & paste the results into your next post.

    Thank you. Pilli
     
  24. donsan709

    donsan709 Registered Member

    Joined:
    Jun 18, 2003
    Posts:
    54
    Location:
    dallas tx
    Re:help poss problem with PG 1.150

    DiamondCS Autostart Viewer (www.diamondcs.com.au) - Report for don zimmerman@DONRZMAN, 12-07-2003
    c:\windows\system32\autoexec.nt
    C:\WINDOWS\system32\mscdexnt.exe
    C:\WINDOWS\system32\redir.exe
    C:\WINDOWS\system32\dosx.exe
    c:\windows\system32\config.nt
    C:\WINDOWS\system32\himem.sys
    c:\windows\system.ini [drivers]
    timer=timer.drv
    c:\windows\system.ini [boot]\shell
    C:\WINDOWS\Explorer.exe
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
    C:\WINDOWS\Explorer.exe
    HKCR\vbsfile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\vbefile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\jsfile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\jsefile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\wshfile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKCR\wsffile\shell\open\command\
    C:\WINDOWS\System32\WScript.exe "%1" %*
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\CPQEASYACC
    C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WCOLOREAL
    C:\Program Files\COMPAQ\Coloreal\coloreal.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\srmclean
    C:\Cpqs\Scom\srmclean.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon
    RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\nwiz
    nwiz.exe /install
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCTVOICE
    C:\WINDOWS\system32\pctspk.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HPDJ Taskbar Utility
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Share-to-Web Namespace Daemon
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched
    C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\BOCleanautostart
    C:\PROGRA~1\NSClean\BOClean\BOClean.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ccApp
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Advanced Tools Check
    C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\YBrowser
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task
    C:\Program Files\QuickTime\qttask.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ProcGuard_Startup
    C:\Program Files\ProcessGuard\procguard.exe
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MsnMsgr
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe
    C:\WINDOWS\System32\ctfmon.exe
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Window Washer
    C:\Program Files\Webroot\Washer\wwDisp.exe
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Favorites
    C:\Program Files\Webroot\Mpf4\Mpf.exe /S
    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    C:\WINDOWS\system32\SHELL32.dll
    C:\WINDOWS\system32\SHELL32.dll
    C:\WINDOWS\System32\webcheck.dll
    C:\WINDOWS\System32\stobject.dll
    C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
    C:\PROGRA~1\NORTON~1\Navw32.exe
    C:\WINDOWS\Tasks\Registration reminder 1.job
    C:\WINDOWS\System32\OOBE\oobebaln.exe
    C:\WINDOWS\Tasks\Registration reminder 2.job
    C:\WINDOWS\System32\OOBE\oobebaln.exe
    C:\WINDOWS\Tasks\Registration reminder 3.job
    C:\WINDOWS\System32\OOBE\oobebaln.exe
    C:\WINDOWS\Tasks\Symantec NetDetect.job
    C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    C:\Documents and Settings\don zimmerman\Start Menu\Programs\Startup\MRU-Blaster Silent Clean.lnk
    C:\Program Files\MRU-Blaster\mrublaster.exe
    C:\Documents and Settings\don zimmerman\Start Menu\Programs\Startup\SpywareGuard.lnk
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    C:\Program Files\Microsoft Office\Office10\OSA.EXE
    HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
    autocheck autochk *
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
    C:\WINDOWS\system32\userinit.exe
    HKLM\System\CurrentControlSet\Control\WOW\cmdline
    C:\WINDOWS\system32\ntvdm.exe
    HKLM\System\CurrentControlSet\Control\WOW\wowcmdline
    C:\WINDOWS\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
    C:\WINDOWS\system32\mswsock.dll
    C:\WINDOWS\system32\rsvpsp.dll
    HKLM\System\CurrentControlSet\Services\VxD\JAVASUP\
    C:\WINDOWS\system32\JAVASUP.VXD
     
  25. donsan709

    donsan709 Registered Member

    Joined:
    Jun 18, 2003
    Posts:
    54
    Location:
    dallas tx
    Re:help poss problem with PG 1.150

    I hope this is what you were asking for.
     
Thread Status:
Not open for further replies.