Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RegisterClassObjects failed and Run-time error 462

Started by ab torch , Oct 25 2006 12:38 PM

  • Please log in to reply

#31
Metallica
Posted 03 November 2006 - 04:38 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
A theme consists of customized buttons, taskbar etc.

Your log showed you are using this one:
http://www.softpedia...for-WinXP.shtml

The default theme for XP is called Luna
  • 0

Advertisements

#32
ab torch
Posted 03 November 2006 - 12:33 PM

ab torch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Metallica,

Oh Ok...sorry now i know what u were talking about

I changed my theme a couple of times but none of them worked after we did all of the changes...after that i went to my current theme, which i guess would be the royale theme. since that was my current theme it had always worked before i the problems had arised. thanks

shane
  • 0

#33
Metallica
Posted 03 November 2006 - 01:20 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
If you still have the installation file (or whatever it takes to apply that theme) can you re-run that?

I'm thinking maybe one of the files it requires was damaged/removed by the malware or the malware removers.

Let me know,
  • 0

#34
ab torch
Posted 03 November 2006 - 01:55 PM

ab torch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
i reinstalled the royale theme and rebooted but nothing seemed to change

shane
  • 0

#35
Metallica
Posted 03 November 2006 - 02:25 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
It was worth a shot. :whistling:

Download and run SecCheck from here:
http://www.mynetwatchman.com/tools/sc/

Please post the results back here for further analysis.

Regards,
  • 0

#36
ab torch
Posted 03 November 2006 - 02:39 PM

ab torch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
hey metallica,

when i ran a log never showed up, by any chace would you know where that log would have been sent to...oh also this might help you my search device doesn't work.

thanks

shane
  • 0

#37
Metallica
Posted 03 November 2006 - 03:22 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Hi Shane,

Did you read the instructions at that site?

You have to grant the program internet access (if your firewall asks)
and the results will show up at the site.

Follow the instructions under:
SecCheckUI DOS
if that didn't work.
  • 0

#38
ab torch
Posted 03 November 2006 - 03:30 PM

ab torch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
hey metallica,

This is the log that i got

Friday, November 03, 2006 9:29:35 PM UTC / Friday, November 03, 2006 1:29:35 PM Pacific Standard Time
Operating System: WinNT Version 5.1.2600 "Service Pack 2", Type 0x01, Suite 0x0100, "2600.xpsp_sp2_gdr.050301-1519" == "Windows XP Media Center Edition 2005 Service Pack 2 (Build 2600)"
System Name: "AB-TORCH"
Last shutdown recorded in Registry: 11/3/2006 8:13:27 PM UTC
Install Date recorded in Registry: 7/29/2006 6:00:49 PM
Total physical RAM reported by system: 1014 MB

Token SIDs: (9)
S-1-5-21-2587470936-4272241011-934700550-1005 = 0x00000000
S-1-5-21-2587470936-4272241011-934700550-513 = 0x00000007 = Mandatory+Default+Enabled
S-1-1-0 = 0x00000007 = Mandatory+Default+Enabled
S-1-5-32-544 = 0x0000000f = Mandatory+Default+Enabled+Owner
S-1-5-32-545 = 0x00000007 = Mandatory+Default+Enabled
S-1-5-4 = 0x00000007 = Mandatory+Default+Enabled
S-1-5-11 = 0x00000007 = Mandatory+Default+Enabled
S-1-5-5-0-63412 = 0xc0000007 = Mandatory+Default+Enabled+Logon ID
S-1-2-0 = 0x00000007 = Mandatory+Default+Enabled

Token privileges: (20)
SeChangeNotifyPrivilege = 0x00000003 = Default+Enabled
SeSecurityPrivilege = 0x00000000
SeBackupPrivilege = 0x00000002 = Enabled
SeRestorePrivilege = 0x00000002 = Enabled
SeSystemtimePrivilege = 0x00000000
SeShutdownPrivilege = 0x00000000
SeRemoteShutdownPrivilege = 0x00000000
SeTakeOwnershipPrivilege = 0x00000000
SeDebugPrivilege = 0x00000002 = Enabled
SeSystemEnvironmentPrivilege = 0x00000000
SeSystemProfilePrivilege = 0x00000000
SeProfileSingleProcessPrivilege = 0x00000000
SeIncreaseBasePriorityPrivilege = 0x00000000
SeLoadDriverPrivilege = 0x00000002 = Enabled
SeCreatePagefilePrivilege = 0x00000000
SeIncreaseQuotaPrivilege = 0x00000000
SeUndockPrivilege = 0x00000002 = Enabled
SeManageVolumePrivilege = 0x00000000
SeImpersonatePrivilege = 0x00000003 = Default+Enabled
SeCreateGlobalPrivilege = 0x00000003 = Default+Enabled

TCP table (9):
PID 4 0.0.0.0:445 LISTENING System System
PID 1452 0.0.0.0:3260 LISTENING StarWindService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PID 1452 0.0.0.0:3261 LISTENING StarWindService.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PID 1204 0.0.0.0:7501 LISTENING raysat_3dsmax8server.exe C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
PID 432 127.0.0.1:4664 LISTENING GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PID 4 192.168.1.100:139 LISTENING System System
PID 236 192.168.1.100:1648 66.110.201.18:80 ESTABLISHED IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 0 192.168.1.100:1645 66.110.201.18:80 TIME_WAIT
PID 0 192.168.1.100:1646 66.110.201.18:80 TIME_WAIT

UDP table (11):
PID 1244 0.0.0.0:1029 RPCRT4.dll C:\WINDOWS\system32\RPCRT4.dll
PID 1244 0.0.0.0:1433 RPCRT4.dll C:\WINDOWS\system32\RPCRT4.dll
PID 1244 0.0.0.0:1164 RPCRT4.dll C:\WINDOWS\system32\RPCRT4.dll
PID 4 0.0.0.0:445 System System
PID 1244 0.0.0.0:1432 RPCRT4.dll C:\WINDOWS\system32\RPCRT4.dll
PID 1556 127.0.0.1:1028 IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 236 127.0.0.1:1626 IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1136 127.0.0.1:123 ntdll.dll C:\WINDOWS\system32\ntdll.dll
PID 1136 192.168.1.100:123 kernel32.dll C:\WINDOWS\system32\kernel32.dll
PID 4 192.168.1.100:137 System System
PID 4 192.168.1.100:138 System System

Process List (41):
PID 4: System
PID 164 [AB-TORCH\Shane Sternstein]: '"C:\Program Files\WinZip\WZQKPICK.EXE" '
PID 236 [AB-TORCH\Shane Sternstein]: '"C:\Program Files\Internet Explorer\IEXPLORE.EXE" '
PID 432 [AB-TORCH\Shane Sternstein]: C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PID 460 [AB-TORCH\Shane Sternstein]: C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
PID 516 [AB-TORCH\Shane Sternstein]: C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
PID 612 [AB-TORCH\Shane Sternstein]: '"C:\Documents and Settings\Shane Sternstein\Desktop\hjt\seccheckui.exe" '
PID 716 [NT AUTHORITY\SYSTEM]: '"C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe"'
PID 736 [NT AUTHORITY\SYSTEM]: '\SystemRoot\System32\smss.exe'
PID 764 [NT AUTHORITY\SYSTEM]: 'C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe'
PID 784 [NT AUTHORITY\SYSTEM]: 'C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh'
PID 792 [NT AUTHORITY\SYSTEM]: '"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"'
PID 812 [NT AUTHORITY\SYSTEM]: \??\C:\WINDOWS\system32\winlogon.exe
PID 860 [NT AUTHORITY\SYSTEM]: 'C:\WINDOWS\system32\services.exe'
PID 872 [NT AUTHORITY\SYSTEM]: 'C:\WINDOWS\system32\lsass.exe'
PID 1136 [NT AUTHORITY\SYSTEM]: 'C:\WINDOWS\System32\svchost.exe -k netsvcs'
PID 1152 [AB-TORCH\Shane Sternstein]: '"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Documents and Settings\Shane Sternstein\Desktop\hjt\uninstall_list.txt'
PID 1156 [NT AUTHORITY\SYSTEM]: '"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"'
PID 1204 [NT AUTHORITY\SYSTEM]: '"C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe"'
PID 1244 [NT AUTHORITY\NETWORK SERVICE]: 'C:\WINDOWS\system32\svchost.exe -k NetworkService'
PID 1288 [NT AUTHORITY\SYSTEM]: '"C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe" -sVAIO_VEDB'
PID 1324 [NT AUTHORITY\SYSTEM]: '"C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe"'
PID 1328 [NT AUTHORITY\LOCAL SERVICE]: 'C:\WINDOWS\system32\svchost.exe -k LocalService'
PID 1344 [AB-TORCH\Shane Sternstein]: '"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Documents and Settings\Shane Sternstein\Desktop\uninstall_list.txt'
PID 1452 [NT AUTHORITY\SYSTEM]: '"C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe"'
PID 1476 [NT AUTHORITY\SYSTEM]: '"C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe"'
PID 1556 [AB-TORCH\Shane Sternstein]: '"C:\Program Files\Internet Explorer\IEXPLORE.EXE" '
PID 1584 [AB-TORCH\Shane Sternstein]: 'C:\WINDOWS\Explorer.EXE'
PID 1756 [AB-TORCH\Shane Sternstein]: '"C:\WINDOWS\AGRSMMSG.exe" '
PID 1772 [AB-TORCH\Shane Sternstein]: '"C:\WINDOWS\ehome\ehtray.exe" '
PID 1820 [AB-TORCH\Shane Sternstein]: '"C:\WINDOWS\SOUNDMAN.EXE" '
PID 1852 [AB-TORCH\Shane Sternstein]: '"C:\WINDOWS\system32\igfxtray.exe" '
PID 1860 [AB-TORCH\Shane Sternstein]: '"C:\WINDOWS\system32\hkcmd.exe" '
PID 1920 [AB-TORCH\Shane Sternstein]: '"C:\Program Files\NetPumper\NetPumperIEProxy.exe" '
PID 1932 [AB-TORCH\Shane Sternstein]: '"C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER'
PID 1940 [AB-TORCH\Shane Sternstein]: '"C:\Program Files\QuickTime\qttask.exe" -atboottime'
PID 1968 [AB-TORCH\Shane Sternstein]: '"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup'
PID 2004 [AB-TORCH\Shane Sternstein]: '"C:\Program Files\America Online 9.0\aoltray.exe" -check'
PID 2016 [AB-TORCH\Shane Sternstein]: '"C:\Program Files\AOL Companion\companion.exe" /s'
PID 2032 [AB-TORCH\Shane Sternstein]: '"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" '
PID 2040 [AB-TORCH\Shane Sternstein]: '"C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe" /n'

Services running on local machine (21):
PID 716: AdobeActiveFileMonitor = "Adobe Active File Monitor" [Running/Automatic] / "C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe"
PID 764: AOL ACS = "AOL Connectivity Service" [Running/Automatic] / "C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe"
PID 792: Autodesk Licensing Service = "Autodesk Licensing Service" [Running/Automatic] / ""C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe""
PID 1156: AVG Anti-Spyware Guard = "AVG Anti-Spyware Guard" [Running/Automatic] / "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"
PID 1136: Dhcp = "DHCP Client" [Running/Automatic] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\dhcpcsvc.dll"
PID 1244: Dnscache = "DNS Client" [Running/Automatic] / "C:\WINDOWS\system32\svchost.exe -k NetworkService" --> "%SystemRoot%\System32\dnsrslvr.dll"
PID 860: Eventlog = "Event Log" [Running/Automatic] / "C:\WINDOWS\system32\services.exe"
PID 1136: lanmanserver = "Server" [Running/Automatic] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\srvsvc.dll"
PID 1136: lanmanworkstation = "Workstation" [Running/Automatic] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\wkssvc.dll"
PID 1328: LmHosts = "TCP/IP NetBIOS Helper" [Running/Automatic] / "C:\WINDOWS\system32\svchost.exe -k LocalService" --> "%SystemRoot%\System32\lmhsvc.dll"
PID 1204: mi-raysat_3dsmax8 = "RaySat_3dsmax8 Server" [Running/Automatic] / ""C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe""
PID 1288: MSSQL$VAIO_VEDB = "MSSQL$VAIO_VEDB" [Running/Automatic] / "C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB"
PID 1136: Nla = "Network Location Awareness (NLA)" [Running/Manual] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\mswsock.dll"
PID 1324: PhotoshopElementsDeviceConnect = "Photoshop Elements Device Connect" [Running/Automatic] / "C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe"
PID 860: PlugPlay = "Plug and Play" [Running/Automatic] / "C:\WINDOWS\system32\services.exe"
PID 1136: seclogon = "Secondary Logon" [Running/Automatic] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\seclogon.dll"
PID 1476: SonicStageMonitoring = "SonicStageMonitoring" [Running/Automatic] / "C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe"
PID 1452: StarWindService = "StarWind iSCSI Service" [Running/Automatic] / "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe"
PID 1136: Themes = "Themes" [Running/Automatic] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\shsvcs.dll"
PID 1136: W32Time = "Windows Time" [Running/Automatic] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "C:\WINDOWS\system32\w32time.dll"
PID 1328: WebClient = "WebClient" [Stop pending/Automatic] / "C:\WINDOWS\system32\svchost.exe -k LocalService" --> "%SystemRoot%\System32\webclnt.dll"

Other services registered on local machine (108):
Adobe LM Service = "Adobe LM Service" [Stopped/Manual] / ""C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe""
Alerter = "Alerter" [Stopped/Disabled] / "C:\WINDOWS\system32\svchost.exe -k LocalService" --> "%SystemRoot%\system32\alrsvc.dll"
ALG = "Application Layer Gateway Service" [Stopped/Manual] / "C:\WINDOWS\System32\alg.exe"
AppMgmt = "Application Management" [Stopped/Manual] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\appmgmts.dll"
aspnet_state = "ASP.NET State Service" [Stopped/Manual] / "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe"
Ati HotKey Poller = "Ati HotKey Poller" [Stopped/Automatic] / "C:\WINDOWS\system32\Ati2evxx.exe"
AudioSrv = "Windows Audio" [Stopped/Automatic] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\audiosrv.dll"
Automatic LiveUpdate Scheduler = "Automatic LiveUpdate Scheduler" [Stopped/Automatic] / ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe""
BITS = "Background Intelligent Transfer Service" [Stopped/Manual] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "C:\WINDOWS\system32\qmgr.dll"
Browser = "Computer Browser" [Stopped/Automatic] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\browser.dll"
ccEvtMgr = "Symantec Event Manager" [Stopped/Automatic] / ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe""
ccProxy = "Symantec Network Proxy" [Stopped/Automatic] / ""C:\Program Files\Common Files\Symantec Shared\ccProxy.exe""
ccPwdSvc = "Symantec Password Validation" [Stopped/Manual] / ""C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe""
ccSetMgr = "Symantec Settings Manager" [Stopped/Automatic] / ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe""
CiSvc = "Indexing Service" [Stopped/Manual] / "C:\WINDOWS\system32\cisvc.exe"
ClipSrv = "ClipBook" [Stopped/Disabled] / "C:\WINDOWS\system32\clipsrv.exe"
COMSysApp = "COM+ System Application" [Stopped/Manual] / "C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
CryptSvc = "Cryptographic Services" [Stopped/Automatic] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\cryptsvc.dll"
DcomLaunch = "DCOM Server Process Launcher" [Stopped/Automatic] / "C:\WINDOWS\system32\svchost -k DcomLaunch" --> "%SystemRoot%\system32\rpcss.dll"
dmadmin = "Logical Disk Manager Administrative Service" [Stopped/Manual] / "C:\WINDOWS\System32\dmadmin.exe /com"
dmserver = "Logical Disk Manager" [Stopped/Automatic] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\dmserver.dll"
ehRecvr = "Media Center Receiver Service" [Stopped/Automatic] / "C:\WINDOWS\eHome\ehRecvr.exe"
ehSched = "Media Center Scheduler Service" [Stopped/Automatic] / "C:\WINDOWS\eHome\ehSched.exe"
ERSvc = "Error Reporting Service" [Stopped/Automatic] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\ersvc.dll"
EventSystem = "COM+ Event System" [Stopped/Manual] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "C:\WINDOWS\system32\es.dll"
FastUserSwitchingCompatibility = "Fast User Switching Compatibility" [Stopped/Manual] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\shsvcs.dll"
helpsvc = "Help and Support" [Stopped/Automatic] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
HidServ = "Human Interface Device Access" [Stopped/Disabled] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\hidserv.dll"
HTTPFilter = "HTTP SSL" [Stopped/Manual] / "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" --> "%SystemRoot%\System32\w3ssl.dll"
IDriverT = "InstallDriver Table Manager" [Stopped/Manual] / ""C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe""
Image Converter video recording monitor for VAIO Entertainment = "Image Converter video recording monitor for VAIO Entertainment" [Stopped/Manual] / "C:\Program Files\Sony\Image Converter 2\IcVzMon.exe"
ImapiService = "IMAPI CD-Burning COM Service" [Stopped/Manual] / "C:\WINDOWS\system32\imapi.exe"
iPod Service = "iPod Service" [Stopped/Manual] / ""C:\Program Files\iPod\bin\iPodService.exe""
ISSVC = "ISSVC" [Stopped/Automatic] / ""C:\Program Files\Norton Internet Security\ISSVC.exe""
LiveUpdate = "LiveUpdate" [Stopped/Manual] / ""C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE""
Messenger = "Messenger" [Stopped/Disabled] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\msgsvc.dll"
MHN = "MHN" [Stopped/Manual] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\mhn.dll"
mnmsrvc = "NetMeeting Remote Desktop Sharing" [Stopped/Manual] / "C:\WINDOWS\system32\mnmsrvc.exe"
MSCSPTISRV = "MSCSPTISRV" [Stopped/Manual] / ""C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe""
MSDTC = "Distributed Transaction Coordinator" [Stopped/Manual] / "C:\WINDOWS\system32\msdtc.exe"
MSIServer = "Windows Installer" [Stopped/Manual] / "C:\WINDOWS\system32\msiexec.exe /V"
MSSQLServerADHelper = "MSSQLServerADHelper" [Stopped/Manual] / "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe"
navapsvc = "Norton AntiVirus Auto-Protect Service" [Stopped/Automatic] / ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe""
NetDDE = "Network DDE" [Stopped/Disabled] / "C:\WINDOWS\system32\netdde.exe"
NetDDEdsdm = "Network DDE DSDM" [Stopped/Disabled] / "C:\WINDOWS\system32\netdde.exe"
Netlogon = "Net Logon" [Stopped/Manual] / "C:\WINDOWS\system32\lsass.exe"
Netman = "Network Connections" [Stopped/Manual] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\netman.dll"
NtLmSsp = "NT LM Security Support Provider" [Stopped/Manual] / "C:\WINDOWS\system32\lsass.exe"
NtmsSvc = "Removable Storage" [Stopped/Manual] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "%SystemRoot%\system32\ntmssvc.dll"
PACSPTISVR = "PACSPTISVR" [Stopped/Manual] / ""C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe""
Pml Driver HPZ12 = "Pml Driver HPZ12" [Stopped/Manual] / "C:\WINDOWS\system32\HPZipm12.exe"
PolicyAgent = "IPSEC Services" [Stopped/Automatic] / "C:\WINDOWS\system32\lsass.exe"
ProtectedStorage = "Protected Storage" [Stopped/Automatic] / "C:\WINDOWS\system32\lsass.exe"
RasAuto = "Remote Access Auto Connection Manager" [Stopped/Manual] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\rasauto.dll"
RasMan = "Remote Access Connection Manager" [Stopped/Manual] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\rasmans.dll"
RDSessMgr = "Remote Desktop Help Session Manager" [Stopped/Manual] / "C:\WINDOWS\system32\sessmgr.exe"
RemoteAccess = "Routing and Remote Access" [Stopped/Disabled] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\mprdim.dll"
RemoteRegistry = "Remote Registry" [Stopped/Automatic] / "C:\WINDOWS\system32\svchost.exe -k LocalService" --> "%SystemRoot%\system32\regsvc.dll"
RpcLocator = "Remote Procedure Call (RPC) Locator" [Stopped/Manual] / "C:\WINDOWS\system32\locator.exe"
RpcSs = "Remote Procedure Call (RPC)" [Stopped/Automatic] / "C:\WINDOWS\system32\svchost -k rpcss" --> "%SystemRoot%\system32\rpcss.dll"
RSVP = "QoS RSVP" [Stopped/Manual] / "C:\WINDOWS\system32\rsvp.exe"
SamSs = "Security Accounts Manager" [Stopped/Automatic] / "C:\WINDOWS\system32\lsass.exe"
SAVScan = "SAVScan" [Stopped/Manual] / ""C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe""
SBService = "ScriptBlocking Service" [Stopped/Automatic] / "C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe"
SCardSvr = "Smart Card" [Stopped/Manual] / "C:\WINDOWS\System32\SCardSvr.exe"
Schedule = "Task Scheduler" [Stopped/Automatic] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "%SystemRoot%\system32\schedsvc.dll"
SENS = "System Event Notification" [Stopped/Automatic] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "%SystemRoot%\system32\sens.dll"
SharedAccess = "Windows Firewall/Internet Connection Sharing (ICS)" [Stopped/Automatic] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\ipnathlp.dll"
ShellHWDetection = "Shell Hardware Detection" [Stopped/Automatic] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\shsvcs.dll"
SNDSrvc = "Symantec Network Drivers Service" [Stopped/Automatic] / ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe""
Sony TV Tuner Controller = "Sony TV Tuner Controller" [Stopped/Manual] / "C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe"
Sony TV Tuner Manager = "Sony TV Tuner Manager" [Stopped/Manual] / "C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe"
Sony TVTA Manager = "Sony TVTA Manager" [Stopped/Automatic] / "C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe"
SPBBCSvc = "Symantec SPBBCSvc" [Stopped/Automatic] / ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe""
Spooler = "Print Spooler" [Stopped/Automatic] / "C:\WINDOWS\system32\spoolsv.exe"
SPTISRV = "Sony SPTI Service" [Stopped/Manual] / ""C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe""
SQLAgent$VAIO_VEDB = "SQLAgent$VAIO_VEDB" [Stopped/Manual] / "C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB"
srservice = "System Restore Service" [Stopped/Automatic] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "C:\WINDOWS\system32\srsvc.dll"
SSDPSRV = "SSDP Discovery Service" [Stopped/Manual] / "C:\WINDOWS\system32\svchost.exe -k LocalService" --> "%SystemRoot%\System32\ssdpsrv.dll"
SSScsiSV = "SonicStage SCSI Service" [Stopped/Manual] / "C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe"
stisvc = "Windows Image Acquisition (WIA)" [Stopped/Automatic] / "C:\WINDOWS\system32\svchost.exe -k imgsvc" --> "%SystemRoot%\system32\wiaservc.dll"
SwPrv = "MS Software Shadow Copy Provider" [Stopped/Manual] / "C:\WINDOWS\system32\dllhost.exe /Processid:{40950331-C6A8-4EA0-BC47-5C7D22165D21}"
SysmonLog = "Performance Logs and Alerts" [Stopped/Manual] / "C:\WINDOWS\system32\smlogsvc.exe"
TapiSrv = "Telephony" [Stopped/Manual] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\tapisrv.dll"
TermService = "Terminal Services" [Stopped/Manual] / "C:\WINDOWS\System32\svchost -k DComLaunch" --> "%SystemRoot%\System32\termsrv.dll"
TlntSvr = "Telnet" [Stopped/Disabled] / "C:\WINDOWS\system32\tlntsvr.exe"
TrkWks = "Distributed Link Tracking Client" [Stopped/Automatic] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "%SystemRoot%\system32\trkwks.dll"
UMWdf = "Windows User Mode Driver Framework" [Stopped/Manual] / "C:\WINDOWS\system32\wdfmgr.exe"
upnphost = "Universal Plug and Play Device Host" [Stopped/Manual] / "C:\WINDOWS\system32\svchost.exe -k LocalService" --> "%SystemRoot%\System32\upnphost.dll"
UPS = "Uninterruptible Power Supply" [Stopped/Manual] / "C:\WINDOWS\System32\ups.exe"
usprserv = "User Privilege Service" [Stopped/Manual] / "C:\WINDOWS\System32\svchost.exe -k netsvcs"
VAIO Entertainment TV Device Arbitration Service = "VAIO Entertainment TV Device Arbitration Service" [Stopped/Manual] / ""C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe""
VAIOMediaPlatform-IntegratedServer-AppServer = "VAIO Media Integrated Server" [Stopped/Manual] / "C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe"
VAIOMediaPlatform-IntegratedServer-HTTP = "VAIO Media Integrated Server (HTTP)" [Stopped/Manual] / ""C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP""
VAIOMediaPlatform-IntegratedServer-UPnP = "VAIO Media Integrated Server (UPnP)" [Stopped/Manual] / "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe"
VAIOMediaPlatform-Mobile-Gateway = "VAIO Media Gateway Server" [Stopped/Manual] / ""C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server""
Vcsw = "VAIO Entertainment UPnP Client Adapter" [Stopped/Manual] / "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM"
VSS = "Volume Shadow Copy" [Stopped/Manual] / "C:\WINDOWS\System32\vssvc.exe"
VzCdbSvc = "VAIO Entertainment Database Service" [Stopped/Automatic] / ""C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe""
VzFw = "VAIO Entertainment File Import Service" [Stopped/Automatic] / "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe"
winmgmt = "Windows Management Instrumentation" [Stopped/Automatic] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "%SystemRoot%\system32\wbem\WMIsvc.dll"
WmdmPmSN = "Portable Media Serial Number Service" [Stopped/Manual] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "C:\WINDOWS\system32\mspmsnsv.dll"
Wmi = "Windows Management Instrumentation Driver Extensions" [Stopped/Manual] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\advapi32.dll"
WmiApSrv = "WMI Performance Adapter" [Stopped/Manual] / "C:\WINDOWS\system32\wbem\wmiapsrv.exe"
wscsvc = "Security Center" [Stopped/Automatic] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "%SYSTEMROOT%\system32\wscsvc.dll"
wuauserv = "Automatic Updates" [Stopped/Automatic] / "C:\WINDOWS\system32\svchost.exe -k netsvcs" --> "C:\WINDOWS\system32\wuauserv.dll"
WZCSVC = "Wireless Zero Configuration" [Stopped/Automatic] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\wzcsvc.dll"
xmlprov = "Network Provisioning Service" [Stopped/Manual] / "C:\WINDOWS\System32\svchost.exe -k netsvcs" --> "%SystemRoot%\System32\xmlprov.dll"

Drivers running on local machine (101):
ACPI = "Microsoft ACPI Driver" [Running/Boot] / "\SystemRoot\system32\DRIVERS\ACPI.sys"
AFD = "AFD" [Running/System] / "\SystemRoot\System32\drivers\afd.sys"
AgereSoftModem = "Agere Systems Soft Modem" [Running/Manual] / "system32\DRIVERS\AGRSM.sys"
Arp1394 = "1394 ARP Client Protocol" [Running/Manual] / "system32\DRIVERS\arp1394.sys"
ASCTRM = "ASCTRM" [Running/Automatic] / ""
atapi = "Standard IDE/ESDI Hard Disk Controller" [Running/Boot] / "\SystemRoot\system32\DRIVERS\atapi.sys"
audstub = "Audio Stub Driver" [Running/Manual] / "system32\DRIVERS\audstub.sys"
AvgAsCln = "AVG Anti-Spyware Clean Driver" [Running/System] / "System32\DRIVERS\AvgAsCln.sys"
Beep = "Beep" [Running/System] / ""
Cdfs = "Cdfs" [Running/Disabled] / ""
Cdrom = "CD-ROM Driver" [Running/System] / "system32\DRIVERS\cdrom.sys"
Disk = "Disk Driver" [Running/Boot] / "\SystemRoot\system32\DRIVERS\disk.sys"
DMICall = "Sony DMI Call service" [Running/System] / "system32\DRIVERS\DMICall.sys"
dmio = "Logical Disk Manager Driver" [Running/Boot] / "\SystemRoot\System32\drivers\dmio.sys"
dmload = "dmload" [Running/Boot] / "\SystemRoot\System32\drivers\dmload.sys"
E100B = "Intel® PRO Adapter Driver" [Running/Manual] / "system32\DRIVERS\e100b325.sys"
Fastfat = "Fastfat" [Running/Disabled] / ""
Fips = "Fips" [Running/System] / ""
FltMgr = "FltMgr" [Running/Boot] / "\SystemRoot\system32\DRIVERS\fltMgr.sys"
Ftdisk = "Volume Manager Driver" [Running/Boot] / "\SystemRoot\system32\DRIVERS\ftdisk.sys"
GEARAspiWDM = "GEARAspiWDM" [Running/Manual] / "System32\Drivers\GEARAspiWDM.sys"
Gpc = "Generic Packet Classifier" [Running/Manual] / "system32\DRIVERS\msgpc.sys"
HDAudBus = "Microsoft UAA Bus Driver for High Definition Audio" [Running/Manual] / "system32\DRIVERS\HDAudBus.sys"
HidUsb = "Microsoft HID Class Driver" [Running/Manual] / "system32\DRIVERS\hidusb.sys"
i8042prt = "i8042 Keyboard and PS/2 Mouse Port Driver" [Running/System] / "system32\DRIVERS\i8042prt.sys"
ialm = "ialm" [Running/Manual] / "system32\DRIVERS\ialmnt5.sys"
Imapi = "CD-Burning Filter Driver" [Running/System] / "system32\DRIVERS\imapi.sys"
IntcAzAudAddService = "Service for Realtek HD Audio (WDM)" [Running/Manual] / "system32\drivers\RtkHDAud.sys"
IntelIde = "IntelIde" [Running/Boot] / "\SystemRoot\system32\DRIVERS\intelide.sys"
intelppm = "Intel Processor Driver" [Running/System] / "system32\DRIVERS\intelppm.sys"
IpNat = "IP Network Address Translator" [Running/Manual] / "system32\DRIVERS\ipnat.sys"
IPSec = "IPSEC driver" [Running/System] / "system32\DRIVERS\ipsec.sys"
isapnp = "PnP ISA/EISA Bus Driver" [Running/Boot] / "\SystemRoot\system32\DRIVERS\isapnp.sys"
Kbdclass = "Keyboard Class Driver" [Running/System] / "system32\DRIVERS\kbdclass.sys"
KSecDD = "KSecDD" [Running/Boot] / ""
mnmdd = "mnmdd" [Running/System] / ""
Modem = "Modem" [Running/Manual] / ""
MODEMCSA = "Unimodem Streaming Filter Device" [Running/Manual] / "system32\drivers\MODEMCSA.sys"
Mouclass = "Mouse Class Driver" [Running/System] / "system32\DRIVERS\mouclass.sys"
mouhid = "Mouse HID Driver" [Running/Manual] / "system32\DRIVERS\mouhid.sys"
MountMgr = "MountMgr" [Running/Boot] / ""
MRxDAV = "WebDav Client Redirector" [Running/Manual] / "system32\DRIVERS\mrxdav.sys"
MRxSmb = "MRxSmb" [Running/System] / "system32\DRIVERS\mrxsmb.sys"
Msfs = "Msfs" [Running/System] / ""
mssmbios = "Microsoft System Management BIOS Driver" [Running/Manual] / "system32\DRIVERS\mssmbios.sys"
Mup = "Mup" [Running/Boot] / ""
NDIS = "NDIS System Driver" [Running/Boot] / ""
NdisTapi = "Remote Access NDIS TAPI Driver" [Running/Manual] / "system32\DRIVERS\ndistapi.sys"
Ndisuio = "NDIS Usermode I/O Protocol" [Running/Manual] / "system32\DRIVERS\ndisuio.sys"
NdisWan = "Remote Access NDIS WAN Driver" [Running/Manual] / "system32\DRIVERS\ndiswan.sys"
NDProxy = "NDIS Proxy" [Running/Manual] / ""
NetBIOS = "NetBIOS Interface" [Running/System] / "system32\DRIVERS\netbios.sys"
NetBT = "NetBios over Tcpip" [Running/System] / "system32\DRIVERS\netbt.sys"
NIC1394 = "1394 Net Driver" [Running/Manual] / "system32\DRIVERS\nic1394.sys"
Npfs = "Npfs" [Running/System] / ""
NPPTNT2 = "NPPTNT2" [Running/System] / "\??\C:\WINDOWS\system32\npptNT2.sys"
Ntfs = "Ntfs" [Running/Disabled] / ""
Null = "Null" [Running/System] / ""
ohci1394 = "OHCI Compliant IEEE 1394 Host Controller" [Running/Boot] / "\SystemRoot\system32\DRIVERS\ohci1394.sys"
Parport = "Parallel port driver" [Running/Manual] / "system32\DRIVERS\parport.sys"
PartMgr = "PartMgr" [Running/Boot] / ""
PCI = "PCI Bus Driver" [Running/Boot] / "\SystemRoot\system32\DRIVERS\pci.sys"
PCIIde = "PCIIde" [Running/Boot] / "\SystemRoot\system32\DRIVERS\pciide.sys"
PptpMiniport = "WAN Miniport (PPTP)" [Running/Manual] / "system32\DRIVERS\raspptp.sys"
PSched = "QoS Packet Scheduler" [Running/Manual] / "system32\DRIVERS\psched.sys"
Ptilink = "Direct Parallel Link Driver" [Running/Manual] / "system32\DRIVERS\ptilink.sys"
PxHelp20 = "PxHelp20" [Running/Boot] / "\SystemRoot\System32\Drivers\PxHelp20.sys"
RasAcd = "Remote Access Auto Connection Driver" [Running/System] / "system32\DRIVERS\rasacd.sys"
Rasl2tp = "WAN Miniport (L2TP)" [Running/Manual] / "system32\DRIVERS\rasl2tp.sys"
RasPppoe = "Remote Access PPPOE Driver" [Running/Manual] / "system32\DRIVERS\raspppoe.sys"
Raspti = "Direct Parallel" [Running/Manual] / "system32\DRIVERS\raspti.sys"
Rdbss = "Rdbss" [Running/System] / "system32\DRIVERS\rdbss.sys"
RDPCDD = "RDPCDD" [Running/System] / "System32\DRIVERS\RDPCDD.sys"
rdpdr = "Terminal Server Device Redirector Driver" [Running/Manual] / "system32\DRIVERS\rdpdr.sys"
redbook = "Digital CD Audio Playback Filter Driver" [Running/System] / "system32\DRIVERS\redbook.sys"
SAVRTPEL = "SAVRTPEL" [Running/System] / "\??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS"
smrt = "Sony MPEG RealTime encoder board" [Running/Manual] / "system32\DRIVERS\smrt.sys"
sptd = "sptd" [Running/Boot] / "\SystemRoot\System32\Drivers\sptd.sys"
sr = "System Restore Filter Driver" [Running/Boot] / "\SystemRoot\system32\DRIVERS\sr.sys"
Srv = "Srv" [Running/Manual] / "system32\DRIVERS\srv.sys"
swenum = "Software Bus Driver" [Running/Manual] / "system32\DRIVERS\swenum.sys"
SYMDNS = "SYMDNS" [Running/Manual] / "\SystemRoot\System32\Drivers\SYMDNS.SYS"
SymEvent = "SymEvent" [Running/Manual] / "\??\C:\Program Files\Symantec\SYMEVENT.SYS"
SYMFW = "SYMFW" [Running/Manual] / "\SystemRoot\System32\Drivers\SYMFW.SYS"
SYMIDS = "SYMIDS" [Running/Manual] / "\SystemRoot\System32\Drivers\SYMIDS.SYS"
SYMIDSCO = "SYMIDSCO" [Running/Manual] / "\??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20060922.092\symidsco.sys"
SYMNDIS = "SYMNDIS" [Running/Manual] / "\SystemRoot\System32\Drivers\SYMNDIS.SYS"
SYMREDRV = "SYMREDRV" [Running/Manual] / "\SystemRoot\System32\Drivers\SYMREDRV.SYS"
SYMTDI = "SYMTDI" [Running/System] / "\SystemRoot\System32\Drivers\SYMTDI.SYS"
Tcpip = "TCP/IP Protocol Driver" [Running/System] / "system32\DRIVERS\tcpip.sys"
TermDD = "Terminal Device Driver" [Running/System] / "system32\DRIVERS\termdd.sys"
Update = "Microcode Update Driver" [Running/Manual] / "system32\DRIVERS\update.sys"
usbehci = "Microsoft USB 2.0 Enhanced Host Controller Miniport Driver" [Running/Manual] / "system32\DRIVERS\usbehci.sys"
usbhub = "USB2 Enabled Hub" [Running/Manual] / "system32\DRIVERS\usbhub.sys"
usbstor = "USB Mass Storage Driver" [Running/Manual] / "system32\DRIVERS\USBSTOR.SYS"
usbuhci = "Microsoft USB Universal Host Controller Miniport Driver" [Running/Manual] / "system32\DRIVERS\usbuhci.sys"
vaxscsi = "vaxscsi" [Running/Manual] / "\SystemRoot\System32\Drivers\vaxscsi.sys"
VgaSave = "VgaSave" [Running/System] / "\SystemRoot\System32\drivers\vga.sys"
VolSnap = "VolSnap" [Running/Boot] / ""
Wanarp = "Remote Access IP ARP Driver" [Running/Manual] / "system32\DRIVERS\wanarp.sys"
wanatw = "WAN Miniport (ATW)" [Running/Manual] / "system32\DRIVERS\wanatw4.sys"

Other drivers registered on local machine (101):
Abiosdsk = "Abiosdsk" [Stopped/Disabled] / ""
abp480n5 = "abp480n5" [Stopped/Disabled] / ""
ACPIEC = "ACPIEC" [Stopped/Disabled] / ""
adpu160m = "adpu160m" [Stopped/Disabled] / ""
aec = "Microsoft Kernel Acoustic Echo Canceller" [Stopped/Manual] / "system32\drivers\aec.sys"
Aha154x = "Aha154x" [Stopped/Disabled] / ""
aic78u2 = "aic78u2" [Stopped/Disabled] / ""
aic78xx = "aic78xx" [Stopped/Disabled] / ""
AliIde = "AliIde" [Stopped/Disabled] / ""
amsint = "amsint" [Stopped/Disabled] / ""
asc = "asc" [Stopped/Disabled] / ""
asc3350p = "asc3350p" [Stopped/Disabled] / ""
asc3550 = "asc3550" [Stopped/Disabled] / ""
AsyncMac = "RAS Asynchronous Media Driver" [Stopped/Manual] / "system32\DRIVERS\asyncmac.sys"
Atdisk = "Atdisk" [Stopped/Disabled] / ""
ati2mtag = "ati2mtag" [Stopped/Manual] / "system32\DRIVERS\ati2mtag.sys"
Atmarpc = "ATM ARP Client Protocol" [Stopped/Manual] / "system32\DRIVERS\atmarpc.sys"
cbidf2k = "cbidf2k" [Stopped/Disabled] / ""
CCDECODE = "Closed Caption Decoder" [Stopped/Manual] / "system32\DRIVERS\CCDECODE.sys"
cd20xrnt = "cd20xrnt" [Stopped/Disabled] / ""
Cdaudio = "Cdaudio" [Stopped/System] / ""
Changer = "Changer" [Stopped/System] / ""
CmdIde = "CmdIde" [Stopped/Disabled] / ""
Cpqarray = "Cpqarray" [Stopped/Disabled] / ""
dac960nt = "dac960nt" [Stopped/Disabled] / ""
dmboot = "dmboot" [Stopped/Disabled] / "System32\drivers\dmboot.sys"
DMusic = "Microsoft Kernel DLS Syntheiszer" [Stopped/Manual] / "system32\drivers\DMusic.sys"
dpti2o = "dpti2o" [Stopped/Disabled] / ""
drmkaud = "Microsoft Kernel DRM Audio Descrambler" [Stopped/Manual] / "system32\drivers\drmkaud.sys"
Fdc = "Fdc" [Stopped/System] / ""
Flpydisk = "Flpydisk" [Stopped/System] / ""
HdAudAddService = "Microsoft UAA Function Driver for High Definition Audio Service" [Stopped/Manual] / "system32\drivers\HdAudio.sys"
hpn = "hpn" [Stopped/Disabled] / ""
HPZid412 = "IEEE-1284.4 Driver HPZid412" [Stopped/Manual] / "system32\DRIVERS\HPZid412.sys"
HPZipr12 = "Print Class Driver for IEEE-1284.4 HPZipr12" [Stopped/Manual] / "system32\DRIVERS\HPZipr12.sys"
HPZius12 = "USB to IEEE-1284.4 Translation Driver HPZius12" [Stopped/Manual] / "system32\DRIVERS\HPZius12.sys"
HTTP = "HTTP" [Stopped/Manual] / "System32\Drivers\HTTP.sys"
i2omgmt = "i2omgmt" [Stopped/System] / ""
i2omp = "i2omp" [Stopped/Disabled] / ""
ini910u = "ini910u" [Stopped/Disabled] / ""
Ip6Fw = "IPv6 Windows Firewall Driver" [Stopped/Manual] / "system32\DRIVERS\Ip6Fw.sys"
IpFilterDriver = "IP Traffic Filter Driver" [Stopped/Manual] / "system32\DRIVERS\ipfltdrv.sys"
IpInIp = "IP in IP Tunnel Driver" [Stopped/Manual] / "system32\DRIVERS\ipinip.sys"
IRENUM = "IR Enumerator Service" [Stopped/Manual] / "system32\DRIVERS\irenum.sys"
kmixer = "Microsoft Kernel Wave Audio Mixer" [Stopped/Manual] / "system32\drivers\kmixer.sys"
lbrtfdc = "lbrtfdc" [Stopped/System] / ""
MHNDRV = "MHN driver" [Stopped/Manual] / "system32\DRIVERS\mhndrv.sys"
mraid35x = "mraid35x" [Stopped/Disabled] / ""
MSKSSRV = "Microsoft Streaming Service Proxy" [Stopped/Manual] / "system32\drivers\MSKSSRV.sys"
MSPCLOCK = "Microsoft Streaming Clock Proxy" [Stopped/Manual] / "system32\drivers\MSPCLOCK.sys"
MSPQM = "Microsoft Streaming Quality Manager Proxy" [Stopped/Manual] / "system32\drivers\MSPQM.sys"
MSTEE = "Microsoft Streaming Tee/Sink-to-Sink Converter" [Stopped/Manual] / "system32\drivers\MSTEE.sys"
NABTSFEC = "NABTS/FEC VBI Codec" [Stopped/Manual] / "system32\DRIVERS\NABTSFEC.sys"
NAVENG = "NAVENG" [Stopped/Manual] / "\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061019.066\NAVENG.Sys"
NAVEX15 = "NAVEX15" [Stopped/Manual] / "\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061019.066\NavEx15.Sys"
NdisIP = "Microsoft TV/Video Connection" [Stopped/Manual] / "system32\DRIVERS\NdisIP.sys"
NwlnkFlt = "IPX Traffic Filter Driver" [Stopped/Manual] / "system32\DRIVERS\nwlnkflt.sys"
NwlnkFwd = "IPX Traffic Forwarder Driver" [Stopped/Manual] / "system32\DRIVERS\nwlnkfwd.sys"
ParVdm = "ParVdm" [Stopped/Disabled] / ""
PCIDump = "PCIDump" [Stopped/System] / ""
Pcmcia = "Pcmcia" [Stopped/Disabled] / ""
PDCOMP = "PDCOMP" [Stopped/Manual] / ""
PDFRAME = "PDFRAME" [Stopped/Manual] / ""
PDRELI = "PDRELI" [Stopped/Manual] / ""
PDRFRAME = "PDRFRAME" [Stopped/Manual] / ""
perc2 = "perc2" [Stopped/Disabled] / ""
perc2hib = "perc2hib" [Stopped/Disabled] / ""
ql1080 = "ql1080" [Stopped/Disabled] / ""
Ql10wnt = "Ql10wnt" [Stopped/Disabled] / ""
ql12160 = "ql12160" [Stopped/Disabled] / ""
ql1240 = "ql1240" [Stopped/Disabled] / ""
ql1280 = "ql1280" [Stopped/Disabled] / ""
RDPWD = "RDPWD" [Stopped/Manual] / ""
SAVRT = "SAVRT" [Stopped/Manual] / "\??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS"
Secdrv = "Secdrv" [Stopped/Manual] / "system32\DRIVERS\secdrv.sys"
Serial = "Serial" [Stopped/Automatic] / ""
Sfloppy = "Sfloppy" [Stopped/System] / ""
Simbad = "Simbad" [Stopped/Disabled] / ""
SLIP = "BDA Slip De-Framer" [Stopped/Manual] / "system32\DRIVERS\SLIP.sys"
Sparrow = "Sparrow" [Stopped/Disabled] / ""
SPBBCDrv = "SPBBCDrv" [Stopped/Manual] / "\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys"
splitter = "Microsoft Kernel Audio Splitter" [Stopped/Manual] / "system32\drivers\splitter.sys"
streamip = "BDA IPSink" [Stopped/Manual] / "system32\DRIVERS\StreamIP.sys"
swmidi = "Microsoft Kernel GS Wavetable Synthesizer" [Stopped/Manual] / "system32\drivers\swmidi.sys"
symc810 = "symc810" [Stopped/Disabled] / ""
symc8xx = "symc8xx" [Stopped/Disabled] / ""
sym_hi = "sym_hi" [Stopped/Disabled] / ""
sym_u3 = "sym_u3" [Stopped/Disabled] / ""
sysaudio = "Microsoft Kernel System Audio Device" [Stopped/Manual] / "system32\drivers\sysaudio.sys"
TDPIPE = "TDPIPE" [Stopped/Manual] / ""
TDTCP = "TDTCP" [Stopped/Manual] / ""
TosIde = "TosIde" [Stopped/Disabled] / ""
Udfs = "Udfs" [Stopped/Disabled] / ""
ultra = "ultra" [Stopped/Disabled] / ""
usbccgp = "Microsoft USB Generic Parent Driver" [Stopped/Manual] / "system32\DRIVERS\usbccgp.sys"
usbprint = "Microsoft USB PRINTER Class" [Stopped/Manual] / "system32\DRIVERS\usbprint.sys"
usbscan = "USB Scanner Driver" [Stopped/Manual] / "system32\DRIVERS\usbscan.sys"
ViaIde = "ViaIde" [Stopped/Disabled] / ""
WDICA = "WDICA" [Stopped/Manual] / ""
wdmaud = "Microsoft WINMM WDM Audio Compatibility Driver" [Stopped/Manual] / "system32\drivers\wdmaud.sys"
WSTCODEC = "World Standard Teletext Codec" [Stopped/Manual] / "system32\DRIVERS\WSTCODEC.SYS"

Entries for HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run:
'AGRSMMSG' = 'AGRSMMSG.exe'
'ATIPTA' = 'C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe'
'AlcWzrd' = 'ALCWZRD.EXE'
'Alcmtr' = 'ALCMTR.EXE'
'High Definition Audio Property Page Shortcut' = 'HDAudPropShortcut.exe'
'HotKeysCmds' = 'C:\WINDOWS\system32\hkcmd.exe'
'IgfxTray' = 'C:\WINDOWS\system32\igfxtray.exe'
'NetPumper' = '"C:\Program Files\NetPumper\NetPumperIEProxy.exe"'
'QuickTime Task' = '"C:\Program Files\QuickTime\qttask.exe" -atboottime'
'RealTray' = 'C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER'
'SoundMan' = 'SOUNDMAN.EXE'
'Symantec NetDriver Monitor' = 'C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer'
'VAIO Recovery' = 'C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe'
'VAIO Update 2' = '"C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary'
'VAIOSurvey' = 'c:\program files\sony\vaio survey\surveysa.exe'
'ccApp' = '"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"'
'ehTray' = 'C:\WINDOWS\ehome\ehtray.exe'
'iTunesHelper' = '"C:\Program Files\iTunes\iTunesHelper.exe"'

Entries for HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce:

Entries for HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx:

Entries for HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices:

Entries for HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run:

Entries for HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run:

Entries for HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run:

Entries for HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run:

Entries for HKEY_USERS\S-1-5-21-2587470936-4272241011-934700550-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run:
'Google Desktop Search' = '"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup'
'swg' = 'C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe'

Entries for HKEY_USERS\S-1-5-21-2587470936-4272241011-934700550-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce:

Entries for HKEY_USERS\S-1-5-21-2587470936-4272241011-934700550-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices:

Entries for HKEY_USERS\S-1-5-21-2587470936-4272241011-934700550-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run:

Entries for HKEY_USERS\.DEFAULT\Control Panel\Desktop:
'SCRNSAVE.EXE' = 'logon.scr'

Entries for HKEY_USERS\S-1-5-18\Control Panel\Desktop:
'SCRNSAVE.EXE' = 'logon.scr'

Entries for HKEY_USERS\S-1-5-19\Control Panel\Desktop:
'SCRNSAVE.EXE' = '%SystemRoot%\System32\logon.scr'

Entries for HKEY_USERS\S-1-5-20\Control Panel\Desktop:
'SCRNSAVE.EXE' = '%SystemRoot%\System32\logon.scr'

Entries for HKEY_USERS\S-1-5-21-2587470936-4272241011-934700550-500\Control Panel\Desktop:
'SCRNSAVE.EXE' = 'C:\WINDOWS\system32\vaiomov.scr'

Startup items for folder 'C:\Documents and Settings\All Users\Start Menu\Programs\Startup'
Shortcut Desc: '', Path: 'C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe', Args: ''
Shortcut Desc: 'America Online 9.0 Tray Icon', Path: 'C:\Program Files\America Online 9.0\aoltray.exe', Args: '-check'
Shortcut Desc: 'AOL Companion', Path: 'C:\Program Files\AOL Companion\companion.exe', Args: '/s'
Shortcut Desc: '', Path: 'C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe', Args: ''
Shortcut Desc: '', Path: 'C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe', Args: ''
Shortcut Desc: '', Path: 'C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe', Args: '/n'
Shortcut Desc: 'WinZip Quick Pick', Path: 'C:\Program Files\WinZip\WZQKPICK.EXE', Args: ''

Startup items for folder 'C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup'

Startup items for folder 'C:\Documents and Settings\Shane Sternstein\Start Menu\Programs\Startup'

Startup items for folder 'C:\Documents and Settings\Administrator\Start Menu\Programs\Startup'

Startup Entries for HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon:
'Shell' = 'Explorer.exe'
'System' = ''
'UIHost' = 'logonui.exe'
'Userinit' = 'C:\WINDOWS\system32\userinit.exe,'

Startup Entries for HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
'load' = ''

Startup Entries for HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
'load' = ''

Startup Entries for HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
'load' = ''

Startup Entries for HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
'load' = ''

Startup Entries for HKEY_USERS\S-1-5-21-2587470936-4272241011-934700550-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
'load' = ''

Startup Entries for HKEY_USERS\S-1-5-21-2587470936-4272241011-934700550-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
'load' = ''

Startup Entries for HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path:
'Debugger' = 'ntsd -d'

Startup Entries for HKLM\SOFTWARE\Microsoft\Command Processor:
'AutoRun' = ''

Startup Entries for HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run:

Startup Entries for HKEY_USERS\S-1-5-21-2587470936-4272241011-934700550-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run:

Startup Entries for HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions:
'Wireless' = "gptext.dll"
'Folder Redirection' = "fdeploy.dll"
'Microsoft Disk Quota' = "dskquota.dll"
'QoS Packet Scheduler' = "gptext.dll"
'Scripts' = "gptext.dll"
'Internet Explorer Zonemapping' = "iedkcs32.dll"
'Security' = "scecli.dll"
'Internet Explorer Branding' = "iedkcs32.dll"
'EFS recovery' = "scecli.dll"
'Microsoft Offline Files' = "%SystemRoot%\System32\cscui.dll"
'Software Installation' = "appmgmts.dll"
'IP Security' = "gptext.dll"

Startup Entries for HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
'AtiExtEvent' = "Ati2evxx.dll" (11 events: Disconnect,Lock,Logoff,Logon,Reconnect,Shutdown,StartScreenSaver,StartShell,Startup,StopScreenSaver,Unlock)
'crypt32chain' = "crypt32.dll" (1 event: Logoff)
'cryptnet' = "cryptnet.dll" (1 event: Logoff)
'cscdll' = "cscdll.dll" (5 events: Logoff,Logon,Shutdown,StartShell,Startup)
'igfxcui' = "igfxsrvc.dll" (1 event: Unlock)
  • 0

#39
Metallica
Posted 03 November 2006 - 03:42 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Thanks.

I'll need a clear head to work through that.
Will do that tomorrow. :whistling:
  • 0

#40
ab torch
Posted 03 November 2006 - 03:47 PM

ab torch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
yeah no problem it's a huge log...hope you have a nice weekend

shane
  • 0

Advertisements

#41
Metallica
Posted 04 November 2006 - 08:09 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Hi Shane,

Click Start > Run > services.msc > OK

In the list of services scroll down to Remote Procedure Call (RPC)
Rightclick that line and choose Start
This will probably fail, but I would like to know why.
So let me know if you get any error reports.
  • 0

#42
ab torch
Posted 04 November 2006 - 11:50 AM

ab torch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
it showed an error 193: 0xc1

Shane
  • 0

#43
Metallica
Posted 04 November 2006 - 02:00 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Good. That lead me here:
http://support.micro...b;en-us;Q812486

So. I'd like to have a look at the key they mention in that article.

To do so click Start > run > and copy this command:

regedit.exe /e C:\servrpcss.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs"

then click OK to excute.

This will create the file C:\servrpcss.txt
Find that file and post the content.
  • 0

#44
ab torch
Posted 04 November 2006 - 02:18 PM

ab torch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Metallica,

Here is the log

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="Provides the endpoint mapper and other miscellaneous RPC services."
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"Group"="COM Infrastructure"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,20,00,2d,00,6b,00,20,00,72,00,70,00,\
63,00,73,00,73,00,00,00
"ObjectName"="NT AUTHORITY\\NetworkService"
"Start"=dword:00000002
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,02,00,00,00,60,ea,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Shane
  • 0

#45
Metallica
Posted 05 November 2006 - 07:03 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Imagepath says:

%SystemRoot%\system32\svchost -k rpcss

Nothing wrong with that. It is also running from that location with other switches.

Copy the code below into notepad and save it as lookup.bat
Set Filetype to "All files" 
dir %Systemdrive%\rpcss.dll /a h /s > files.txt
start notepad files.txt

Start the file by doubleclicking lookup.bat
That will open a file called files.txt. Post the content of that file.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP