Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Taskbar Problems


  • Please log in to reply

#16
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I havent checked my email yet,have you sent all 3 of those files?

Also,I couldnt see a thing in those links you gave me!

Whats going on with Notepad?

Go ahead and delete the files identified as ugly,you may need to go to Safe Mode to Delete!

Scan again with PFind and Post those results!

Lets use a Registry Search Tool and See where this Uglies are inside the Registry!

Go here
http://www.billsway.com/vbspage/

Scroll down the page
and download the "Registry Search Tool"

Unzip RegSrch.zip to the desktop

Double click on RegSrch.vbs

If you get a warning from your Anti Virus please ignore it and allow this to run.

When it starts, you will be prompted to enter a search phrase.

Enter each file name one at a time for a Search!

eunsh.exe

winhlpp32.exe

gbxsnw.exe


Let me know if Notepad wont work right!
  • 0

Advertisements


#17
Sonicobob

Sonicobob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ok this task is getting increasingly more difficult to do because of the copy and paste function problem and the problem with links in internet explorer

i am only able to get text copied into anywhere is from notepad! no other copy or paste function works in any other program or word for example i click copy go to new destination and paste function is not selectable as if it never copied it. This is why i couldnt paste the log straight in because they were in word.

now with the internet explorer problem i still cannot use links, for example in yr last post you told me to access bills way and you gave me a link but when i click the link it does nothing. i then have to right click>add to favourites> and thenclick the file in my favourites folder to get the webpage up. Same for anything java script like the expand buttons on the link you gave me at billsway they do nothing so i cant access the file. The same happened with the panda scan i clicked the scan now button but nothing happens and no way to get to the next page. I thought editing the hosts file and changing the internet explorer settings would change it but it has done nothing so far??? i know yr trying yr best im not havin a go i just want you to know all the facts when yr making yr decisions on what to do next

i am unable to email you any files until the internet explorer problem is fixed, i cant even copy the files to my usb zip and take them to work to email because i have no copy paste function?? i am unable to access hotmail, yahoo loads but to do anything you need to be able to use the buttons which i can't.
  • 0

#18
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Agreed,this is a pain in the arse!

Lets see what is still working right???

Try to access these functions

Msconfig

Regedit

Search via the Start Menu

System Restore<<< On or Off??

Was the Regsearch logs real long with many entries??

Was there any that were similar or identical across the board for each file?

Whatever Info you can provide me with will help!!

Have you been able to delete any of those files??

I just read back through everything and am attaching a Zip folder with an inf file from Symantec inside it!

Download the Zip folder to the Desktop and Unzip and Locate UnHookExec.inf

Place the inf file on the Desktop and Right Click and Select "Install"

If you have made a copy of all the files mentioned before,go to Safe Mode and Select Safe Mode with Command Prompt


del C:\WINDOWS\System32\eunsh.exe (Note the space between del and C)

del C:\WINDOWS\System32\wncnmrtd.exe

del C:\WINDOWS\System32\gbxsnw.exe

del C:\WINDOWS\System32\winhlpp32.exe

Note any messages that flash while completing each step!

Post back as soon as you can!

Edited by Cretemonster, 28 June 2005 - 01:50 PM.

  • 0

#19
Sonicobob

Sonicobob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
i shall answer those questions when i get back to my computer at 2.

you said you were goin to send an attachment?? where is it??
  • 0

#20
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Well Crap,I guess I forgot to attach it!

Attached Files


  • 0

#21
Sonicobob

Sonicobob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ok then re check

msconfig --> works fine :help:

regedit --> works fine :help:

Search via start menu --> Not Responding :tazz:

System restore --> "system restore cannot protect your computer, please restart" ;)

Copy paste function --> only works while Notepad is open ;)

Startup procedure --> Login > Close SVCHOST.EXE, 2180 memusage. Windows taskbar becomes accessible but still no windows. :help:

Internet explorer --> Connection --> Works fine :yeah:
Speed --> Fine :yeah:
Accesibility --> Unable to use links
--> Unable to copy paste
--> Unable to load javascript
--> Buttons do not respond
  • 0

#22
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Ok,Confirm what files during the post have been deleted and what wasnt found?

I need to be reminded if you have the CD for Windows?

We need to go ahead and run the top online scan there is,I dont use it much because it takes so long!

In this case its warrented!
http://www.kaspersky...oduct=161744315

Save any reports or logs you can!

PFind has been updated as well,lets get a new scan from that
http://www.bleepingc...r/pfind-new.zip

Run this in Safe Mode please!

Doubleclick pfind.bat
It will scan for a while, so please be patient.
Wait till the doswindow closes.

Post the contents of C:\pfind.txt and anything Kaspersky finds!
  • 0

#23
Sonicobob

Sonicobob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ok sorry for the lack of reply i have been at a family wedding

Eunsh.exe has been deleted but is still held in a winrar folder in the system32 folder

wncnmrtd.exe was not found

gbxsnw.exe has been deleted but is still held in a winrar folder in the system32 folder

winhlpp32.exe has been deleted but is still held in a winrar folder in the sysytem32 folder

i still have the 3 system recovery cds from the previous ME Version
I also have the Windows XP Pro upgrade CD

i also attempted to use the regsearch tool you sent me but it does not actually do anything. i have double clicked the vbs file and nothing happens???????

the online scan at kaspersky cannot be accessed without pressing buttons on the pages so i cannot get anywhere near downloading it

pfind downloaded and installed, safe mode log is below

Files found with this application may be legitimate.
Only remove files that you know are malware related.


Checking the C: folder



Checking the C:\Program Files folder



Checking the C:\WINDOWS folder

C:\WINDOWS\flashax.exe: .aspack
C:\WINDOWS\vsapi32.dll: UPX!t4
C:\WINDOWS\Tsc.exe: UPX!
C:\WINDOWS\daemount.exe: UPX!
C:\WINDOWS\daemon.dll: UPX!


Checking the C:\WINDOWS\SYSTEM32 folder

C:\WINDOWS\SYSTEM32\DVDVideo.ax: UPX!


Checking all directories under the C:\WINDOWS\SYSTEM32\drivers folder



Checking the C:\Documents and Settings\All Users\Start Menu\programs\Startup\ folder




Checking the C:\Documents and Settings\All Users\Application Data folder




Checking the C:\Documents and Settings\Admin\Start Menu\programs\Startup\ folder




Checking the C:\Documents and Settings\Admin\Application Data folder




Checking the Windows folder for system and hidden files within the last 60 days


C:\WINDOWS\
bootstat.dat Sat 2 Jul 2005 13:18:32 A.S.. 2,048 2.00 K
ttfcache Thu 26 May 2005 16:25:32 A..H. 45,565 44.50 K
window~1.man Sun 5 Jun 2005 21:43:50 A..HR 749 0.73 K

C:\WINDOWS\INF\
oem5.inf Wed 15 Jun 2005 15:38:32 ...H. 0 0.00 K

C:\WINDOWS\TEMPOR~1\
desktop.ini Fri 24 Jun 2005 19:57:54 ..SH. 67 0.06 K

C:\WINDOWS\SENDTO\
desktop.ini Sun 5 Jun 2005 21:44:00 A.SH. 181 0.18 K

C:\WINDOWS\SYSTEM32\
ncpacp~1.man Sun 5 Jun 2005 21:43:50 A..HR 749 0.73 K
nwccpl~1.man Sun 5 Jun 2005 21:43:50 A..HR 749 0.73 K
sapicp~1.man Sun 5 Jun 2005 21:43:50 A..HR 749 0.73 K
wuaucp~1.man Sun 5 Jun 2005 21:43:50 A..HR 749 0.73 K
cdplay~1.man Sun 5 Jun 2005 21:43:50 A..HR 749 0.73 K
logonu~1.man Sun 5 Jun 2005 21:43:58 A..HR 488 0.48 K
window~1.man Sun 5 Jun 2005 21:43:58 A..HR 488 0.48 K

C:\WINDOWS\FONTS\
desktop.ini Sat 18 Jun 2005 14:34:42 A.SH. 67 0.06 K

C:\WINDOWS\TASKS\
sa.dat Wed 15 Jun 2005 16:35:50 A..H. 6 0.00 K

C:\WINDOWS\OFFLIN~1\
desktop.ini Sun 5 Jun 2005 21:43:58 ...H. 65 0.06 K

C:\WINDOWS\DOWNLO~1\
desktop.ini Sun 5 Jun 2005 21:43:58 ...H. 65 0.06 K

C:\WINDOWS\REPAIR\
ntuser.dat Sun 5 Jun 2005 21:48:10 A..H. 1,454,080 1.39 M

C:\WINDOWS\TEMPOR~1\CONTENT.IE5\
desktop.ini Sat 18 Jun 2005 12:09:16 ..SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\
system.log Sat 2 Jul 2005 13:17:24 A..H. 712,704 696.00 K
software.log Sat 2 Jul 2005 13:17:24 A..H. 57,344 56.00 K
default.log Sat 2 Jul 2005 13:17:24 A..H. 8,192 8.00 K
userdiff.log Sun 5 Jun 2005 21:32:04 A..H. 1,024 1.00 K
tempkey.log Sun 5 Jun 2005 21:32:02 A..H. 1,024 1.00 K
sam.log Sat 2 Jul 2005 13:20:48 A..H. 1,024 1.00 K
security.log Sat 2 Jul 2005 13:18:34 A..H. 12,288 12.00 K

C:\WINDOWS\SYSTEM32\RESTORE\
filelist.xml Wed 15 Jun 2005 15:38:54 ..SHR 13,698 13.38 K

C:\WINDOWS\ALLUSE~1\DOCUME~1\
desktop.ini Tue 7 Jun 2005 11:11:16 ..SH. 128 0.13 K

C:\WINDOWS\TEMPOR~1\CONTENT.IE5\2LC1J32O\
desktop.ini Mon 20 Jun 2005 9:34:32 ..SH. 67 0.06 K

C:\WINDOWS\TEMPOR~1\CONTENT.IE5\KS6SFO8R\
desktop.ini Mon 20 Jun 2005 9:34:32 ..SH. 67 0.06 K

C:\WINDOWS\TEMPOR~1\CONTENT.IE5\4DUNGP4R\
desktop.ini Mon 20 Jun 2005 9:34:32 ..SH. 67 0.06 K

C:\WINDOWS\TEMPOR~1\CONTENT.IE5\G7OPCZEV\
desktop.ini Mon 20 Jun 2005 9:34:32 ..SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\GROUPP~1\ADM\
admfiles.ini Wed 15 Jun 2005 15:51:30 ...H. 69 0.07 K

C:\WINDOWS\TEMP\TEMPOR~1\CONTENT.IE5\
desktop.ini Tue 31 May 2005 18:03:16 ..SH. 67 0.06 K

C:\WINDOWS\TEMP\HISTORY\HISTORY.IE5\
desktop.ini Tue 31 May 2005 18:03:18 ..SH. 113 0.11 K

C:\WINDOWS\PCHEALTH\HELPCTR\PACKAG~1\
packag~1.cab Sun 5 Jun 2005 21:44:30 ..SHR 727 0.71 K
packag~2.cab Sun 5 Jun 2005 21:44:30 ..SHR 19,854 19.39 K
packag~3.cab Sun 5 Jun 2005 21:44:30 ..SHR 243,124 237.43 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\
desktop.ini Sun 5 Jun 2005 21:33:22 A.SH. 62 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\
desktop.ini Sun 5 Jun 2005 21:33:22 A.SH. 62 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\SENDTO\
desktop.ini Sun 5 Jun 2005 21:44:00 A.SH. 181 0.18 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\RECENT\
desktop.ini Wed 15 Jun 2005 15:58:38 A.SH. 150 0.14 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\MYDOCU~1\
desktop.ini Wed 15 Jun 2005 15:58:38 A.SH. 77 0.07 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\FAVORI~1\
desktop.ini Wed 15 Jun 2005 15:58:38 A.SH. 122 0.12 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\DESKTOP\
desktop.ini Sun 5 Jun 2005 21:52:02 A.SH. 80 0.08 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\
desktop.ini Sun 5 Jun 2005 21:33:22 A.SH. 62 0.06 K

C:\WINDOWS\TEMP\TEMPOR~1\CONTENT.IE5\VHGL1RU6\
desktop.ini Tue 31 May 2005 18:03:16 ..SH. 67 0.06 K

C:\WINDOWS\TEMP\TEMPOR~1\CONTENT.IE5\8PEBS9I3\
desktop.ini Tue 31 May 2005 18:03:16 ..SH. 67 0.06 K

C:\WINDOWS\TEMP\TEMPOR~1\CONTENT.IE5\W5EFGDIF\
desktop.ini Tue 31 May 2005 18:03:18 ..SH. 67 0.06 K

C:\WINDOWS\TEMP\TEMPOR~1\CONTENT.IE5\1MI24SN2\
desktop.ini Tue 31 May 2005 18:03:18 ..SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\HISTORY\
desktop.ini Wed 15 Jun 2005 15:57:30 ..SH. 113 0.11 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\
desktop.ini Wed 15 Jun 2005 15:57:00 ..SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\PROGRAMS\
desktop.ini Wed 15 Jun 2005 15:58:42 A.SH. 250 0.24 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\MYDOCU~1\MYPICT~1\
desktop.ini Wed 15 Jun 2005 15:58:38 A.SH. 184 0.18 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\MYDOCU~1\MYMUSI~1\
desktop.ini Wed 15 Jun 2005 15:58:40 A.SH. 182 0.18 K

C:\WINDOWS\SYSTEM32\MICROS~1\PROTECT\S-1-5-18\USER\
e78a4a~1 Sun 5 Jun 2005 22:05:02 A.SH. 388 0.38 K
prefer~1 Sun 5 Jun 2005 22:05:02 A.SH. 24 0.02 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\HISTORY\HISTORY.IE5\
desktop.ini Sun 5 Jun 2005 21:44:36 A.SH. 113 0.11 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\
desktop.ini Sun 5 Jun 2005 21:44:34 A.SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\PROGRAMS\ACCESS~1\
desktop.ini Wed 15 Jun 2005 15:58:28 A.SH. 542 0.53 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\PROGRAMS\STARTUP\
desktop.ini Sun 5 Jun 2005 21:45:50 A.SH. 84 0.08 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\MICROS~1\INTERN~1\
desktop.htt Wed 15 Jun 2005 15:58:12 A.SH. 2,572 2.51 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\OXBXBIHT\
desktop.ini Sun 5 Jun 2005 21:44:36 A.SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\5HNRU1JC\
desktop.ini Sun 5 Jun 2005 21:44:36 A.SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\5N3X0Z5F\
desktop.ini Sun 5 Jun 2005 21:44:36 A.SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\OLAZK5I3\
desktop.ini Sun 5 Jun 2005 21:44:36 A.SH. 67 0.06 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\PROGRAMS\ACCESS~1\ENTERT~1\
desktop.ini Sun 5 Jun 2005 21:45:50 A.SH. 84 0.08 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\PROGRAMS\ACCESS~1\ACCESS~1\
desktop.ini Sun 5 Jun 2005 21:45:50 A.SH. 348 0.34 K

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\MICROS~1\INTERN~1\QUICKL~1\
desktop.ini Wed 15 Jun 2005 15:58:44 A.SH. 81 0.08 K

69 items found: 69 files, 0 directories.
Total of file sizes: 2,585,760 bytes 2.46 M



thanks

Edited by Sonicobob, 02 July 2005 - 07:49 AM.

  • 0

#24
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,lets try a few things!

First when you kill the Svchost>> How Much mem usage is it reading and from what locale

System?

Owner??

Neywork Service???

Local Service????

Lets use Windows System File Checker and see what errors it fixes or doesnt fix!

Click Start>>Run>>Type in CMD and Click OK!

Type "SFC /purgecache" and click enter!
This will force Windows to purge its DLL cache and repopulate with clean system files!

Type "SFC /Enable" and click enter!
This will make sure that your OS has its System File Checker enabled!

Type "SFC /scannow" and click enter!
This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem!

If there are errors running "Scannow", these links may be helpful:
http://www.updatexp....cannow-sfc.html
http://support.micro...om/?kbid=310747
http://www.techadvic...m/w98/S/SFC.htm

Post back with as much info as possible!
  • 0

#25
Sonicobob

Sonicobob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ok windows file checker worked fine and completed scan with no errors

i am going to reeboot to get some more info on the bad svchost

ok details of SVCHOST.EXE

Process identifier : 776

Memory usage : 2,808k

peak memory usage : 2,820

page faults : 10,500

Virtual memory : 1,064k

Edited by Sonicobob, 03 July 2005 - 07:23 AM.

  • 0

Advertisements


#26
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Go here
http://www.billsway.com/vbspage/

Scroll down and locate "Find File Information"

Unzip FileInfo.Zip>> Right Click and Select Extract All

Double Click FileInfo.vbs

If you get a warning from your Anti Virus please ignore it and allow this to run.

When it starts, you will be prompted to enter a search phrase.

svchost<< No file extensions just those letters!

Save the Report and Post it back here!

Edited by Cretemonster, 04 July 2005 - 03:55 AM.

  • 0

#27
Sonicobob

Sonicobob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
sorry i told you i cant expand those buttons on the billspage website

so no can do i have no way of downloading the file??

thanks
  • 0

#28
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Well this has got my noodle cooked completely!

Can you access Command Prompt OK?

Another thing I would like to see is a HijackThis StartUp log!

You can just upload it as an attachment so you dont have to Copy&Paste if that makes it simpler!

Hijackthis StartUp Log:
Open HijackThis,Select Config(Bottom Right)>>>Select Misc Tools>>> Select Generate StartUpList log and make sure that both Boxes beside it are checked:

Put a check by:
List all minor sections(Full)
and
List Empty Sections(Complete)

It will produce a NotePad Page,I need you to post the entire contents of that page to the next post!
  • 0

#29
Sonicobob

Sonicobob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
i can access start>run>cmd fine if that is what you mean??

consider my noodle baked also :tazz:

StartupList report, 06/07/2005, 19:44:37
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Admin\My Documents\My files\Appz\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\My Documents\My files\Appz\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Admin\Start Menu\Programs\StartUp]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
SoundMan = SOUNDMAN.EXE
Tweak UI = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{29BB0272-763B-4186-A1BF-BCB39784117D}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}.Restore]
StubPath = rundll32.exe advpack.dll,UserUnInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
PCHealth Scheduler for Data Collection.job
Symantec NetDetect.job
Maintenance-Defragment programs.job
Maintenance-Disk cleanup.job
McAfee.com Update Check 03112004100100.job
Uninstall Expiration Reminder.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[{00000055-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...cs/i386/fhg.CAB

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....467&clcid=0x409

[EPUImageControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\EPUWALCONTROL.DLL
CODEBASE = http://tools.ebayimg...l_v1-0-3-18.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNPUPLD.DLL
CODEBASE = http://by102fd.bay10...es/MsnPUpld.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CONFLICT.1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai...all/xscan53.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...B?37749.2390625

[ASquaredScanForm Element]
InProcServer32 = C:\WINDOWS\DOWNLO~1\AXSCAN.OCX
CODEBASE = http://www.windowsec...scan/axscan.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[EPSImageControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\EPSCONTROL.DLL
CODEBASE = http://tools.ebayimg...ol_v1-0-3-0.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido\security suite\ewidoctrl.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCTEL Speaker Phone: %SystemRoot%\system32\pctspk.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PCTEL Serial Device Driver for PCI: System32\DRIVERS\ptserlp.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{4C306B0C-E536-4271-B352-F704318FD53B} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Scientific Atlanta WebSTAR 2000 series Cable Modem: System32\DRIVERS\sacmxp2.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: System32\DRIVERS\viaagp.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
XP Vmodem: System32\DRIVERS\vmodem.sys (system)
XP Vpctcom: System32\DRIVERS\vpctcom.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
XP Vvoice: System32\DRIVERS\vvoice.sys (system)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

UPnPMonitor: C:\WINDOWS\System32\upnpui.dll
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 29,948 bytes
Report generated in 0.188 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

#30
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,lets check for that file we never could find!

Make sure you get the spaces in these commands

Click Start>> Run>> Type CMD and Click OK!

Type in cd\ and hit Enter

Now Type in dir %Systemdrive%\wncnmrtd.exe /a h /s > files.txt

If any returns let me know!

Back to Command Prompt

Now Type in dir %Systemdrive%\svchost.exe /a h /s > files.txt

Save that text file and post the results of what you find!

I am guessing we are dealing with an upgeade issue!

I havent heard of much success upgrading from a 9X Platform to a NT platform!

Let me know what ya find!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP