OK, here it is.................... it's all double dutch to me!!!!!!!!!!!!!!!!!!!!!!
StartupList report, 19/11/2005, 17:16:09
StartupList version: 1.52.2
Started from : C:\Hijack This\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\system32\basfipm.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINNT\system32\DSentry.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINNT\SPMSMON.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINNT\EXPLORER.EXE
C:\Hijack This\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Neil\Start Menu\Programs\Startup]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Synchronization Manager = mobsync.exe /logon
Apoint = C:\Program Files\Apoint\Apoint.exe
NvCplDaemon = RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /installquiet
bascstray = BascsTray.exe
Dell QuickSet = C:\Program Files\Dell\QuickSet\quickset.exe
PRPCMonitor = PRPCUI.exe
DVDSentry = C:\WINNT\system32\DSentry.exe
CreateCD50 = "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
HPDJ Taskbar Utility = C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
ChangeICON = C:\WINNT\SPMSMON.EXE
NeroCheck = C:\WINNT\system32\NeroCheck.exe
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
Windows spoolservr Service = spoolservr.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
LVCOMSX = C:\WINNT\system32\LVCOMSX.EXE
LogitechVideoRepair = C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray = C:\Program Files\Logitech\Video\LogiTray.exe
16 dead great bold = C:\Documents and Settings\All Users\Application Data\pingextra16dead\Ruleplay.exe
THGuard = "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Windows spoolservr Service = spoolservr.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
washindex = C:\Program Files\Washer\washidx.exe "Neil"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Internat.exe = internat.exe
Window Washer = C:\Program Files\Webroot\Washer\wwDisp.exe
Cake Drive = C:\DOCUME~1\Neil\APPLIC~1\HOLDOW~1\Bolt Funk For.exe
LogitechSoftwareUpdate = "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
ares = "C:\Program Files\Ares\Ares.exe" -h
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINNT\system32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINNT\system32\setup\wmpocm.exe /HideWMP
[>{23DA3FB8-16C3-43A3-B92B-22EE21E35CFB}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{6A5110B5-E14B-4268-A065-EF89FF33C325}] *
StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINNT\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINNT\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINNT\system32\SSFLWBOX.SCR
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINNT\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINNT\Explorer\Explorer.exe: not present
C:\WINNT\System\Explorer.exe: not present
C:\WINNT\System32\Explorer.exe: not present
C:\WINNT\Command\Explorer.exe: not present
C:\WINNT\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINNT
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\DIALux\DLXShellExtension.dll - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2}
(no name) - C:\WINNT\system32\IETie.dll - {9527D42F-D666-11D3-B8DD-00600838CD5F}
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
--------------------------------------------------
Enumerating Task Scheduler jobs:
*No jobs found*
--------------------------------------------------
Enumerating Download Program Files:
[iPIX ActiveX Control]
InProcServer32 = C:\WINNT\DOWNLO~1\ipixx.ocx
CODEBASE =
http://www.ipix.com/viewers/ipixx.cab[Minesweeper Flags Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\minesweeper.dll
CODEBASE =
http://messenger.zon...er.cab31267.cab[WScanCtl Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\webscan.dll
CODEBASE =
http://www3.ca.com/s...nfo/webscan.cab[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE =
http://java.sun.com/...indows-i586.cab[MessengerStatsClient Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\messengerstatsclient.dll
CODEBASE =
http://messenger.zon...nt.cab31267.cab[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE =
http://v4.windowsupd...8356.1331365741[Autodesk DWF Viewer Control]
InProcServer32 = C:\Program Files\Common Files\Autodesk Shared\dwf common\AdView.dll
CODEBASE =
http://www.autodesk....ViewerSetup.cab[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE =
http://messenger.msn...pdownloader.cab[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE =
http://java.sun.com/...indows-i586.cab[Shockwave Flash Object]
InProcServer32 = C:\WINNT\system32\macromed\flash\Flash.ocx
CODEBASE =
http://active.macrom...abs/swflash.cab--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINNT\System32\rnr20.dll
NameSpace #2: C:\WINNT\System32\winrnr.dll
Protocol #1: C:\WINNT\system32\msafd.dll
Protocol #2: C:\WINNT\system32\msafd.dll
Protocol #3: C:\WINNT\system32\msafd.dll
Protocol #4: C:\WINNT\system32\rsvpsp.dll
Protocol #5: C:\WINNT\system32\rsvpsp.dll
Protocol #6: C:\WINNT\system32\msafd.dll
Protocol #7: C:\WINNT\system32\msafd.dll
Protocol #8: C:\WINNT\system32\msafd.dll
Protocol #9: C:\WINNT\system32\msafd.dll
Protocol #10: C:\WINNT\system32\msafd.dll
Protocol #11: C:\WINNT\system32\msafd.dll
Protocol #12: C:\WINNT\system32\msafd.dll
Protocol #13: C:\WINNT\system32\msafd.dll
Protocol #14: C:\WINNT\system32\msafd.dll
Protocol #15: C:\WINNT\system32\msafd.dll
Protocol #16: C:\WINNT\system32\msafd.dll
Protocol #17: C:\WINNT\system32\msafd.dll
Protocol #18: C:\WINNT\system32\msafd.dll
Protocol #19: C:\WINNT\system32\msafd.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
adpu160m: system32\DRIVERS\adpu160m.sys (system)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)
Aha154x: system32\DRIVERS\aha154x.sys (system)
aic78u2: system32\DRIVERS\aic78u2.sys (system)
aic78xx: system32\DRIVERS\aic78xx.sys (system)
Alerter: %SystemRoot%\system32\services.exe (manual start)
Alps Touch Pad Filter Driver for Windows 2000/XP: system32\DRIVERS\Apfiltr.sys (manual start)
Application Management: %SystemRoot%\system32\services.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Rezident Driver: \SystemRoot\System32\Drivers\avg7rsnt.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (autostart)
Broadcom 570x Gigabit Integrated Controller: system32\DRIVERS\b57w2k.sys (manual start)
Broadcom ASF IP monitoring service v6.0.3: C:\WINNT\system32\basfipm.exe (autostart)
BASFND: \??\C:\WINNT\system32\Drivers\BASFND.sys (autostart)
Dell Wireless WLAN Card Driver: system32\DRIVERS\bcmwl5.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k BITSgroup (manual start)
Computer Browser: %SystemRoot%\system32\services.exe (autostart)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINNT\system32\cisvc.exe (disabled)
ClipBook: C:\WINNT\system32\wbem\clipsvr.exe (autostart)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
TI UltraMedia CardBus Controller Filter Driver: system32\DRIVERS\tiumflt.sys (system)
DHCP Client: %SystemRoot%\system32\services.exe (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart)
Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\services.exe (autostart)
3Com EtherLink XL B/C Adapter Driver: system32\DRIVERS\el90xbc5.sys (manual start)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINNT\system32\svchost.exe -k netsvcs (manual start)
FAD: \??\C:\WINNT\system32\Drivers\FAD.sys (autostart)
fasttrak: system32\DRIVERS\fasttrak.sys (system)
Fax Service: %systemroot%\system32\faxsvc.exe (manual start)
Fd16_700: system32\DRIVERS\fd16_700.sys (system)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
USB Serial Converter Driver: system32\drivers\ftdibus.sys (manual start)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
USB Serial Port Driver: system32\drivers\ftser2k.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
GTICARD: system32\DRIVERS\gticard.sys (manual start)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (autostart)
HSFHWICH: system32\DRIVERS\HSFHWICH.sys (manual start)
HSF_DP: system32\DRIVERS\HSF_DP.sys (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
IntelIde: system32\DRIVERS\intelide.sys (system)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (manual start)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\services.exe (autostart)
Workstation: %SystemRoot%\system32\services.exe (autostart)
TCP/IP NetBIOS Helper Service: %SystemRoot%\system32\services.exe (autostart)
Logitech USB Monitor Filter: system32\drivers\lvusbsta.sys (manual start)
AEGIS Protocol (IEEE 802.1x) v2.3.1.7: system32\DRIVERS\mdc8021x.sys (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\services.exe (disabled)
NetMeeting Remote Desktop Sharing: C:\WINNT\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
BDA MPE Filter: system32\DRIVERS\MPE.sys (manual start)
mraid2k: system32\DRIVERS\mraid2k.sys (system)
mraid35x: system32\DRIVERS\mraid35x.sys (system)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINNT\system32\msdtc.exe (manual start)
Windows Installer: C:\WINNT\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: wbem\netdde32.exe (autostart)
NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
nv4: system32\DRIVERS\nv4.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Texas Instruments OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
OMCI WDM Device Driver: system32\DRIVERS\omci.sys (system)
Intel® AnyPoint® 3240 USB Modem Firmware Loader: system32\DRIVERS\p31usbld.sys (autostart)
Parallel class driver: system32\DRIVERS\parallel.sys (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (system)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Pcmcia: system32\DRIVERS\pcmcia.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Policy Agent: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\services.exe (autostart)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
Logitech QuickCam Communicate: system32\DRIVERS\LVCM.sys (manual start)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry Service: %SystemRoot%\system32\regsvc.exe (autostart)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe -s (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (autostart)
Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart)
RunAs Service: %SystemRoot%\system32\services.exe (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Internet Connection Sharing: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Sparrow: system32\DRIVERS\sparrow.sys (system)
MS Card_Reader: system32\DRIVERS\SP560X2K.SYS (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
Audio Driver (WDM) - SigmaTel CODEC: system32\drivers\STAC97.sys (manual start)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
tiumfwl: system32\drivers\tiumfwl.sys (manual start)
Telnet: %SystemRoot%\system32\tlntsvr.exe (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (autostart)
Microsoft USB Universal Host Controller Driver: system32\DRIVERS\uhcd.sys (manual start)
Ultra: system32\DRIVERS\ultra.sys (system)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
USB 2.0 Root Hub Support: system32\DRIVERS\usbhub20.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Windows Time: %SystemRoot%\System32\services.exe (manual start)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (manual start)
WLTRYSVC: %SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (manual start)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)
Wireless Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Neil\LOCALS~1\Temp\_iu14D2N.tmp|||L
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
SysTray: stobject.dll
WebCheck: C:\WINNT\system32\webcheck.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
End of report, 33,694 bytes
Report generated in 1.852 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Sign In
Create Account
