PPRuNe Forums - View Single Post - help please
Thread: help please
View Single Post
Old 24th Nov 2004, 17:49
  #12 (permalink)  
Devlin Carnet
 
Join Date: Jun 2004
Location: 8 dme 06L EGCC
Posts: 164
Likes: 0
Received 0 Likes on 0 Posts
Hi, Liam,
Here goes, startup list,
StartupList report, 24/11/2004, 18:18:33
StartupList version: 1.52.2
Started from : C:\hijack\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 8.0\aoltray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijack\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\x\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\System32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SoundMan = SOUNDMAN.EXE
ATIModeChange = Ati2mdxx.exe
ATIPTA = C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
ACTIVBOARD = c:\apps\ABoard\ABoard.exe
VCSPlayer = "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
CleanEasyImg = c:\apps\easydvd\cleanall.exe
EPSON Stylus C82 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C82 Series" /O5 "LPT1:" /M "Stylus C82"
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
(Default) =
Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
AOL Spyware Protection = "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

(Default) =

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOn ce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Start WingMan Profiler =

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOn ce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

To be continued..

File association entry for .EXE:
HKEY_CLASSES_ROOT\\exefile\\shell\\open\\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\\comfile\\shell\\open\\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\\batfile\\shell\\open\\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\\piffile\\shell\\open\\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\\scrfile\\shell\\open\\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\\htafile\\shell\\open\\command

(Default) = C:\\WINDOWS\\System32\\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\\txtfile\\shell\\open\\command

(Default) = %SystemRoot%\\system32\\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\\Software\\Microsoft\\Active Setup\\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\\WINDOWS\\inf\\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\\system32\\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\\system32\\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
StubPath = "C:\\WINDOWS\\System32\\rundll32.exe" "C:\\Program Files\\Messenger\\msgsc.dll",ShowIconsUser

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\\Outlook Express\\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\msmsgs.inf,BLC.Install.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\\WINDOWS\\INF\\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\\Outlook Express\\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\\system32\\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\\Software\\Mirabilis\\ICQ\\Agent\\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\\WINDOWS\\WIN.INI:

load=
run=

Load/Run keys from Registry:

HKLM\\..\\Windows NT\\CurrentVersion\\WinLogon: load=*Registry value not found*
HKLM\\..\\Windows NT\\CurrentVersion\\WinLogon: run=*Registry value not found*
HKLM\\..\\Windows\\CurrentVersion\\WinLogon: load=*Registry key not found*
HKLM\\..\\Windows\\CurrentVersion\\WinLogon: run=*Registry key not found*
HKCU\\..\\Windows NT\\CurrentVersion\\WinLogon: load=*Registry value not found*
HKCU\\..\\Windows NT\\CurrentVersion\\WinLogon: run=*Registry value not found*
HKCU\\..\\Windows\\CurrentVersion\\WinLogon: load=*Registry key not found*
HKCU\\..\\Windows\\CurrentVersion\\WinLogon: run=*Registry key not found*
HKCU\\..\\Windows NT\\CurrentVersion\\Windows: load=
HKCU\\..\\Windows NT\\CurrentVersion\\Windows: run=*Registry value not found*
HKLM\\..\\Windows NT\\CurrentVersion\\Windows: load=*Registry value not found*
HKLM\\..\\Windows NT\\CurrentVersion\\Windows: run=*Registry value not found*
HKLM\\..\\Windows NT\\CurrentVersion\\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\\WINDOWS\\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\\WINDOWS\\System32\\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\\..\\Policies: Shell=*Registry key not found*
HKLM\\..\\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\\WINDOWS\\Explorer.exe: PRESENT!

C:\\Explorer.exe: not present
C:\\WINDOWS\\Explorer\\Explorer.exe: not present
C:\\WINDOWS\\System\\Explorer.exe: not present
C:\\WINDOWS\\System32\\Explorer.exe: not present
C:\\WINDOWS\\Command\\Explorer.exe: not present
C:\\WINDOWS\\Fonts\\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: \'Microsoft Corporation\'
- Original filename OK: \'REGEDIT.EXE\'
- File description: \'Registry Editor\'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO\'s found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

HDReg.job
WebReg 20041108143955.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\\WINDOWS\\Java\\classes\\dajava.cab
OSD = C:\\WINDOWS\\Downloaded Program Files\\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\\WINDOWS\\Java\\classes\\xmldso.cab
OSD = C:\\WINDOWS\\Downloaded Program Files\\Microsoft XML Parser for Java.osd

[HouseCall Control]
InProcServer32 = C:\\WINDOWS\\DOWNLO~1\\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab

[Java Plug-in 1.3.1_03]
InProcServer32 = C:\\Program Files\\JavaSoft\\JRE\\1.3.1_03\\bin\\npjava131_03.dll
CODEBASE = http://java.sun.com/products/plugin/...131_03-win.cab

[Java Plug-in 1.3.1_03]
InProcServer32 = C:\\Program Files\\JavaSoft\\JRE\\1.3.1_03\\bin\\npjava131_03.dll
CODEBASE = http://java.sun.com/products/plugin/...131_03-win.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\\WINDOWS\\System32\\mswsock.dll
NameSpace #2: C:\\WINDOWS\\System32\\winrnr.dll
NameSpace #3: C:\\WINDOWS\\System32\\mswsock.dll
Protocol #1: C:\\WINDOWS\\system32\\mswsock.dll
Protocol #2: C:\\WINDOWS\\system32\\mswsock.dll
Protocol #3: C:\\WINDOWS\\system32\\mswsock.dll
Protocol #4: C:\\WINDOWS\\system32\\rsvpsp.dll
Protocol #5: C:\\WINDOWS\\system32\\rsvpsp.dll
Protocol #6: C:\\WINDOWS\\system32\\mswsock.dll
Protocol #7: C:\\WINDOWS\\system32\\mswsock.dll
Protocol #8: C:\\WINDOWS\\system32\\mswsock.dll
Protocol #9: C:\\WINDOWS\\system32\\mswsock.dll
Protocol #10: C:\\WINDOWS\\system32\\mswsock.dll
Protocol #11: C:\\WINDOWS\\system32\\mswsock.dll
Protocol #12: C:\\WINDOWS\\system32\\mswsock.dll
Protocol #13: C:\\WINDOWS\\system32\\mswsock.dll
Protocol #14: C:\\WINDOWS\\system32\\mswsock.dll
Protocol #15: C:\\WINDOWS\\system32\\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: System32\\DRIVERS\\ABP480N5.SYS (system)
Microsoft ACPI Driver: System32\\DRIVERS\\ACPI.sys (system)
adpu160m: System32\\DRIVERS\\adpu160m.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\\drivers\\aec.sys (manual start)
AFD Networking Support Environment: \\SystemRoot\\System32\\drivers\\afd.sys (autostart)
Intel AGP Bus Filter: System32\\DRIVERS\\agp440.sys (system)
Compaq AGP Bus Filter: System32\\DRIVERS\\agpCPQ.sys (system)
Aha154x: System32\\DRIVERS\\aha154x.sys (system)
aic78u2: System32\\DRIVERS\\aic78u2.sys (system)
aic78xx: System32\\DRIVERS\\aic78xx.sys (system)
Service for Realtek AC97 Audio (WDM): system32\\drivers\\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\\System32\\svchost.exe -k LocalService (manual start)
Application Layer Gateway Service: %SystemRoot%\\System32\\alg.exe (manual start)
AliIde: System32\\DRIVERS\\aliide.sys (system)
ALI AGP Bus Filter: System32\\DRIVERS\\alim1541.sys (system)
AMD AGP Bus Filter Driver: System32\\DRIVERS\\amdagp.sys (system)
AMD K7 Processor Driver: System32\\DRIVERS\\amdk7.sys (system)
amsint: System32\\DRIVERS\\amsint.sys (system)
AOL Spyware Protection Service: C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\\\aolserv.exe (autostart)
Application Management: %SystemRoot%\\system32\\svchost.exe -k netsvcs (manual start)
asc: System32\\DRIVERS\\asc.sys (system)
asc3350p: System32\\DRIVERS\\asc3350p.sys (system)
asc3550: System32\\DRIVERS\\asc3550.sys (system)
RAS Asynchronous Media Driver: System32\\DRIVERS\\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\\DRIVERS\\atapi.sys (system)
ATI Smart: C:\\WINDOWS\\system32\\ati2sgag.exe (autostart)
ati2mtag: System32\\DRIVERS\\ati2mtag.sys (manual start)
ATM ARP Client Protocol: System32\\DRIVERS\\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\\DRIVERS\\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
cbidf: System32\\DRIVERS\\cbidf2k.sys (system)
cd20xrnt: System32\\DRIVERS\\cd20xrnt.sys (system)
CD-ROM Driver: System32\\DRIVERS\\cdrom.sys (system)
Indexing Service: %SystemRoot%\\system32\\cisvc.exe (manual start)
ClipBook: %SystemRoot%\\system32\\clipsrv.exe (manual start)
CmdIde: System32\\DRIVERS\\cmdide.sys (system)
COM+ System Application: C:\\WINDOWS\\System32\\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: System32\\DRIVERS\\cpqarray.sys (system)
Cryptographic Services: %SystemRoot%\\system32\\svchost.exe -k netsvcs (autostart)
dac2w2k: System32\\DRIVERS\\dac2w2k.sys (system)
dac960nt: System32\\DRIVERS\\dac960nt.sys (system)
Kodak Camera Proxy: System32\\DRIVERS\\DcCam.sys (system)
DcFpoint: System32\\DRIVERS\\DcFpoint.sys (manual start)
Kodak DCFS2K Driver: system32\\drivers\\dcfs2k.sys (autostart)
Legacy Polling Service: System32\\DRIVERS\\DcLps.sys (manual start)
dcptp: System32\\DRIVERS\\DcPTP.sys (manual start)
DHCP Client: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\\DRIVERS\\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\\System32\\dmadmin.exe /com (manual start)
dmboot: System32\\drivers\\dmboot.sys (disabled)
dmio: System32\\drivers\\dmio.sys (disabled)
dmload: System32\\drivers\\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\\drivers\\DMusic.sys (manual start)
DNS Client: %SystemRoot%\\System32\\svchost.exe -k NetworkService (autostart)
dpti2o: System32\\DRIVERS\\dpti2o.sys (system)
Microsoft Kernel DRM Audio Descrambler: system32\\drivers\\drmkaud.sys (manual start)
EpsonBidirectionalService: C:\\Program Files\\Common Files\\EPSON\\EBAPI\\eEBSVC.exe (autostart)
EPSON Printer Status Agent2: C:\\Program Files\\Common Files\\EPSON\\EBAPI\\SAgent2.exe (autostart)
Error Reporting Service: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\\system32\\services.exe (autostart)
COM+ Event System: C:\\WINDOWS\\System32\\svchost.exe -k netsvcs (manual start)
Exportit: System32\\DRIVERS\\exportit.sys (system)
Fast User Switching Compatibility: %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\\DRIVERS\\fdc.sys (manual start)
VIA Rhine Family Fast Ethernet Adapter Driver Service: System32\\DRIVERS\\fetnd5b.sys (manual start)
Floppy Disk Driver: System32\\DRIVERS\\flpydisk.sys (manual start)
Volume Manager Driver: System32\\DRIVERS\\ftdisk.sys (system)
Game Port Enumerator: System32\\DRIVERS\\gameenum.sys (manual start)
Generic Packet Classifier: System32\\DRIVERS\\msgpc.sys (manual start)
Help and Support: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\\System32\\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\\DRIVERS\\hidusb.sys (manual start)
hpn: System32\\DRIVERS\\hpn.sys (system)
i2omp: System32\\DRIVERS\\i2omp.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\\DRIVERS\\i8042prt.sys (system)
CD-Burning Filter Driver: System32\\DRIVERS\\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\\WINDOWS\\System32\\imapi.exe (manual start)
ini910u: System32\\DRIVERS\\ini910u.sys (system)
IntelIde: System32\\DRIVERS\\intelide.sys (system)
IP Traffic Filter Driver: System32\\DRIVERS\\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\\DRIVERS\\ipinip.sys (manual start)
IP Network Address Translator: System32\\DRIVERS\\ipnat.sys (manual start)
IPSEC driver: System32\\DRIVERS\\ipsec.sys (system)
IR Enumerator Service: System32\\DRIVERS\\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\\DRIVERS\\isapnp.sys (system)
Keyboard Class Driver: System32\\DRIVERS\\kbdclass.sys (system)
Keyboard HID Driver: System32\\DRIVERS\\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\\drivers\\kmixer.sys (manual start)
Kodak Camera Connection Software: %SystemRoot%\\system32\\drivers\\KodakCCS.exe (autostart)
Server: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\\System32\\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
NetMeeting Remote Desktop Sharing: C:\\WINDOWS\\System32\\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\\DRIVERS\\mouclass.sys (system)
Mouse HID Driver: System32\\DRIVERS\\mouhid.sys (manual start)
mraid35x: System32\\DRIVERS\\mraid35x.sys (system)
WebDav Client Redirector: System32\\DRIVERS\\mrxdav.sys (manual start)
MRXSMB: System32\\DRIVERS\\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\\WINDOWS\\System32\\msdtc.exe (manual start)
Windows Installer: C:\\WINDOWS\\System32\\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\\drivers\\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\\drivers\\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\\drivers\\MSPQM.sys (manual start)
Microsoft MPU-401 MIDI UART Driver: system32\\drivers\\msmpu401.sys (manual start)
Mtlmnt5: System32\\DRIVERS\\Mtlmnt5.sys (manual start)
Mtlstrm: System32\\DRIVERS\\Mtlstrm.sys (manual start)
MustekMA1908Driver: \\??\\C:\\WINDOWS\\system32\\drivers\\ma1908.sys (autostart)
Remote Access NDIS TAPI Driver: System32\\DRIVERS\\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\\DRIVERS\\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\\DRIVERS\\ndiswan.sys (manual start)
NetBIOS Interface: System32\\DRIVERS\\netbios.sys (system)
NetBios over Tcpip: System32\\DRIVERS\\netbt.sys (system)
Network DDE: %SystemRoot%\\system32\\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\\system32\\netdde.exe (manual start)

Net Logon: %SystemRoot%\\System32\\lsass.exe (manual start)
Network Connections: %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\\System32\\lsass.exe (manual start)
Removable Storage: %SystemRoot%\\system32\\svchost.exe -k netsvcs (manual start)
NtMtlFax: System32\\DRIVERS\\NtMtlFax.sys (manual start)
nv: System32\\DRIVERS\\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: System32\\DRIVERS\\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\\DRIVERS\\nwlnkfwd.sys (manual start)
Parallel port driver: System32\\DRIVERS\\parport.sys (manual start)
PCI Bus Driver: System32\\DRIVERS\\pci.sys (system)
PCIIde: System32\\DRIVERS\\pciide.sys (system)
perc2: System32\\DRIVERS\\perc2.sys (system)
perc2hib: System32\\DRIVERS\\perc2hib.sys (system)
Plug and Play: %SystemRoot%\\system32\\services.exe (autostart)
IPSEC Services: %SystemRoot%\\System32\\lsass.exe (autostart)
WAN Miniport (PPTP): System32\\DRIVERS\\raspptp.sys (manual start)
Processor Driver: System32\\DRIVERS\\processr.sys (system)
Protected Storage: %SystemRoot%\\system32\\lsass.exe (autostart)
QoS Packet Scheduler: System32\\DRIVERS\\psched.sys (manual start)
Direct Parallel Link Driver: System32\\DRIVERS\\ptilink.sys (manual start)
PxHelp20: System32\\DRIVERS\\PxHelp20.sys (system)
ql1080: System32\\DRIVERS\\ql1080.sys (system)
Ql10wnt: System32\\DRIVERS\\ql10wnt.sys (system)
ql12160: System32\\DRIVERS\\ql12160.sys (system)
ql1240: System32\\DRIVERS\\ql1240.sys (system)
ql1280: System32\\DRIVERS\\ql1280.sys (system)
Remote Access Auto Connection Driver: System32\\DRIVERS\\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\\DRIVERS\\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\\DRIVERS\\raspppoe.sys (manual start)
Direct Parallel: System32\\DRIVERS\\raspti.sys (manual start)
Rdbss: System32\\DRIVERS\\rdbss.sys (system)
RDPCDD: System32\\DRIVERS\\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\\DRIVERS\\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\\WINDOWS\\system32\\sessmgr.exe (manual start)
recagent: \\??\\C:\\WINDOWS\\System32\\DRIVERS\\RecAgent.sys (manual start)
Digital CD Audio Playback Filter Driver: System32\\DRIVERS\\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\\System32\\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\\System32\\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\\system32\\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\\System32\\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\\system32\\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\\System32\\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\\System32\\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
ScsiAccess: C:\\WINDOWS\\System32\\ScsiAccess.EXE (autostart)
Secdrv: System32\\DRIVERS\\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\\system32\\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\\DRIVERS\\serenum.sys (manual start)
Serial port driver: System32\\DRIVERS\\serial.sys (system)
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
Shell Hardware Detection: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: System32\\DRIVERS\\sisagp.sys (system)
SmartLink AMR_PCI Driver: System32\\DRIVERS\\slntamr.sys (manual start)
SlNtHal: System32\\DRIVERS\\Slnthal.sys (manual start)
SmartLinkService: slserv.exe (autostart)
SlWdmSup: System32\\DRIVERS\\SlWdmSup.sys (manual start)
Sparrow: System32\\DRIVERS\\sparrow.sys (system)
Microsoft Kernel Audio Splitter: system32\\drivers\\splitter.sys (manual start)
Print Spooler: %SystemRoot%\\system32\\spoolsv.exe (autostart)
System Restore Filter Driver: \\SystemRoot\\System32\\DRIVERS\\sr.sys (disabled)
System Restore Service: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
Srv: System32\\DRIVERS\\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\\System32\\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\\System32\\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\\DRIVERS\\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\\drivers\\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\\WINDOWS\\System32\\dllhost.exe /Processid:{6B1C53D3-3752-41EB-8F0A-7DB80BFD7AA4} (manual start)
symc810: System32\\DRIVERS\\symc810.sys (system)
symc8xx: System32\\DRIVERS\\symc8xx.sys (system)
sym_hi: System32\\DRIVERS\\sym_hi.sys (system)
sym_u3: System32\\DRIVERS\\sym_u3.sys (system)
Microsoft Kernel System Audio Device: system32\\drivers\\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\\system32\\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\\DRIVERS\\tcpip.sys (system)
Terminal Device Driver: System32\\DRIVERS\\termdd.sys (system)
Terminal Services: %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
Themes: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
TosIde: System32\\DRIVERS\\toside.sys (system)
Distributed Link Tracking Client: %SystemRoot%\\system32\\svchost.exe -k netsvcs (autostart)
ultra: System32\\DRIVERS\\ultra.sys (system)
Microcode Update Driver: System32\\DRIVERS\\update.sys (manual start)
Upload Manager: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\\System32\\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\\System32\\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\\DRIVERS\\usbehci.sys (manual start)
USB2 Enabled Hub: System32\\DRIVERS\\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\\DRIVERS\\usbprint.sys (manual start)
USB Scanner Driver: System32\\DRIVERS\\usbscan.sys (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\\DRIVERS\\usbuhci.sys (manual start)
vcsmpdrv: System32\\DRIVERS\\vcsmpdrv.sys (system)
Virtual CD v4 Security service (SDK - Version): C:\\Program Files\\Virtual CD v4 SDK\\system\\vcssecs.exe (autostart)
VgaSave: \\SystemRoot\\System32\\drivers\\vga.sys (system)
VIA AGP Bus Filter: System32\\DRIVERS\\viaagp.sys (system)
VIA AGP Filter: System32\\DRIVERS\\viaagp1.sys (system)
ViaIde: System32\\DRIVERS\\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\\System32\\vssvc.exe (manual start)
Windows Time: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\\DRIVERS\\wanarp.sys (manual start)
WAN Miniport (ATW): System32\\DRIVERS\\wanatw4.sys (manual start)
WAN Miniport (ATW) Service: "C:\\WINDOWS\\wanmpsvc.exe" (autostart)
Microsoft WINMM WDM Audio Compatibility Driver: system32\\drivers\\wdmaud.sys (manual start)
WebClient: %SystemRoot%\\System32\\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\\system32\\svchost.exe -k netsvcs (autostart)
Logitech Virtual Bus Enumerator Driver: system32\\drivers\\WmBEnum.sys (manual start)
Portable Media Serial Number Service: %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
Logitech WingMan HID Filter Driver: system32\\drivers\\WmFilter.sys (manual start)
WMI Performance Adapter: C:\\WINDOWS\\System32\\wbem\\wmiapsrv.exe (manual start)
Logitech Virtual Hid Device Driver: system32\\drivers\\WmVirHid.sys (manual start)
Logitech WingMan Translation Layer Driver: system32\\drivers\\WmXlCore.sys (manual start)
Automatic Updates: %systemroot%\\system32\\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT \'Wininit.ini\':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\\WINDOWS\\system32\\SHELL32.dll
CDBurn: C:\\WINDOWS\\system32\\SHELL32.dll
WebCheck: C:\\WINDOWS\\System32\\webcheck.dll
SysTray: C:\\WINDOWS\\System32\\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\policies \\Explorer\\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\policies \\Explorer\\Run

*Registry key not found*

--------------------------------------------------

End of report, 34,153 bytes
Report generated in 0.094 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Net Logon: %SystemRoot%\\System32\\lsass.exe (manual start)
Network Connections: %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\\System32\\lsass.exe (manual start)
Removable Storage: %SystemRoot%\\system32\\svchost.exe -k netsvcs (manual start)
NtMtlFax: System32\\DRIVERS\\NtMtlFax.sys (manual start)
nv: System32\\DRIVERS\\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: System32\\DRIVERS\\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\\DRIVERS\\nwlnkfwd.sys (manual start)
Parallel port driver: System32\\DRIVERS\\parport.sys (manual start)
PCI Bus Driver: System32\\DRIVERS\\pci.sys (system)
PCIIde: System32\\DRIVERS\\pciide.sys (system)
perc2: System32\\DRIVERS\\perc2.sys (system)
perc2hib: System32\\DRIVERS\\perc2hib.sys (system)
Plug and Play: %SystemRoot%\\system32\\services.exe (autostart)
IPSEC Services: %SystemRoot%\\System32\\lsass.exe (autostart)
WAN Miniport (PPTP): System32\\DRIVERS\\raspptp.sys (manual start)
Processor Driver: System32\\DRIVERS\\processr.sys (system)
Protected Storage: %SystemRoot%\\system32\\lsass.exe (autostart)
QoS Packet Scheduler: System32\\DRIVERS\\psched.sys (manual start)
Direct Parallel Link Driver: System32\\DRIVERS\\ptilink.sys (manual start)
PxHelp20: System32\\DRIVERS\\PxHelp20.sys (system)
ql1080: System32\\DRIVERS\\ql1080.sys (system)
Ql10wnt: System32\\DRIVERS\\ql10wnt.sys (system)
ql12160: System32\\DRIVERS\\ql12160.sys (system)
ql1240: System32\\DRIVERS\\ql1240.sys (system)
ql1280: System32\\DRIVERS\\ql1280.sys (system)
Remote Access Auto Connection Driver: System32\\DRIVERS\\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\\DRIVERS\\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\\DRIVERS\\raspppoe.sys (manual start)
Direct Parallel: System32\\DRIVERS\\raspti.sys (manual start)
Rdbss: System32\\DRIVERS\\rdbss.sys (system)
RDPCDD: System32\\DRIVERS\\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\\DRIVERS\\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\\WINDOWS\\system32\\sessmgr.exe (manual start)
recagent: \\??\\C:\\WINDOWS\\System32\\DRIVERS\\RecAgent.sys (manual start)
Digital CD Audio Playback Filter Driver: System32\\DRIVERS\\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\\System32\\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\\System32\\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\\system32\\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\\System32\\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\\system32\\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\\System32\\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\\System32\\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
ScsiAccess: C:\\WINDOWS\\System32\\ScsiAccess.EXE (autostart)
Secdrv: System32\\DRIVERS\\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\\system32\\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\\DRIVERS\\serenum.sys (manual start)
Serial port driver: System32\\DRIVERS\\serial.sys (system)
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
Shell Hardware Detection: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: System32\\DRIVERS\\sisagp.sys (system)
SmartLink AMR_PCI Driver: System32\\DRIVERS\\slntamr.sys (manual start)
SlNtHal: System32\\DRIVERS\\Slnthal.sys (manual start)
SmartLinkService: slserv.exe (autostart)
SlWdmSup: System32\\DRIVERS\\SlWdmSup.sys (manual start)
Sparrow: System32\\DRIVERS\\sparrow.sys (system)
Microsoft Kernel Audio Splitter: system32\\drivers\\splitter.sys (manual start)
Print Spooler: %SystemRoot%\\system32\\spoolsv.exe (autostart)
System Restore Filter Driver: \\SystemRoot\\System32\\DRIVERS\\sr.sys (disabled)
System Restore Service: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
Srv: System32\\DRIVERS\\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\\System32\\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\\System32\\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\\DRIVERS\\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\\drivers\\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\\WINDOWS\\System32\\dllhost.exe /Processid:{6B1C53D3-3752-41EB-8F0A-7DB80BFD7AA4} (manual start)
symc810: System32\\DRIVERS\\symc810.sys (system)
symc8xx: System32\\DRIVERS\\symc8xx.sys (system)
sym_hi: System32\\DRIVERS\\sym_hi.sys (system)
sym_u3: System32\\DRIVERS\\sym_u3.sys (system)
Microsoft Kernel System Audio Device: system32\\drivers\\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\\system32\\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\\DRIVERS\\tcpip.sys (system)
Terminal Device Driver: System32\\DRIVERS\\termdd.sys (system)
Terminal Services: %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
Themes: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
TosIde: System32\\DRIVERS\\toside.sys (system)
Distributed Link Tracking Client: %SystemRoot%\\system32\\svchost.exe -k netsvcs (autostart)
ultra: System32\\DRIVERS\\ultra.sys (system)
Microcode Update Driver: System32\\DRIVERS\\update.sys (manual start)
Upload Manager: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\\System32\\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\\System32\\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\\DRIVERS\\usbehci.sys (manual start)
USB2 Enabled Hub: System32\\DRIVERS\\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\\DRIVERS\\usbprint.sys (manual start)
USB Scanner Driver: System32\\DRIVERS\\usbscan.sys (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\\DRIVERS\\usbuhci.sys (manual start)
vcsmpdrv: System32\\DRIVERS\\vcsmpdrv.sys (system)
Virtual CD v4 Security service (SDK - Version): C:\\Program Files\\Virtual CD v4 SDK\\system\\vcssecs.exe (autostart)
VgaSave: \\SystemRoot\\System32\\drivers\\vga.sys (system)
VIA AGP Bus Filter: System32\\DRIVERS\\viaagp.sys (system)
VIA AGP Filter: System32\\DRIVERS\\viaagp1.sys (system)
ViaIde: System32\\DRIVERS\\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\\System32\\vssvc.exe (manual start)
Windows Time: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\\DRIVERS\\wanarp.sys (manual start)
WAN Miniport (ATW): System32\\DRIVERS\\wanatw4.sys (manual start)
WAN Miniport (ATW) Service: "C:\\WINDOWS\\wanmpsvc.exe" (autostart)
Microsoft WINMM WDM Audio Compatibility Driver: system32\\drivers\\wdmaud.sys (manual start)
WebClient: %SystemRoot%\\System32\\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\\system32\\svchost.exe -k netsvcs (autostart)
Logitech Virtual Bus Enumerator Driver: system32\\drivers\\WmBEnum.sys (manual start)
Portable Media Serial Number Service: %SystemRoot%\\System32\\svchost.exe -k netsvcs (manual start)
Logitech WingMan HID Filter Driver: system32\\drivers\\WmFilter.sys (manual start)
WMI Performance Adapter: C:\\WINDOWS\\System32\\wbem\\wmiapsrv.exe (manual start)
Logitech Virtual Hid Device Driver: system32\\drivers\\WmVirHid.sys (manual start)
Logitech WingMan Translation Layer Driver: system32\\drivers\\WmXlCore.sys (manual start)
Automatic Updates: %systemroot%\\system32\\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\\System32\\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT \'Wininit.ini\':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\\WINDOWS\\system32\\SHELL32.dll
CDBurn: C:\\WINDOWS\\system32\\SHELL32.dll
WebCheck: C:\\WINDOWS\\System32\\webcheck.dll
SysTray: C:\\WINDOWS\\System32\\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\policies \\Explorer\\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\policies \\Explorer\\Run

*Registry key not found*

--------------------------------------------------

End of report, 34,153 bytes
Report generated in 0.094 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

And the log..
Logfile of HijackThis v1.98.2
Scan saved at 18:25:50, on 24/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Common Files\\EPSON\\EBAPI\\eEBSVC.exe
C:\\Program Files\\Common Files\\EPSON\\EBAPI\\SAgent2.exe
C:\\WINDOWS\\system32\\drivers\\KodakCCS.exe
C:\\WINDOWS\\System32\\ScsiAccess.EXE
C:\\WINDOWS\\system32\\slserv.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Virtual CD v4 SDK\\system\\vcssecs.exe
C:\\WINDOWS\\wanmpsvc.exe
C:\\WINDOWS\\Explorer.EXE
C:\\WINDOWS\\SOUNDMAN.EXE
C:\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
C:\\apps\\ABoard\\ABoard.exe
C:\\Program Files\\Virtual CD v4 SDK\\system\\vcsplay.exe
C:\\apps\\ABoard\\AOSD.exe
C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.E XE
C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe
C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\AOL 8.0\\aoltray.exe
C:\\Program Files\\WinZip\\WZQKPICK.EXE
C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe
C:\\WINDOWS\\System32\\wuauclt.exe
C:\\hijack\\HijackThis.exe

O4 - HKLM\\..\\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\\..\\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\\..\\Run: [ATIPTA] C:\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
O4 - HKLM\\..\\Run: [ACTIVBOARD] c:\\apps\\ABoard\\ABoard.exe
O4 - HKLM\\..\\Run: [VCSPlayer] "C:\\Program Files\\Virtual CD v4 SDK\\system\\vcsplay.exe"
O4 - HKLM\\..\\Run: [CleanEasyImg] c:\\apps\\easydvd\\cleanall.exe
O4 - HKLM\\..\\Run: [EPSON Stylus C82 Series] C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.E XE /P23 "EPSON Stylus C82 Series" /O5 "LPT1:" /M "Stylus C82"
O4 - HKLM\\..\\Run: [TkBellExe] "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe" -osboot
O4 - HKLM\\..\\Run: [Share-to-Web Namespace Daemon] C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe
O4 - HKLM\\..\\Run: [AOL Spyware Protection] "C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe"
O4 - HKCU\\..\\Run: [MSMSGS] "C:\\Program Files\\Messenger\\msmsgs.exe" /background
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\\Program Files\\AOL 8.0\\aoltray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\\Program Files\\WinZip\\WZQKPICK.EXE
O14 - IERESET.INF: START_PAGE_URL=file://C:\\APPS\\IE\\offline\\uk.htm
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab

Thanks guys
Devlin Carnet is offline