[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
6.0

Svchost.exe hosting the RPCss services take up to 90-100% of the CPU...

Asked by itcantam in Operating Systems Miscellaneous

Let me know what I have to do to... The 1st log is from HiJack and the 2nd one is from process Explorer...

I did run each and every software of AV and SPYware without success...

Its always the same thread in svchost.exe that take all the CPU :
Kernell32.dll!RegisterWaitForInputIdle+0x4a that just multiply itself, start with 3 thread using approx 33% of the CPU each, at the end (before I power off) it can goes up to 8 thread like this splitting up all the CPU...

The desktop are not affected like the laptop (have a Firewall (zone alarm) and a VPN client (Aventail connect)). The moment this event happensl, the desktop taskbar freezes completly(svchost looks to kill himself and restart), but all opened apps still working and alt-tab to switch, can't open any new apps... For the laptop, we can start anything, but the CPU is busy by svchost.exe.

-----------------------------------------------------------------------------------------------------------------------------------------
StartupList report, 7/20/2004, 1:27:06 PM
StartupList version: 1.52.2
Started from : J:\GENASDV2\Tam\tools\Spy finders\HijackThis\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\DcPSI.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\SafeBoot\SBMGRNT.EXE
C:\WINNT\system32\SLClient.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Dazel\Output Envoy\bin\DcDaemon.exe
C:\Program Files\OnDemand\OdPlayer\ODPlayer.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\RemotePoint Presenter\rpointpr.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\netscape\Program\netscape.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\wbem\wmiapsrv.exe
C:\Program Files\InterVideo\WinDVD\WinDVD.exe
J:\GENASDV2\Tam\tools\Spy finders\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\jfthibea.000\Start Menu\Programs\Startup]
BHODemon 2.0.lnk = GENASDV2\Tam\tools\Spy finders\BHODeamon\BHODemon.exe
HotSync Manager.lnk = Program Files\Palm\HOTSYNC.EXE
pcLogic.lnk = C:\ScriptLogic\mrLogic.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
HotSync Manager.lnk = ?
RemotePoint Presenter.lnk = C:\Program Files\RemotePoint Presenter\rpointpr.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AGRSMMSG = AGRSMMSG.exe
ATIModeChange = Ati2mdxx.exe
Tempfile = C:\WINNT\BAT\TEMP.LNK
DAZEL Delivery Agent = "C:\Program Files\Dazel\Output Envoy\bin\DcDaemon.exe"
OnDemand = C:\ScriptLogic\wKiX32.exe "C:\Program Files\OnDemand\OdPlayer\OnDemand.Kix"
SBMGRNT.EXE = C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
vptray = C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
TPHOTKEY = C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
ZENRC Tray Icon = C:\WINNT\System32\zentray.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINNT\System32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINNT\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINNT\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[>{CCB781BC-EB81-436D-B7D1-6AC8F8E6036D}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall

%SystemRoot%\system32\themeui.dll

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
StubPath = "C:\WINNT\System32\rundll32.exe" "C:\Program

Files\Messenger\msgsc.dll",ShowIconsUser

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection

C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection

C:\WINNT\INF\msmsgs.inf,BLC.Install.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user

/install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINNT\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=%SystemRoot%\bat.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINNT\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINNT\Explorer\Explorer.exe: not present
C:\WINNT\System\Explorer.exe: not present
C:\WINNT\System32\Explorer.exe: not present
C:\WINNT\Command\Explorer.exe: not present
C:\WINNT\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINNT
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINNT\System32\ATPART~1.DLL - {00000EF1-0786-4633-87C6-1AA7A44296DA}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINNT\Java\classes\dajava.cab
OSD = C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINNT\Java\classes\xmldso.cab
OSD = C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd

[F1 Organizer Class]
InProcServer32 = C:\WINNT\System32\ATPART~1.DLL
CODEBASE = http://www.addictivetechnologies.net/DM0/cab/wzzp4.cab

[PCPitstop Utility]
InProcServer32 = C:\WINNT\Downloaded Program Files\PCPitstop.dll
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[Installer Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\ISTactivex.dll
CODEBASE = http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab

[HouseCall Control]
InProcServer32 = C:\WINNT\DOWNLO~1\xscan53.ocx
CODEBASE =

http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

[mhLabel Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\mhLbl.dll
CODEBASE = http://www.pcpitstop.com/mhLbl.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

[SassCln Object]
InProcServer32 = C:\WINNT\Downloaded Program Files\SassCln.dll
CODEBASE = http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB

[CentraDownloaderCtl Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\CentraDownloader.dll
CODEBASE = http://batclass.icconsulting.com.au/SiteRoots/main/Install/CentraDownloader.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Program Files\Aventail\Connect\asdns.dll
NameSpace #2: C:\WINNT\System32\mswsock.dll
NameSpace #3: C:\WINNT\System32\winrnr.dll
NameSpace #4: C:\WINNT\System32\mswsock.dll
Protocol #1: C:\WINNT\system32\mswsock.dll
Protocol #2: C:\WINNT\system32\mswsock.dll
Protocol #3: C:\WINNT\system32\mswsock.dll
Protocol #4: C:\WINNT\system32\mswsock.dll
Protocol #5: C:\WINNT\system32\rsvpsp.dll
Protocol #6: C:\WINNT\system32\rsvpsp.dll
Protocol #7: C:\WINNT\system32\mswsock.dll
Protocol #8: C:\WINNT\system32\mswsock.dll
Protocol #9: C:\WINNT\system32\mswsock.dll
Protocol #10: C:\WINNT\system32\mswsock.dll
Protocol #11: C:\WINNT\system32\mswsock.dll
Protocol #12: C:\WINNT\system32\mswsock.dll
Protocol #13: C:\WINNT\system32\mswsock.dll
Protocol #14: C:\WINNT\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Embedded Controller Driver: System32\DRIVERS\ACPIEC.sys (system)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Agere Systems Soft Modem: System32\DRIVERS\AGRSM.sys (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Aventail Connect: C:\Program Files\Aventail\Connect\as32svc.exe (autostart)
Ascrypto: \??\C:\Program Files\Aventail\Connect\ascrypto.sys (manual start)
Askernel: \??\C:\Program Files\Aventail\Connect\asntkrnl.sys (system)
Astdi: \??\C:\Program Files\Aventail\Connect\asnttdi.sys (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs

(manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
Microsoft AC Adapter Driver: System32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: System32\DRIVERS\compbatt.sys (system)
COM+ System Application: C:\WINNT\System32\dllhost.exe

/Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Darpan: System32\DRIVERS\Darpan.sys (manual start)
DAZEL Delivery Agent: DcPSI.exe (autostart)
DefWatch: C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Diskeeper: C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe

(autostart)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual

start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel(R) PRO/1000 Adapter Driver: System32\DRIVERS\e1000325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINNT\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual

start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IBMPMDRV: System32\DRIVERS\ibmpmdrv.sys (manual start)
IBM PM Service: %SystemRoot%\System32\ibmpmsvc.exe (autostart)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINNT\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IrDA Protocol: System32\DRIVERS\irda.sys (autostart)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
Infrared Monitor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
LanHound Filter: System32\DRIVERS\isproto.sys (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: System32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"

(autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
NetMeeting Remote Desktop Sharing: C:\WINNT\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINNT\System32\msdtc.exe (manual start)
Windows Installer: C:\WINNT\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Novell Application Launcher: C:\Program Files\Novell\ZENworks\nalntsrv.exe (autostart)
NAVAP: \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys (manual start)
NAVAPEL: \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS

(autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040719.048\NAVENG.sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040719.048\NAVEX15.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (autostart)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NICM: System32\Drivers\Nicm.sys (system)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual

start)
Network Monitor Driver: System32\DRIVERS\NMnt.sys (manual start)
Symantec AntiVirus Client: C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe (autostart)
NSC Infrared Device Driver: System32\DRIVERS\nscirda.sys (manual start)
Novell Local Security Context Manager: \SystemRoot\System32\drivers\novell\nscmnt.sys

(manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OracleOraHome92ClientCache: C:\oracle\ora92\bin\ONRSD.EXE (manual start)
PalmUSBD: system32\drivers\PalmUSBD.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Pcmcia: System32\DRIVERS\pcmcia.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Novell ZfD Wake on LAN Status Agent: C:\Program

Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual

start)
WAN Miniport (IrDA): System32\DRIVERS\rasirda.sys (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual

start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINNT\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Novell ZfD Remote Management: C:\Program

Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (autostart)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
SafeBoot Configuration Manager: C:\Program Files\SafeBoot\SBMGRNT.EXE (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SbcpHid: \??\C:\WINNT\System32\Drivers\SbcpHid.sys (system)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS):

%SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
ScriptLogic service: SLClient.exe (autostart)
Intel(R) SMBus 2.0 Driver: System32\DRIVERS\smb.sys (manual start)
smwdm: system32\drivers\smwdm.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: \SystemRoot\System32\DRIVERS\sr.sys (disabled)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINNT\System32\dllhost.exe

/Processid:{06BEA234-9FA7-4D9B-B821-AF1C242995ED} (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
Synaptics TouchPad Driver: System32\DRIVERS\SynTP.sys (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINNT\System32\tlntsvr.exe (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService

(disabled)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys

(manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys

(manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
vsdatant: \??\C:\WINNT\System32\vsdatant.sys (autostart)
TrueVector Internet Monitor: C:\WINNT\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Intel(R) PRO/Wireless 7100 Adapter Driver: System32\DRIVERS\w70n51.sys (manual start)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual

start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k

netsvcs (manual start)
WMI Performance Adapter: C:\WINNT\System32\wbem\wmiapsrv.exe (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Novell XTier Authentication Service: \SystemRoot\System32\drivers\novell\xauthnt.sys (manual

start)
Workstation Manager: C:\Program Files\Novell\ZENworks\wm.exe (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINNT\system32\SHELL32.dll
CDBurn: C:\WINNT\system32\SHELL32.dll
WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: C:\WINNT\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 35,064 bytes
Report generated in 0.100 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only

-----------------------------------------------------------------------------------------------------------------------------------------
Process Explorer log when the prob happend...

Process      PID      CPU      Description      Company Name
System Idle Process      0                  
 Interrupts      n/a            Hardware Interrupts      
 DPCs      n/a            Deferred Procedure Calls      
 System      4      1            
  smss.exe      580            Windows NT Session Manager      Microsoft Corporation
   csrss.exe      644      1      Client Server Runtime Process      Microsoft Corporation
   winlogon.exe      668            Windows NT Logon Application      Microsoft Corporation
    services.exe      712      2      Services and Controller app      Microsoft Corporation
     ibmpmsvc.exe      904                  
     svchost.exe      940      94      Generic Host Process for Win32 Services      Microsoft Corporation
      hpgs2wnf.exe      3600            hpgs2wnf Module      
     svchost.exe      1168            Generic Host Process for Win32 Services      Microsoft Corporation
     svchost.exe      1180            Generic Host Process for Win32 Services      Microsoft Corporation
     spoolsv.exe      1392            Spooler SubSystem App      Microsoft Corporation
     cusrvc.exe      1664            Novell Client Update Service      Novell, Inc.
     DcPSI.exe      1680                  
     DKService.exe      1696            DKSERVICE.EXE      Executive Software International, Inc.
     mdm.exe      1728            Machine Debug Manager      Microsoft Corporation
     NALNTSRV.EXE      1752            NT Service for Novell Application Launcher (ZENLITE)      Novell, Inc.
     Rtvscan.exe      1856            Symantec AntiVirus      Symantec Corporation
     PCAHelper.exe      1900            PCAHelper Module      SYMON Communications, Inc.
     WolSerNT.exe      1924            Novell ZFD Wake on Lan Status Agent      Novell Inc.
     ZenRem32.exe      1944            Novell ZEN Remote Management Agent      Novell Inc.
     locator.exe      2044            Rpc Locator      Microsoft Corporation
     sbmgrnt.exe      132            SafeBoot Configuration Manager for NT      Control Break International
     SLClient.exe      184            SLServer      ScriptLogic Corporation
     svchost.exe      244            Generic Host Process for Win32 Services      Microsoft Corporation
     vsmon.exe      280            TrueVector Service      Zone Labs Inc.
     winvnc.exe      416            VNC server for Win32      RealVNC Ltd.
     WM.EXE      448            ZEN for Desktops Workstation Manager      Novell, INC.
      WMRUNDLL.EXE      1060            ZEN for Desktops Helper DLL Processor      Novell, INC.
     svchost.exe      1076            Generic Host Process for Win32 Services      Microsoft Corporation
     dllhost.exe      2844            COM Surrogate      Microsoft Corporation
     msiexec.exe      436            Windows® installer      Microsoft Corporation
    lsass.exe      724            LSA Shell (Export Version)      Microsoft Corporation
explorer.exe      2336            Windows Explorer      Microsoft Corporation
 tp4mon.exe      2500            IBM PS/2 TrackPoint Application      IBM Corporation
 DcDaemon.exe      2528            DAZEL Delivery Agent      Hewlett-Packard Company
 wKiX32.exe      2360            KiXtart main executable      Ruud van Velsen (Microsoft)
  OdPlayer.exe      2156            OnDemand Player      Global Knowledge, Inc.
 VPTray.exe      2688            Symantec AntiVirus      Symantec Corporation
 TPHKMGR.exe      2780                  
  TPONSCR.exe      2848                  
 nwtray.exe      3112            Novell System Tray Icon      Novell, Inc.
 hpgs2wnd.exe      3192            hpgs2wnd      Hewlett-Packard
 ctfmon.exe      3200            CTF Loader      Microsoft Corporation
 NALDESK.EXE      3664            ZENworks Application Explorer Executable      Novell, Inc
 HOTSYNC.EXE      240            HotSync® Manager Application      Palm, Inc.
 procexp.exe      1976      2      Sysinternals Process Explorer      Sysinternals
 MPSRPT_SETUPPerf.EXE      3228            MPS Reporting Tool for Setup and Performance Support      Microsoft Corporation
  cmd.exe      2452            Windows Command Processor      Microsoft Corporation
   msinfo32.exe      784            System Information      Microsoft Corporation
 cmd.exe      2140            Windows Command Processor      Microsoft Corporation
  cscript.exe      2696            Microsoft (r) Console Based Script Host      Microsoft Corporation
   cmd.exe      3000            Windows Command Processor      Microsoft Corporation
    tlist.exe      2912            Microsoft® Process List Utility      Microsoft Corporation
 autokr.exe      4088            Auto Kernrate Tool      
  cmd.exe      232            Windows Command Processor      Microsoft Corporation
   CheckSym.exe      1296            Symbol Collection and Verification Process      Microsoft Corporation
wuauclt.exe      2852            Windows Update AutoUpdate Client      Microsoft Corporation

Process: svchost.exe Pid: 940

Type      Name
Thread      svchost.exe(940): 980
Thread      svchost.exe(940): 980
Thread      svchost.exe(940): 980
Thread      svchost.exe(940): 976
Thread      svchost.exe(940): 976
Thread      svchost.exe(940): 948
Thread      svchost.exe(940): 948
Thread      svchost.exe(940): 944
Thread      svchost.exe(940): 3616
Thread      svchost.exe(940): 3492
Thread      svchost.exe(940): 3476
Thread      svchost.exe(940): 2896
Thread      svchost.exe(940): 2804
Thread      svchost.exe(940): 2748
Thread      svchost.exe(940): 2644
Thread      svchost.exe(940): 2404
Thread      svchost.exe(940): 228
Thread      svchost.exe(940): 2200
Thread      svchost.exe(940): 1484
Thread      svchost.exe(940): 1376
Token      NT AUTHORITY\SYSTEM
Token      NT AUTHORITY\SYSTEM
Token      NT AUTHORITY\SYSTEM
Token      NT AUTHORITY\SYSTEM
Token      NT AUTHORITY\SYSTEM
Token      NT AUTHORITY\SYSTEM
Token      NT AUTHORITY\SYSTEM
Token      NT AUTHORITY\SYSTEM
Token      NT AUTHORITY\SYSTEM
Token      NT AUTHORITY\SYSTEM
Token      NT AUTHORITY\SYSTEM
Token      NT AUTHORITY\LOCAL SERVICE
Process      hpgs2wnf.exe(3600)
Key      HKU
Key      HKU
Key      HKU
Key      HKU
Key      HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
Key      HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
Key      HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key      HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
Key      HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces
Key      HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters
Key      HKLM\SOFTWARE\Microsoft\Ole
Key      HKLM\SOFTWARE\Microsoft\COM3
Key      HKLM\SOFTWARE\Microsoft\COM3
Key      HKLM\SOFTWARE\Microsoft\COM3
Key      HKLM\SOFTWARE\Microsoft\COM3
Key      HKLM\SOFTWARE\Microsoft\COM3
Key      HKLM\SOFTWARE\Microsoft\COM3
Key      HKLM
Key      HKCU\Software\Classes
Key      HKCR\CLSID
Key      HKCR\CLSID
Key      HKCR\CLSID
Key      HKCR\AppID
Key      HKCR
Key      HKCR
Key      HKCR
Key      HKCR
Token      CA\cdagenai
Token      CA\cdagenai
Token      CA\cdagenai
Token      CA\cdagenai
Token      CA\cdagenai
Token      CA\cdagenai
Token      CA\cdagenai
Token      CA\cdagenai
Token      CA\cdagenai
Token      CA\cdagenai
Token      CA\cdagenai
Token      CA\cdagenai
Token      CA\cdagenai
File      C:\WINNT\system32
WindowStation      \Windows\WindowStations\Service-0x0-3e7$
WindowStation      \Windows\WindowStations\Service-0x0-3e7$
Directory      \Windows
Port      \RPC Control\epmapper
Directory      \KnownDlls
KeyedEvent      \KernelObjects\CritSecOutOfMemoryEvent
File      \Dfs
File      \Device\Udp
File      \Device\Tcp
File      \Device\Tcp
File      \Device\Tcp
File      \Device\Tcp
File      \Device\NwlnkSpx\Stream
File      \Device\NamedPipe\Winsock2\CatalogChangeListener-3ac-0
File      \Device\NamedPipe\svcctl
File      \Device\NamedPipe\net\NtControlPipe3
File      \Device\NamedPipe\epmapper
File      \Device\NamedPipe\epmapper
File      \Device\KsecDD
File      \Device\Ip
File      \Device\Ip
File      \Device\Ip
File      \Device\Afd\Endpoint
File      \Device\Afd\Endpoint
File      \Device\Afd\Endpoint
File      \Device\Afd\Endpoint
File      \Device\Afd\Endpoint
File      \Device\Afd\Endpoint
File      \Device\Afd\Endpoint
File      \Device\Afd\Endpoint
File      \Device\Afd\Endpoint
Desktop      \Default
Event      \BaseNamedObjects\userenv:  User Profile setup event
Section      \BaseNamedObjects\ShimSharedMemory
Mutant      \BaseNamedObjects\ShimCacheMutex
Event      \BaseNamedObjects\ScmCreatedEvent
Section      \BaseNamedObjects\RotHintTable
Mutant      \BaseNamedObjects\{02D4B3F1-FD88-11D1-960D-00805FC
Section      \BaseNamedObjects\__R_000000000007_SMem__
Directory      \BaseNamedObjects


Thank you in advance... Any advice will be appreciated.

[+][-]07/21/04 01:14 PM, ID: 11606577Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zone: Operating Systems Miscellaneous
Sign Up Now!
Solution Provided By: Cyber-Dude
Participating Experts: 8
Solution Grade: B
 
[+][-]07/20/04 12:52 PM, ID: 11596799Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/20/04 04:04 PM, ID: 11598319Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/20/04 08:38 PM, ID: 11599377Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/21/04 12:06 AM, ID: 11600131Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/21/04 09:00 AM, ID: 11604151Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07/21/04 11:25 AM, ID: 11605487Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/21/04 11:50 AM, ID: 11605733Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/21/04 11:51 AM, ID: 11605748Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/21/04 12:05 PM, ID: 11605884Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/21/04 12:43 PM, ID: 11606247Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07/21/04 02:55 PM, ID: 11607555Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/22/04 08:21 AM, ID: 11613143Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07/22/04 08:28 AM, ID: 11613224Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/22/04 11:31 AM, ID: 11615151Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/22/04 12:42 PM, ID: 11615899Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07/22/04 12:46 PM, ID: 11615947Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/22/04 01:14 PM, ID: 11616252Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/22/04 11:40 PM, ID: 11619155Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/23/04 08:54 AM, ID: 11622660Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07/23/04 11:01 AM, ID: 11623897Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]08/17/04 08:41 PM, ID: 11827342Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]08/20/04 09:16 AM, ID: 11852788Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]08/23/04 02:15 PM, ID: 11875205Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091118-EE-VQP-93