B
baczoni
Hi All!
I've got this problem which unfortunately I can't solve by myself. It's
not a sound card problem and I can't find any problems in the startup
places neither.
Here ar my startup details, hope anybody can figure out what's the
problem.
-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
No Items Found
-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Zone Labs Client "C:\Program Files\Zone Labs\Integrity
Client\iclient.exe"
C4EBReg "C:\Program Files\c4ebreg\c4ebreg.exe" /q
Isamtray "C:\Program Files\c4ebreg\isamtray.exe"
ISSI EZUpdate Service "c:\sdwork\issimsvc.exe"
TVT Scheduler Proxy C:\Program Files\Common
Files\Lenovo\Scheduler\scheduler_proxy.exe
ACTray C:\Program
Files\ThinkPad\ConnectUtilities\ACTray.exe
ACWLIcon C:\Program
Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
TPHOTKEY
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
DiskeeperSystray C:\Program Files\Diskeeper
Corporation\Diskeeper\DkIcon.exe
BMMGAG RunDll32
C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
SystemTray SysTray.exe
-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
No Items Found
-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
STYLEXP "C:\Program
Files\TGTSoft\StyleXP\StyleXP.exe -Hide"
-- Registry --
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce
configmsi cmd /c "rmdir /q C:\config.msi"
supportdir cmd /c "rmdir /q /s
"C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}""
-- Registry --
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
-- Start Menu - Current User --
No Items Found
-- Start Menu - All Users --
BTTray.lnk
-- Disabled Items --
No Items Found
-- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon --
Explorer.exe
-- Running Processes --
System Idle Process
System
smss.exe \SystemRoot\System32\smss.exe
csrss.exe
winlogon.exe winlogon.exe
services.exe C:\WINDOWS\system32\services.exe
lsass.exe C:\WINDOWS\system32\lsass.exe
ibmpmsvc.exe C:\WINDOWS\system32\ibmpmsvc.exe
ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs
StyleXPService.exe "C:\Program
Files\TGTSoft\StyleXP\StyleXPService.exe"
S24EvMon.exe C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
ccSetMgr.exe "C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe"
ccEvtMgr.exe "C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe"
spoolsv.exe C:\WINDOWS\system32\spoolsv.exe
trcboot.exe C:\WINDOWS\system32\Drivers\trcboot.exe
PCS_AGNT.EXE PCS_AGNT.EXE
AcPrfMgrSvc.exe "C:\Program
Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe"
svchost.exe
btwdins.exe "C:\Program Files\IBM\Bluetooth
Software\bin\btwdins.exe"
DefWatch.exe "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
dtocsrvc.exe "C:\Program Files\IBM\Desktop On-Call\dtocsrvc.exe"
DkService.exe "C:\Program Files\Diskeeper
Corporation\Diskeeper\DkService.exe"
rrpcsb.exe "C:\Program Files\IBM\IBM Rapid Restore
Ultra\rrpcsb.exe"
ayudame.exe "C:\Program Files\IBM Ayudame\ayudame.exe"
ibmService
c4ebreg.exe "C:\Program Files\c4ebreg\c4ebreg.exe"
ayudame.exe "C:\Program Files\IBM Ayudame\ayudame.exe"
restart_service 1484
issimsvc.exe c:\sdwork\issimsvc.exe
ntmulti.exe C:\notes\ntmulti.exe
NetCfgSv.EXE C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
RegSrvc.exe C:\WINDOWS\system32\RegSrvc.exe
SavRoam.exe "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
SMAgent.exe "C:\Program Files\Analog
Devices\SoundMAX\SMAgent.exe"
SUService.exe "c:\program files\lenovo\system
update\suservice.exe"
Rtvscan.exe "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
TPHDEXLG.exe System32\TPHDEXLG.EXE
TpKmpSvc.exe C:\WINDOWS\system32\TpKmpSVC.exe
tvtsched.exe "C:\Program Files\Common
Files\Lenovo\Scheduler\tvtsched.exe"
vsmon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
ldlcserv.exe C:\WINDOWS\system32\Drivers\ldlcserv.exe
AcSvc.exe "C:\Program
Files\ThinkPad\ConnectUtilities\AcSvc.exe"
alg.exe
ati2evxx.exe Ati2evxx.exe -Client
explorer.exe C:\WINDOWS\Explorer.EXE
1XConfig.exe C:\WINDOWS\system32\1XConfig.exe -Embedding
iclient.exe "C:\Program Files\Zone Labs\Integrity
Client\iclient.exe"
isamtray.exe "C:\Program Files\c4ebreg\isamtray.exe"
scheduler_proxy.exe "C:\Program Files\Common
Files\Lenovo\Scheduler\scheduler_proxy.exe"
ACTray.exe "C:\Program
Files\ThinkPad\ConnectUtilities\ACTray.exe"
ACWLIcon.exe "C:\Program
Files\ThinkPad\ConnectUtilities\ACWLIcon.exe"
TPHKMGR.exe "C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
rundll32.exe "C:\WINDOWS\system32\RunDll32.exe"
C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
BTTray.exe "C:\Program Files\IBM\Bluetooth
Software\BTTray.exe"
TPONSCR.exe "C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe"
TpScrex.exe "C:\Program
Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe"
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
TOTALCMD.EXE "C:\Program Files\totalcmd\TOTALCMD.EXE"
SpybotSD.exe "C:\Program Files\Spybot - Search &
Destroy\SpybotSD.exe"
StartupTracker3.exe
C:\DOCUME~1\hus00203\LOCALS~1\Temp\_tc\StartupTracker3.exe
wmiprvse.exe
-- Running Services --
Name: AcPrfMgrSvc
Description:
Startup Mode: Auto
Run from: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
Name: AcSvc
Description:
Startup Mode: Auto
Run from: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
Name: ALG
Description: Provides support for 3rd party protocol plug-ins for
Internet Connection Sharing and the Windows Firewall.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\alg.exe
Name: Ati HotKey Poller
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\system32\Ati2evxx.exe
Name: AudioSrv
Description: Manages audio devices for Windows-based programs. If this
service is stopped, audio devices and effects will not function
properly. If this service is disabled, any services that explicitly
depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Browser
Description: Maintains an updated list of computers on the network and
supplies this list to computers designated as browsers. If this service
is stopped, this list will not be updated or maintained. If this
service is disabled, any services that explicitly depend on it will
fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: BthServ
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k bthsvcs
Name: btwdins
Description:
Startup Mode: Auto
Run from: C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
Name: ccEvtMgr
Description: Symantec Event Manager
Startup Mode: Auto
Run from: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
Name: ccSetMgr
Description: Symantec Settings Manager
Startup Mode: Auto
Run from: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
Name: CryptSvc
Description: Provides three management services: Catalog Database
Service, which confirms the signatures of Windows files; Protected Root
Service, which adds and removes Trusted Root Certification Authority
certificates from this computer; and Key Service, which helps enroll
this computer for certificates. If this service is stopped, these
management services will not function properly. If this service is
disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: DcomLaunch
Description: Provides launch functionality for DCOM services.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost -k DcomLaunch
Name: DefWatch
Description: Monitors and maintains virus definitions.
Startup Mode: Auto
Run from: "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
Name: DesktopOnCallService
Description:
Startup Mode: Auto
Run from: C:\Program Files\IBM\Desktop On-Call\dtocsrvc.exe
Name: Dhcp
Description: Manages network configuration by registering and updating
IP addresses and DNS names.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: Diskeeper
Description: Controls the Windows Diskeeper Service
Startup Mode: Auto
Run from: "C:\Program Files\Diskeeper
Corporation\Diskeeper\DkService.exe"
Name: dmserver
Description: Detects and monitors new hard disk drives and sends disk
volume information to Logical Disk Manager Administrative Service for
configuration. If this service is stopped, dynamic disk status and
configuration information may become out of date. If this service is
disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Dnscache
Description: Resolves and caches Domain Name System (DNS) names for
this computer. If this service is stopped, this computer will not be
able to resolve DNS names and locate Active Directory domain
controllers. If this service is disabled, any services that explicitly
depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k NetworkService
Name: Eventlog
Description: Enables event log messages issued by Windows-based
programs and components to be viewed in Event Viewer. This service
cannot be stopped.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe
Name: EventSystem
Description: Supports System Event Notification Service (SENS), which
provides automatic distribution of events to subscribing Component
Object Model (COM) components. If the service is stopped, SENS will
close and will not be able to provide logon and logoff notifications.
If this service is disabled, any services that explicitly depend on it
will fail to start.
Startup Mode: Manual
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: helpsvc
Description: Enables Help and Support Center to run on this computer.
If this service is stopped, Help and Support Center will be
unavailable. If this service is disabled, any services that explicitly
depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: IBM Rapid Restore Ultra Service
Description:
Startup Mode: Auto
Run from: "C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"
Name: IBMFORTH
Description:
Startup Mode: Auto
Run from: C:\Program Files\IBM Ayudame\ayudame.exe ibmService
Name: IBMPMSVC
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\system32\ibmpmsvc.exe
Name: Irmon
Description: Supports infrared devices installed on the computer and
detects other devices that are in range.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: ISAMSvc
Description:
Startup Mode: Auto
Run from: C:\Program Files\c4ebreg\c4ebreg.exe
Name: ISSIMon
Description:
Startup Mode: Auto
Run from: c:\sdwork\issimsvc.exe
Name: lanmanserver
Description: Supports file, print, and named-pipe sharing over the
network for this computer. If this service is stopped, these functions
will be unavailable. If this service is disabled, any services that
explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: lanmanworkstation
Description: Creates and maintains client network connections to remote
servers. If this service is stopped, these connections will be
unavailable. If this service is disabled, any services that explicitly
depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: ldlcserv
Description: Enables SNA connectivity over a TCP/IP network for IBM
Personal Communications
Startup Mode: Auto
Run from: C:\WINDOWS\system32\Drivers\ldlcserv.exe
Name: LmHosts
Description: Enables support for NetBIOS over TCP/IP (NetBT) service
and NetBIOS name resolution.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k LocalService
Name: Multi-user Cleanup Service
Description:
Startup Mode: Auto
Run from: C:\notes\ntmulti.exe
Name: NetCfgSvr
Description:
Startup Mode: Auto
Run from: C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
Name: Netlogon
Description: Supports pass-through authentication of account logon
events for computers in a domain.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe
Name: Netman
Description: Manages objects in the Network and Dial-Up Connections
folder, in which you can view both local area network and remote
connections.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Nla
Description: Collects and stores network configuration and location
information, and notifies applications when this information changes.
Startup Mode: Manual
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: PlugPlay
Description: Enables a computer to recognize and adapt to hardware
changes with little or no user input. Stopping or disabling this
service will result in system instability.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe
Name: PolicyAgent
Description: Manages IP security policy and starts the ISAKMP/Oakley
(IKE) and the IP security driver.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe
Name: ProtectedStorage
Description: Provides protected storage for sensitive data, such as
private keys, to prevent access by unauthorized services, processes, or
users.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe
Name: RasMan
Description: Creates a network connection.
Startup Mode: Manual
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: RegSrvc
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\system32\RegSrvc.exe
Name: RemoteRegistry
Description: Enables remote users to modify registry settings on this
computer. If this service is stopped, the registry can be modified only
by users on this computer. If this service is disabled, any services
that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k LocalService
Name: RpcSs
Description: Provides the endpoint mapper and other miscellaneous RPC
services.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost -k rpcss
Name: S24EventMonitor
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\system32\S24EvMon.exe
Name: SamSs
Description: Stores security information for local user accounts.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe
Name: SavRoam
Description: Symantec AntiVirus Roaming Service
Startup Mode: Auto
Run from: "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
Name: Schedule
Description: Enables a user to configure and schedule automated tasks
on this computer. If this service is stopped, these tasks will not be
run at their scheduled times. If this service is disabled, any services
that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: seclogon
Description: Enables starting processes under alternate credentials. If
this service is stopped, this type of logon access will be unavailable.
If this service is disabled, any services that explicitly depend on it
will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: SENS
Description: Tracks system events such as Windows logon, network, and
power events. Notifies COM+ Event System subscribers of these events.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: SharedAccess
Description: Provides network address translation, addressing, name
resolution and/or intrusion prevention services for a home or small
office network.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: ShellHWDetection
Description: Provides notifications for AutoPlay hardware events.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: SoundMAX Agent Service (default)
Description:
Startup Mode: Auto
Run from: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Name: Spooler
Description: Loads files to memory for later printing.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\spoolsv.exe
Name: srservice
Description: Performs system restore functions. To stop service, turn
off System Restore from the System Restore tab in My
Computer->Properties
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: StyleXPService
Description:
Startup Mode: Auto
Run from: "C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"
Name: SUService
Description:
Startup Mode: Auto
Run from: c:\program files\lenovo\system update\suservice.exe
Name: Symantec AntiVirus
Description: Provides real-time virus scanning, reporting, and
management functionality for Symantec AntiVirus.
Startup Mode: Auto
Run from: "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
Name: TapiSrv
Description: Provides Telephony API (TAPI) support for programs that
control telephony devices and IP based voice connections on the local
computer and, through the LAN, on servers that are also running the
service.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: TermService
Description: Allows multiple users to be connected interactively to a
machine as well as the display of desktops and applications to remote
computers. The underpinning of Remote Desktop (including RD for
Administrators), Fast User Switching, Remote Assistance, and Terminal
Server.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost -k DComLaunch
Name: Themes
Description: Provides user experience theme management.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: TPHDEXLGSVC
Description:
Startup Mode: Auto
Run from: System32\TPHDEXLG.EXE
Name: TpKmpSVC
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\system32\TpKmpSVC.exe
Name: TrcBoot
Description: Enables tracing for IBM Personal Communications
Startup Mode: Auto
Run from: C:\WINDOWS\system32\Drivers\trcboot.exe
Name: TrkWks
Description: Maintains links between NTFS files within a computer or
across computers in a network domain.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: TVT Scheduler
Description:
Startup Mode: Auto
Run from: "C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe"
Name: vsmon
Description: Monitors internet traffic and generates alerts for
disallowed access.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
Name: W32Time
Description: Maintains date and time synchronization on all clients and
servers in the network. If this service is stopped, date and time
synchronization will be unavailable. If this service is disabled, any
services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: WebClient
Description: Enables Windows-based programs to create, access, and
modify Internet-based files. If this service is stopped, these
functions will not be available. If this service is disabled, any
services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k LocalService
Name: winmgmt
Description: Provides a common interface and object model to access
management information about operating system, devices, applications
and services. If this service is stopped, most Windows-based software
will not function properly. If this service is disabled, any services
that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: wuauserv
Description: Enables the download and installation of Windows updates.
If this service is disabled, this computer will not be able to use the
Automatic Updates feature or the Windows Update Web site.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: WZCSVC
Description: Provides automatic configuration for the 802.11 adapters
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Many thanks in advance!
Aron
I've got this problem which unfortunately I can't solve by myself. It's
not a sound card problem and I can't find any problems in the startup
places neither.
Here ar my startup details, hope anybody can figure out what's the
problem.
-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
No Items Found
-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Zone Labs Client "C:\Program Files\Zone Labs\Integrity
Client\iclient.exe"
C4EBReg "C:\Program Files\c4ebreg\c4ebreg.exe" /q
Isamtray "C:\Program Files\c4ebreg\isamtray.exe"
ISSI EZUpdate Service "c:\sdwork\issimsvc.exe"
TVT Scheduler Proxy C:\Program Files\Common
Files\Lenovo\Scheduler\scheduler_proxy.exe
ACTray C:\Program
Files\ThinkPad\ConnectUtilities\ACTray.exe
ACWLIcon C:\Program
Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
TPHOTKEY
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
DiskeeperSystray C:\Program Files\Diskeeper
Corporation\Diskeeper\DkIcon.exe
BMMGAG RunDll32
C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
SystemTray SysTray.exe
-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
No Items Found
-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
STYLEXP "C:\Program
Files\TGTSoft\StyleXP\StyleXP.exe -Hide"
-- Registry --
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce
configmsi cmd /c "rmdir /q C:\config.msi"
supportdir cmd /c "rmdir /q /s
"C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}""
-- Registry --
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
-- Start Menu - Current User --
No Items Found
-- Start Menu - All Users --
BTTray.lnk
-- Disabled Items --
No Items Found
-- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon --
Explorer.exe
-- Running Processes --
System Idle Process
System
smss.exe \SystemRoot\System32\smss.exe
csrss.exe
winlogon.exe winlogon.exe
services.exe C:\WINDOWS\system32\services.exe
lsass.exe C:\WINDOWS\system32\lsass.exe
ibmpmsvc.exe C:\WINDOWS\system32\ibmpmsvc.exe
ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs
StyleXPService.exe "C:\Program
Files\TGTSoft\StyleXP\StyleXPService.exe"
S24EvMon.exe C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
ccSetMgr.exe "C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe"
ccEvtMgr.exe "C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe"
spoolsv.exe C:\WINDOWS\system32\spoolsv.exe
trcboot.exe C:\WINDOWS\system32\Drivers\trcboot.exe
PCS_AGNT.EXE PCS_AGNT.EXE
AcPrfMgrSvc.exe "C:\Program
Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe"
svchost.exe
btwdins.exe "C:\Program Files\IBM\Bluetooth
Software\bin\btwdins.exe"
DefWatch.exe "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
dtocsrvc.exe "C:\Program Files\IBM\Desktop On-Call\dtocsrvc.exe"
DkService.exe "C:\Program Files\Diskeeper
Corporation\Diskeeper\DkService.exe"
rrpcsb.exe "C:\Program Files\IBM\IBM Rapid Restore
Ultra\rrpcsb.exe"
ayudame.exe "C:\Program Files\IBM Ayudame\ayudame.exe"
ibmService
c4ebreg.exe "C:\Program Files\c4ebreg\c4ebreg.exe"
ayudame.exe "C:\Program Files\IBM Ayudame\ayudame.exe"
restart_service 1484
issimsvc.exe c:\sdwork\issimsvc.exe
ntmulti.exe C:\notes\ntmulti.exe
NetCfgSv.EXE C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
RegSrvc.exe C:\WINDOWS\system32\RegSrvc.exe
SavRoam.exe "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
SMAgent.exe "C:\Program Files\Analog
Devices\SoundMAX\SMAgent.exe"
SUService.exe "c:\program files\lenovo\system
update\suservice.exe"
Rtvscan.exe "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
TPHDEXLG.exe System32\TPHDEXLG.EXE
TpKmpSvc.exe C:\WINDOWS\system32\TpKmpSVC.exe
tvtsched.exe "C:\Program Files\Common
Files\Lenovo\Scheduler\tvtsched.exe"
vsmon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
ldlcserv.exe C:\WINDOWS\system32\Drivers\ldlcserv.exe
AcSvc.exe "C:\Program
Files\ThinkPad\ConnectUtilities\AcSvc.exe"
alg.exe
ati2evxx.exe Ati2evxx.exe -Client
explorer.exe C:\WINDOWS\Explorer.EXE
1XConfig.exe C:\WINDOWS\system32\1XConfig.exe -Embedding
iclient.exe "C:\Program Files\Zone Labs\Integrity
Client\iclient.exe"
isamtray.exe "C:\Program Files\c4ebreg\isamtray.exe"
scheduler_proxy.exe "C:\Program Files\Common
Files\Lenovo\Scheduler\scheduler_proxy.exe"
ACTray.exe "C:\Program
Files\ThinkPad\ConnectUtilities\ACTray.exe"
ACWLIcon.exe "C:\Program
Files\ThinkPad\ConnectUtilities\ACWLIcon.exe"
TPHKMGR.exe "C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
rundll32.exe "C:\WINDOWS\system32\RunDll32.exe"
C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
BTTray.exe "C:\Program Files\IBM\Bluetooth
Software\BTTray.exe"
TPONSCR.exe "C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe"
TpScrex.exe "C:\Program
Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe"
firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
TOTALCMD.EXE "C:\Program Files\totalcmd\TOTALCMD.EXE"
SpybotSD.exe "C:\Program Files\Spybot - Search &
Destroy\SpybotSD.exe"
StartupTracker3.exe
C:\DOCUME~1\hus00203\LOCALS~1\Temp\_tc\StartupTracker3.exe
wmiprvse.exe
-- Running Services --
Name: AcPrfMgrSvc
Description:
Startup Mode: Auto
Run from: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
Name: AcSvc
Description:
Startup Mode: Auto
Run from: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
Name: ALG
Description: Provides support for 3rd party protocol plug-ins for
Internet Connection Sharing and the Windows Firewall.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\alg.exe
Name: Ati HotKey Poller
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\system32\Ati2evxx.exe
Name: AudioSrv
Description: Manages audio devices for Windows-based programs. If this
service is stopped, audio devices and effects will not function
properly. If this service is disabled, any services that explicitly
depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Browser
Description: Maintains an updated list of computers on the network and
supplies this list to computers designated as browsers. If this service
is stopped, this list will not be updated or maintained. If this
service is disabled, any services that explicitly depend on it will
fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: BthServ
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k bthsvcs
Name: btwdins
Description:
Startup Mode: Auto
Run from: C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
Name: ccEvtMgr
Description: Symantec Event Manager
Startup Mode: Auto
Run from: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
Name: ccSetMgr
Description: Symantec Settings Manager
Startup Mode: Auto
Run from: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
Name: CryptSvc
Description: Provides three management services: Catalog Database
Service, which confirms the signatures of Windows files; Protected Root
Service, which adds and removes Trusted Root Certification Authority
certificates from this computer; and Key Service, which helps enroll
this computer for certificates. If this service is stopped, these
management services will not function properly. If this service is
disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: DcomLaunch
Description: Provides launch functionality for DCOM services.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost -k DcomLaunch
Name: DefWatch
Description: Monitors and maintains virus definitions.
Startup Mode: Auto
Run from: "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
Name: DesktopOnCallService
Description:
Startup Mode: Auto
Run from: C:\Program Files\IBM\Desktop On-Call\dtocsrvc.exe
Name: Dhcp
Description: Manages network configuration by registering and updating
IP addresses and DNS names.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: Diskeeper
Description: Controls the Windows Diskeeper Service
Startup Mode: Auto
Run from: "C:\Program Files\Diskeeper
Corporation\Diskeeper\DkService.exe"
Name: dmserver
Description: Detects and monitors new hard disk drives and sends disk
volume information to Logical Disk Manager Administrative Service for
configuration. If this service is stopped, dynamic disk status and
configuration information may become out of date. If this service is
disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Dnscache
Description: Resolves and caches Domain Name System (DNS) names for
this computer. If this service is stopped, this computer will not be
able to resolve DNS names and locate Active Directory domain
controllers. If this service is disabled, any services that explicitly
depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k NetworkService
Name: Eventlog
Description: Enables event log messages issued by Windows-based
programs and components to be viewed in Event Viewer. This service
cannot be stopped.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe
Name: EventSystem
Description: Supports System Event Notification Service (SENS), which
provides automatic distribution of events to subscribing Component
Object Model (COM) components. If the service is stopped, SENS will
close and will not be able to provide logon and logoff notifications.
If this service is disabled, any services that explicitly depend on it
will fail to start.
Startup Mode: Manual
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: helpsvc
Description: Enables Help and Support Center to run on this computer.
If this service is stopped, Help and Support Center will be
unavailable. If this service is disabled, any services that explicitly
depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: IBM Rapid Restore Ultra Service
Description:
Startup Mode: Auto
Run from: "C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"
Name: IBMFORTH
Description:
Startup Mode: Auto
Run from: C:\Program Files\IBM Ayudame\ayudame.exe ibmService
Name: IBMPMSVC
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\system32\ibmpmsvc.exe
Name: Irmon
Description: Supports infrared devices installed on the computer and
detects other devices that are in range.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: ISAMSvc
Description:
Startup Mode: Auto
Run from: C:\Program Files\c4ebreg\c4ebreg.exe
Name: ISSIMon
Description:
Startup Mode: Auto
Run from: c:\sdwork\issimsvc.exe
Name: lanmanserver
Description: Supports file, print, and named-pipe sharing over the
network for this computer. If this service is stopped, these functions
will be unavailable. If this service is disabled, any services that
explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: lanmanworkstation
Description: Creates and maintains client network connections to remote
servers. If this service is stopped, these connections will be
unavailable. If this service is disabled, any services that explicitly
depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: ldlcserv
Description: Enables SNA connectivity over a TCP/IP network for IBM
Personal Communications
Startup Mode: Auto
Run from: C:\WINDOWS\system32\Drivers\ldlcserv.exe
Name: LmHosts
Description: Enables support for NetBIOS over TCP/IP (NetBT) service
and NetBIOS name resolution.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k LocalService
Name: Multi-user Cleanup Service
Description:
Startup Mode: Auto
Run from: C:\notes\ntmulti.exe
Name: NetCfgSvr
Description:
Startup Mode: Auto
Run from: C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
Name: Netlogon
Description: Supports pass-through authentication of account logon
events for computers in a domain.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe
Name: Netman
Description: Manages objects in the Network and Dial-Up Connections
folder, in which you can view both local area network and remote
connections.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Nla
Description: Collects and stores network configuration and location
information, and notifies applications when this information changes.
Startup Mode: Manual
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: PlugPlay
Description: Enables a computer to recognize and adapt to hardware
changes with little or no user input. Stopping or disabling this
service will result in system instability.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe
Name: PolicyAgent
Description: Manages IP security policy and starts the ISAKMP/Oakley
(IKE) and the IP security driver.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe
Name: ProtectedStorage
Description: Provides protected storage for sensitive data, such as
private keys, to prevent access by unauthorized services, processes, or
users.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe
Name: RasMan
Description: Creates a network connection.
Startup Mode: Manual
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: RegSrvc
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\system32\RegSrvc.exe
Name: RemoteRegistry
Description: Enables remote users to modify registry settings on this
computer. If this service is stopped, the registry can be modified only
by users on this computer. If this service is disabled, any services
that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k LocalService
Name: RpcSs
Description: Provides the endpoint mapper and other miscellaneous RPC
services.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost -k rpcss
Name: S24EventMonitor
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\system32\S24EvMon.exe
Name: SamSs
Description: Stores security information for local user accounts.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe
Name: SavRoam
Description: Symantec AntiVirus Roaming Service
Startup Mode: Auto
Run from: "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
Name: Schedule
Description: Enables a user to configure and schedule automated tasks
on this computer. If this service is stopped, these tasks will not be
run at their scheduled times. If this service is disabled, any services
that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: seclogon
Description: Enables starting processes under alternate credentials. If
this service is stopped, this type of logon access will be unavailable.
If this service is disabled, any services that explicitly depend on it
will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: SENS
Description: Tracks system events such as Windows logon, network, and
power events. Notifies COM+ Event System subscribers of these events.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: SharedAccess
Description: Provides network address translation, addressing, name
resolution and/or intrusion prevention services for a home or small
office network.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: ShellHWDetection
Description: Provides notifications for AutoPlay hardware events.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: SoundMAX Agent Service (default)
Description:
Startup Mode: Auto
Run from: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Name: Spooler
Description: Loads files to memory for later printing.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\spoolsv.exe
Name: srservice
Description: Performs system restore functions. To stop service, turn
off System Restore from the System Restore tab in My
Computer->Properties
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: StyleXPService
Description:
Startup Mode: Auto
Run from: "C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"
Name: SUService
Description:
Startup Mode: Auto
Run from: c:\program files\lenovo\system update\suservice.exe
Name: Symantec AntiVirus
Description: Provides real-time virus scanning, reporting, and
management functionality for Symantec AntiVirus.
Startup Mode: Auto
Run from: "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
Name: TapiSrv
Description: Provides Telephony API (TAPI) support for programs that
control telephony devices and IP based voice connections on the local
computer and, through the LAN, on servers that are also running the
service.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: TermService
Description: Allows multiple users to be connected interactively to a
machine as well as the display of desktops and applications to remote
computers. The underpinning of Remote Desktop (including RD for
Administrators), Fast User Switching, Remote Assistance, and Terminal
Server.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost -k DComLaunch
Name: Themes
Description: Provides user experience theme management.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: TPHDEXLGSVC
Description:
Startup Mode: Auto
Run from: System32\TPHDEXLG.EXE
Name: TpKmpSVC
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\system32\TpKmpSVC.exe
Name: TrcBoot
Description: Enables tracing for IBM Personal Communications
Startup Mode: Auto
Run from: C:\WINDOWS\system32\Drivers\trcboot.exe
Name: TrkWks
Description: Maintains links between NTFS files within a computer or
across computers in a network domain.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: TVT Scheduler
Description:
Startup Mode: Auto
Run from: "C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe"
Name: vsmon
Description: Monitors internet traffic and generates alerts for
disallowed access.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
Name: W32Time
Description: Maintains date and time synchronization on all clients and
servers in the network. If this service is stopped, date and time
synchronization will be unavailable. If this service is disabled, any
services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: WebClient
Description: Enables Windows-based programs to create, access, and
modify Internet-based files. If this service is stopped, these
functions will not be available. If this service is disabled, any
services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k LocalService
Name: winmgmt
Description: Provides a common interface and object model to access
management information about operating system, devices, applications
and services. If this service is stopped, most Windows-based software
will not function properly. If this service is disabled, any services
that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: wuauserv
Description: Enables the download and installation of Windows updates.
If this service is disabled, this computer will not be able to use the
Automatic Updates feature or the Windows Update Web site.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: WZCSVC
Description: Provides automatic configuration for the 802.11 adapters
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Many thanks in advance!
Aron