I need expert help.
My Desktop, and my toolbars are Missing when I start my computer. All I get when I boot is a tube with my wallpaper displayed on it. (Up to then, all the normal boot processes seem to be working, such as logging on as ADMINSTRATOR, etc).
What really intrigues me, is that I can start desktop manually at this point by starting TASK MANAGER (with CTRL/ALT/DELETE) and then issuing the 'CONTROL' command from the TASK MANAGER/NEW TASK/RUN/"CONTROL" (But FIRST I MUST end the currently running 'explorer.exe' task, or CONTROL wont help).
When I do this all my desktop icons appear as well as mt toolbars (START button, quick launch bar, etc).
I suspect either a corrupt startup program, or a registry entry problem.
This all began right after I ran SPYBOT to eliminate nusiance ware on my pc. SPYBOT ran ok, and indicated it had to finish the removal on my next boot up, and I approved that. Then on my next boot everything seemed to go ok, SPYBOT started up ok and finished it's cleanup.
I then got a warning message window pop up that said Norton had found the HTML Redlof.A virus. I have seen that for a week, and just usually clicked the message off. This time, however, I could not click it off as my pc locked up. I shutdown the pc, then rebooted - and surprise - no desktop or tool bars !
I have tried several things to fix this:
Running Nortin Antivirus and removing know viruses (No Help)
Starting up in SAFE MODE (wont work, still no desktop)
Recovering Win 2000 from my last Emergency Repair Disk (No Help)
Recovering Win 2000 from the Re-installation CD (No Help)
Calling DELL Tech Support - REALLY NO HELP (They would only advise new install !!!)
Undeleting the spyware programs that SPYBOT removed.
Undeleting the Virusware Nortin had removed (OK, I got desperate),
Recovering Win 2000 again from the ERD, and Re-install CD.
I've searched using Google, and read any article that seemed to relate to fixing missing desktops, including articles in the Microsoft Knowledge Base and Tech Support.
I've run 'msinfo32' (I can't tell what should be there or not, but I pasted the STARTUP programs below...)
I've run 'sigverif' (no unusual unsigned drivers tha I could tell).
I've looked for a second version of explore.exe or multiple versions of explorer.exe in C:\WINNT and the entire ahard drive, and found none - so it does not look like the Trojan explore.exe as I've seen discussed on a few posts on this board
I dowloaded a freeware utility called StartUpTracker3 (from to log the boot process (that info is below also...)
I guess that's about it.
I REALLY don't want to back up and reformat my hard drive, and reload all my programs and data again.
Can anyone help? Either with what to look for (registry or logs start up programs). Or explain what is supposed to run so I can see if it is? Or point me to a resource that can help (human or internet).
Thanks so much for reading, and considering this problem.
Matt
===============================================================
The list of program that msinfo32 found that ran at STARTUP:
===============================================================
System Information report written at: 10/03/2003 09:25:28 PM
[Startup Programs]
Program Command User Name Location
DESKTOP desktop.ini D8QX8L01\Administrator Startup
PopUpStopperFreeEdition "c:\progra~1\panicw~1\pop-up~1\psfree.exe" D8QX8L01\Administrator HKU\S-1-5-21-1275210071-1682526488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Opad c:\documents and settings\administrator\application data\scbr.exe D8QX8L01\Administrator HKU\S-1-5-21-1275210071-1682526488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HXDL.EXE c:\program files\alset\helpexpress\administrator\hxdl.exe -from="hxiul.exe" -to="hxiul.exe" D8QX8L01\Administrator HKU\S-1-5-21-1275210071-1682526488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
discfix c:\dell\discfix.cmd .DEFAULT Startup
Resolution Assistant c:\progra~1\dell\resolu~1\motive~1\bin\matcli.exe -boot All Users Common Startup
Synchronization Manager mobsync.exe /logon All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RxUser c:\program files\dell\resolution assistant\common\bin\rxuser.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Speed racer c:\program files\creative\playcenter\ctsrreg.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AudioHQ c:\program files\creative\sblive\audiohq\ahqtb.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
UpdReg c:\winnt\updreg.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adaptec DirectCD c:\progra~1\adaptec\directcd\directcd.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
madexe c:\program files\dell\resolution assistant\launchra.exe -boot All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SystemTasks c:\filez.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LoadQM loadqm.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NPS Event Checker c:\progra~1\navnt\npscheck.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Excite Private Messenger Pipe c:\program files\excite\prvtmsgr\bin\x8impipe.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RealTray c:\program files\real\realplayer\realplay.exe systemboothideplayer All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
tdyadnrc c:\winnt\system32\tdyadnrc.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Kernel32 c:\winnt\system\kernel32.dll All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IST Service c:\program files\istsvc\istsvc.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
UpdateStats c:\program files\media\media\updatestats.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunWindowsUpdate c:\winnt\uptodate.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
KeenValue c:\program files\common files\keenvalue\keenvalue.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
36F4SAZ3QJAFKE c:\winnt\system32\elq0i.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
POPInstLite c:\docume~1\defaul~1\mydocu~1\data\popins~1.exe /autorun All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SchedulingAgent mstinit.exe /firstlogon All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
winactive c:\program files\window active\winactive.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
========================================================================
START UP LOG from StarupTracker3:
========================================================================
10/1/2003 10:04:15 PM
-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
No Items Found
-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Synchronization Manager mobsync.exe /logon
RxUser C:\Program Files\Dell\Resolution Assistant\common\bin\RxUser.exe
Speed racer C:\Program Files\Creative\PlayCenter\CTSRReg.exe
AudioHQ C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
UpdReg C:\WINNT\Updreg.exe
Adaptec DirectCD C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
madexe C:\Program Files\Dell\Resolution Assistant\LaunchRA.exe -boot
SystemTasks C:\filez.exe
LoadQM loadqm.exe
NPS Event Checker C:\PROGRA~1\Navnt\npscheck.exe
Excite Private Messenger Pipe C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
RealTray C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
tdyadnrc C:\WINNT\System32\tdyadnrc.exe
stcloader C:\WINNT\System32\stcloader.exe
Kernel32 C:\WINNT\SYSTEM\Kernel32.dll
IST Service C:\Program Files\ISTsvc\istsvc.exe
UpdateStats C:\Program Files\Media\Media\UpdateStats.exe
RunWindowsUpdate C:\WINNT\uptodate.exe
KeenValue C:\Program Files\Common files\KeenValue\KeenValue.exe
36F4SAZ3QJAFKE C:\WINNT\System32\Elq0i.exe
POPInstLite C:\DOCUME~1\DEFAUL~1\MYDOCU~1\Data\POPINS~1.EXE /AutoRun
SchedulingAgent mstinit.exe /firstlogon
gllshcr C:\DOCUME~1\ADMINI~1\APPLIC~1\eabrchot.exe -QuieT
winactive C:\Program Files\Window Active\winactive.exe
-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
No Items Found
-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
PopUpStopperFreeEdition "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
Opad C:\Documents and Settings\Administrator\Application Data\scbr.exe
HXDL.EXE C:\Program Files\Alset\HelpExpress\Administrator\HXDL.EXE -from="HXIUL.EXE" -to="HXIUL.EXE"
ContentService C:\WINNT\System32\winservn.exe
-- Registry --
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce
^SetupICWDesktop C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
-- Registry --
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
No Items Found
-- Start Menu - Current User --
DESKTOP.INI
-- Start Menu - All Users --
Resolution Assistant.lnk
Microsoft Office.lnk
Norton AntiVirus AutoProtect.lnk
America Online 7.0 Tray Icon.lnk
hpoddt01.exe.lnk
hp psc 1000 series.lnk
DESKTOP.INI
KeenValue.lnk
-- Disabled Items --
No Items Found
-- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon --
Explorer.exe
-- Running Processes --
System Idle Process
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
spoolsv.exe
CTsvcCDA.exe
svchost.exe
LogWatNT.exe
navapsvc.exe
npssvc.exe
TNSLSNR.exe
ORACLE.EXE
OWASTSVR.EXE
regsvc.exe
MSTask.exe
RxMon.exe
stisvc.exe
wanmpsvc.exe
WinMgmt.exe
mspmspsv.exe
alertsvc.exe
taskmgr.exe
Explorer.exe
devldr32.exe
AHQTB.EXE
waol.exe
iexplore.exe
mshta.exe
CMD.EXE
NOTEPAD.EXE
winzip32.exe
StartupTracker3
-- Running Services --
Name: Browser
Description: Computer Browser
Startup Mode: Auto
Run from: C:\WINNT\System32\services.exe
Name: Creative Service for CDROM Access
Description: Creative Service for CDROM Access
Startup Mode: Auto
Run from: C:\WINNT\System32\CTsvcCDA.exe
Name: Dhcp
Description: DHCP Client
Startup Mode: Auto
Run from: C:\WINNT\System32\services.exe
Name: dmserver
Description: Logical Disk Manager
Startup Mode: Auto
Run from: C:\WINNT\System32\services.exe
Name: Dnscache
Description: DNS Client
Startup Mode: Auto
Run from: C:\WINNT\System32\services.exe
Name: Eventlog
Description: Event Log
Startup Mode: Auto
Run from: C:\WINNT\system32\services.exe
Name: EventSystem
Description: COM+ Event System
Startup Mode: Manual
Run from: C:\WINNT\System32\svchost.exe -k netsvcs
Name: lanmanserver
Description: Server
Startup Mode: Auto
Run from: C:\WINNT\System32\services.exe
Name: lanmanworkstation
Description: Workstation
Startup Mode: Auto
Run from: C:\WINNT\System32\services.exe
Name: LmHosts
Description: TCP/IP NetBIOS Helper Service
Startup Mode: Auto
Run from: C:\WINNT\System32\services.exe
Name: LogWatch
Description: Event Log Watch
Startup Mode: Auto
Run from: C:\WINNT\LogWatNT.exe
Name: NAV Alert
Description: NAV Alert
Startup Mode: Manual
Run from: C:\PROGRA~1\Navnt\alertsvc.exe
Name: NAV Auto-Protect
Description: NAV Auto-Protect
Startup Mode: Auto
Run from: C:\PROGRA~1\Navnt\navapsvc.exe
Name: Netman
Description: Network Connections
Startup Mode: Manual
Run from: C:\WINNT\System32\svchost.exe -k netsvcs
Name: Norton Program Scheduler
Description: Norton Program Scheduler
Startup Mode: Auto
Run from: C:\PROGRA~1\Navnt\npssvc.exe
Name: NtmsSvc
Description: Removable Storage
Startup Mode: Auto
Run from: C:\WINNT\System32\svchost.exe -k netsvcs
Name: Oracleora8iTNSListener
Description: Oracleora8iTNSListener
Startup Mode: Auto
Run from: c:\ora8i\BIN\TNSLSNR
Name: OracleServiceORA8I
Description: OracleServiceORA8I
Startup Mode: Auto
Run from: c:\ora8i\bin\ORACLE.EXE ORA8I
Name: OracleWebAssistant1
Description: OracleWebAssistant1
Startup Mode: Auto
Run from: c:\ora8i\BIN\OWASTSVR.EXE
Name: PlugPlay
Description: Plug and Play
Startup Mode: Auto
Run from: C:\WINNT\system32\services.exe
Name: PolicyAgent
Description: IPSEC Policy Agent
Startup Mode: Auto
Run from: C:\WINNT\System32\lsass.exe
Name: ProtectedStorage
Description: Protected Storage
Startup Mode: Auto
Run from: C:\WINNT\system32\services.exe
Name: RasMan
Description: Remote Access Connection Manager
Startup Mode: Manual
Run from: C:\WINNT\System32\svchost.exe -k netsvcs
Name: RemoteRegistry
Description: Remote Registry Service
Startup Mode: Auto
Run from: C:\WINNT\system32\regsvc.exe
Name: RpcSs
Description: Remote Procedure Call (RPC)
Startup Mode: Auto
Run from: C:\WINNT\system32\svchost -k rpcss
Name: SamSs
Description: Security Accounts Manager
Startup Mode: Auto
Run from: C:\WINNT\system32\lsass.exe
Name: Schedule
Description: Task Scheduler
Startup Mode: Auto
Run from: C:\WINNT\system32\MSTask.exe
Name: seclogon
Description: RunAs Service
Startup Mode: Auto
Run from: C:\WINNT\system32\services.exe
Name: SENS
Description: System Event Notification
Startup Mode: Auto
Run from: C:\WINNT\system32\svchost.exe -k netsvcs
Name: Service Request Monitor
Description: Service Request Monitor
Startup Mode: Auto
Run from: C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
Name: Spooler
Description: Print Spooler
Startup Mode: Auto
Run from: C:\WINNT\system32\spoolsv.exe
Name: StiSvc
Description: Still Image Service
Startup Mode: Auto
Run from: C:\WINNT\system32\stisvc.exe
Name: TapiSrv
Description: Telephony
Startup Mode: Manual
Run from: C:\WINNT\System32\svchost.exe -k netsvcs
Name: TrkWks
Description: Distributed Link Tracking Client
Startup Mode: Auto
Run from: C:\WINNT\system32\services.exe
Name: WANMiniportService
Description: WAN Miniport (ATW) Service
Startup Mode: Auto
Run from: "C:\WINNT\wanmpsvc.exe"
Name: WinMgmt
Description: Windows Management Instrumentation
Startup Mode: Auto
Run from: C:\WINNT\System32\WBEM\WinMgmt.exe
Name: WMDM PMSP Service
Description: WMDM PMSP Service
Startup Mode: Auto
Run from: C:\WINNT\System32\mspmspsv.exe
Name: Wmi
Description: Windows Management Instrumentation Driver Extensions
Startup Mode: Manual
Run from: C:\WINNT\system32\Services.exe
My Desktop, and my toolbars are Missing when I start my computer. All I get when I boot is a tube with my wallpaper displayed on it. (Up to then, all the normal boot processes seem to be working, such as logging on as ADMINSTRATOR, etc).
What really intrigues me, is that I can start desktop manually at this point by starting TASK MANAGER (with CTRL/ALT/DELETE) and then issuing the 'CONTROL' command from the TASK MANAGER/NEW TASK/RUN/"CONTROL" (But FIRST I MUST end the currently running 'explorer.exe' task, or CONTROL wont help).
When I do this all my desktop icons appear as well as mt toolbars (START button, quick launch bar, etc).
I suspect either a corrupt startup program, or a registry entry problem.
This all began right after I ran SPYBOT to eliminate nusiance ware on my pc. SPYBOT ran ok, and indicated it had to finish the removal on my next boot up, and I approved that. Then on my next boot everything seemed to go ok, SPYBOT started up ok and finished it's cleanup.
I then got a warning message window pop up that said Norton had found the HTML Redlof.A virus. I have seen that for a week, and just usually clicked the message off. This time, however, I could not click it off as my pc locked up. I shutdown the pc, then rebooted - and surprise - no desktop or tool bars !
I have tried several things to fix this:
Running Nortin Antivirus and removing know viruses (No Help)
Starting up in SAFE MODE (wont work, still no desktop)
Recovering Win 2000 from my last Emergency Repair Disk (No Help)
Recovering Win 2000 from the Re-installation CD (No Help)
Calling DELL Tech Support - REALLY NO HELP (They would only advise new install !!!)
Undeleting the spyware programs that SPYBOT removed.
Undeleting the Virusware Nortin had removed (OK, I got desperate),
Recovering Win 2000 again from the ERD, and Re-install CD.
I've searched using Google, and read any article that seemed to relate to fixing missing desktops, including articles in the Microsoft Knowledge Base and Tech Support.
I've run 'msinfo32' (I can't tell what should be there or not, but I pasted the STARTUP programs below...)
I've run 'sigverif' (no unusual unsigned drivers tha I could tell).
I've looked for a second version of explore.exe or multiple versions of explorer.exe in C:\WINNT and the entire ahard drive, and found none - so it does not look like the Trojan explore.exe as I've seen discussed on a few posts on this board
I dowloaded a freeware utility called StartUpTracker3 (from to log the boot process (that info is below also...)
I guess that's about it.
I REALLY don't want to back up and reformat my hard drive, and reload all my programs and data again.
Can anyone help? Either with what to look for (registry or logs start up programs). Or explain what is supposed to run so I can see if it is? Or point me to a resource that can help (human or internet).
Thanks so much for reading, and considering this problem.
Matt
===============================================================
The list of program that msinfo32 found that ran at STARTUP:
===============================================================
System Information report written at: 10/03/2003 09:25:28 PM
[Startup Programs]
Program Command User Name Location
DESKTOP desktop.ini D8QX8L01\Administrator Startup
PopUpStopperFreeEdition "c:\progra~1\panicw~1\pop-up~1\psfree.exe" D8QX8L01\Administrator HKU\S-1-5-21-1275210071-1682526488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Opad c:\documents and settings\administrator\application data\scbr.exe D8QX8L01\Administrator HKU\S-1-5-21-1275210071-1682526488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HXDL.EXE c:\program files\alset\helpexpress\administrator\hxdl.exe -from="hxiul.exe" -to="hxiul.exe" D8QX8L01\Administrator HKU\S-1-5-21-1275210071-1682526488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
discfix c:\dell\discfix.cmd .DEFAULT Startup
Resolution Assistant c:\progra~1\dell\resolu~1\motive~1\bin\matcli.exe -boot All Users Common Startup
Synchronization Manager mobsync.exe /logon All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RxUser c:\program files\dell\resolution assistant\common\bin\rxuser.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Speed racer c:\program files\creative\playcenter\ctsrreg.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AudioHQ c:\program files\creative\sblive\audiohq\ahqtb.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
UpdReg c:\winnt\updreg.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adaptec DirectCD c:\progra~1\adaptec\directcd\directcd.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
madexe c:\program files\dell\resolution assistant\launchra.exe -boot All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SystemTasks c:\filez.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LoadQM loadqm.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NPS Event Checker c:\progra~1\navnt\npscheck.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Excite Private Messenger Pipe c:\program files\excite\prvtmsgr\bin\x8impipe.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RealTray c:\program files\real\realplayer\realplay.exe systemboothideplayer All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
tdyadnrc c:\winnt\system32\tdyadnrc.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Kernel32 c:\winnt\system\kernel32.dll All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IST Service c:\program files\istsvc\istsvc.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
UpdateStats c:\program files\media\media\updatestats.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RunWindowsUpdate c:\winnt\uptodate.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
KeenValue c:\program files\common files\keenvalue\keenvalue.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
36F4SAZ3QJAFKE c:\winnt\system32\elq0i.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
POPInstLite c:\docume~1\defaul~1\mydocu~1\data\popins~1.exe /autorun All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SchedulingAgent mstinit.exe /firstlogon All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
winactive c:\program files\window active\winactive.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
========================================================================
START UP LOG from StarupTracker3:
========================================================================
10/1/2003 10:04:15 PM
-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
No Items Found
-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Synchronization Manager mobsync.exe /logon
RxUser C:\Program Files\Dell\Resolution Assistant\common\bin\RxUser.exe
Speed racer C:\Program Files\Creative\PlayCenter\CTSRReg.exe
AudioHQ C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
UpdReg C:\WINNT\Updreg.exe
Adaptec DirectCD C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
madexe C:\Program Files\Dell\Resolution Assistant\LaunchRA.exe -boot
SystemTasks C:\filez.exe
LoadQM loadqm.exe
NPS Event Checker C:\PROGRA~1\Navnt\npscheck.exe
Excite Private Messenger Pipe C:\Program Files\Excite\PrvtMsgr\bin\x8IMPipe.exe
RealTray C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
tdyadnrc C:\WINNT\System32\tdyadnrc.exe
stcloader C:\WINNT\System32\stcloader.exe
Kernel32 C:\WINNT\SYSTEM\Kernel32.dll
IST Service C:\Program Files\ISTsvc\istsvc.exe
UpdateStats C:\Program Files\Media\Media\UpdateStats.exe
RunWindowsUpdate C:\WINNT\uptodate.exe
KeenValue C:\Program Files\Common files\KeenValue\KeenValue.exe
36F4SAZ3QJAFKE C:\WINNT\System32\Elq0i.exe
POPInstLite C:\DOCUME~1\DEFAUL~1\MYDOCU~1\Data\POPINS~1.EXE /AutoRun
SchedulingAgent mstinit.exe /firstlogon
gllshcr C:\DOCUME~1\ADMINI~1\APPLIC~1\eabrchot.exe -QuieT
winactive C:\Program Files\Window Active\winactive.exe
-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
No Items Found
-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
PopUpStopperFreeEdition "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
Opad C:\Documents and Settings\Administrator\Application Data\scbr.exe
HXDL.EXE C:\Program Files\Alset\HelpExpress\Administrator\HXDL.EXE -from="HXIUL.EXE" -to="HXIUL.EXE"
ContentService C:\WINNT\System32\winservn.exe
-- Registry --
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce
^SetupICWDesktop C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
-- Registry --
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
No Items Found
-- Start Menu - Current User --
DESKTOP.INI
-- Start Menu - All Users --
Resolution Assistant.lnk
Microsoft Office.lnk
Norton AntiVirus AutoProtect.lnk
America Online 7.0 Tray Icon.lnk
hpoddt01.exe.lnk
hp psc 1000 series.lnk
DESKTOP.INI
KeenValue.lnk
-- Disabled Items --
No Items Found
-- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon --
Explorer.exe
-- Running Processes --
System Idle Process
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
spoolsv.exe
CTsvcCDA.exe
svchost.exe
LogWatNT.exe
navapsvc.exe
npssvc.exe
TNSLSNR.exe
ORACLE.EXE
OWASTSVR.EXE
regsvc.exe
MSTask.exe
RxMon.exe
stisvc.exe
wanmpsvc.exe
WinMgmt.exe
mspmspsv.exe
alertsvc.exe
taskmgr.exe
Explorer.exe
devldr32.exe
AHQTB.EXE
waol.exe
iexplore.exe
mshta.exe
CMD.EXE
NOTEPAD.EXE
winzip32.exe
StartupTracker3
-- Running Services --
Name: Browser
Description: Computer Browser
Startup Mode: Auto
Run from: C:\WINNT\System32\services.exe
Name: Creative Service for CDROM Access
Description: Creative Service for CDROM Access
Startup Mode: Auto
Run from: C:\WINNT\System32\CTsvcCDA.exe
Name: Dhcp
Description: DHCP Client
Startup Mode: Auto
Run from: C:\WINNT\System32\services.exe
Name: dmserver
Description: Logical Disk Manager
Startup Mode: Auto
Run from: C:\WINNT\System32\services.exe
Name: Dnscache
Description: DNS Client
Startup Mode: Auto
Run from: C:\WINNT\System32\services.exe
Name: Eventlog
Description: Event Log
Startup Mode: Auto
Run from: C:\WINNT\system32\services.exe
Name: EventSystem
Description: COM+ Event System
Startup Mode: Manual
Run from: C:\WINNT\System32\svchost.exe -k netsvcs
Name: lanmanserver
Description: Server
Startup Mode: Auto
Run from: C:\WINNT\System32\services.exe
Name: lanmanworkstation
Description: Workstation
Startup Mode: Auto
Run from: C:\WINNT\System32\services.exe
Name: LmHosts
Description: TCP/IP NetBIOS Helper Service
Startup Mode: Auto
Run from: C:\WINNT\System32\services.exe
Name: LogWatch
Description: Event Log Watch
Startup Mode: Auto
Run from: C:\WINNT\LogWatNT.exe
Name: NAV Alert
Description: NAV Alert
Startup Mode: Manual
Run from: C:\PROGRA~1\Navnt\alertsvc.exe
Name: NAV Auto-Protect
Description: NAV Auto-Protect
Startup Mode: Auto
Run from: C:\PROGRA~1\Navnt\navapsvc.exe
Name: Netman
Description: Network Connections
Startup Mode: Manual
Run from: C:\WINNT\System32\svchost.exe -k netsvcs
Name: Norton Program Scheduler
Description: Norton Program Scheduler
Startup Mode: Auto
Run from: C:\PROGRA~1\Navnt\npssvc.exe
Name: NtmsSvc
Description: Removable Storage
Startup Mode: Auto
Run from: C:\WINNT\System32\svchost.exe -k netsvcs
Name: Oracleora8iTNSListener
Description: Oracleora8iTNSListener
Startup Mode: Auto
Run from: c:\ora8i\BIN\TNSLSNR
Name: OracleServiceORA8I
Description: OracleServiceORA8I
Startup Mode: Auto
Run from: c:\ora8i\bin\ORACLE.EXE ORA8I
Name: OracleWebAssistant1
Description: OracleWebAssistant1
Startup Mode: Auto
Run from: c:\ora8i\BIN\OWASTSVR.EXE
Name: PlugPlay
Description: Plug and Play
Startup Mode: Auto
Run from: C:\WINNT\system32\services.exe
Name: PolicyAgent
Description: IPSEC Policy Agent
Startup Mode: Auto
Run from: C:\WINNT\System32\lsass.exe
Name: ProtectedStorage
Description: Protected Storage
Startup Mode: Auto
Run from: C:\WINNT\system32\services.exe
Name: RasMan
Description: Remote Access Connection Manager
Startup Mode: Manual
Run from: C:\WINNT\System32\svchost.exe -k netsvcs
Name: RemoteRegistry
Description: Remote Registry Service
Startup Mode: Auto
Run from: C:\WINNT\system32\regsvc.exe
Name: RpcSs
Description: Remote Procedure Call (RPC)
Startup Mode: Auto
Run from: C:\WINNT\system32\svchost -k rpcss
Name: SamSs
Description: Security Accounts Manager
Startup Mode: Auto
Run from: C:\WINNT\system32\lsass.exe
Name: Schedule
Description: Task Scheduler
Startup Mode: Auto
Run from: C:\WINNT\system32\MSTask.exe
Name: seclogon
Description: RunAs Service
Startup Mode: Auto
Run from: C:\WINNT\system32\services.exe
Name: SENS
Description: System Event Notification
Startup Mode: Auto
Run from: C:\WINNT\system32\svchost.exe -k netsvcs
Name: Service Request Monitor
Description: Service Request Monitor
Startup Mode: Auto
Run from: C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
Name: Spooler
Description: Print Spooler
Startup Mode: Auto
Run from: C:\WINNT\system32\spoolsv.exe
Name: StiSvc
Description: Still Image Service
Startup Mode: Auto
Run from: C:\WINNT\system32\stisvc.exe
Name: TapiSrv
Description: Telephony
Startup Mode: Manual
Run from: C:\WINNT\System32\svchost.exe -k netsvcs
Name: TrkWks
Description: Distributed Link Tracking Client
Startup Mode: Auto
Run from: C:\WINNT\system32\services.exe
Name: WANMiniportService
Description: WAN Miniport (ATW) Service
Startup Mode: Auto
Run from: "C:\WINNT\wanmpsvc.exe"
Name: WinMgmt
Description: Windows Management Instrumentation
Startup Mode: Auto
Run from: C:\WINNT\System32\WBEM\WinMgmt.exe
Name: WMDM PMSP Service
Description: WMDM PMSP Service
Startup Mode: Auto
Run from: C:\WINNT\System32\mspmspsv.exe
Name: Wmi
Description: Windows Management Instrumentation Driver Extensions
Startup Mode: Manual
Run from: C:\WINNT\system32\Services.exe
