 Infostealer.gampass And Trojan.wimad, Please help to remove these |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
 Sep 18 2008, 09:26 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 5 Joined: 18-September 08 Member No.: 239,798  |
I ran a full system scan with Norton AntiVirus, ran Lavasoft Ad-Aware SE and Spyhunter 3. I was encouraged because Spyhunter 3 found a bunch of potentially dangerous files in the registry but the infections remain. I ran highjackthis and posted the log results below for analysis. Please help!! Thank you very much. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:56:52 PM, on 9/18/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.shareazaweb.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll (file missing) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll (file missing) O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138064187994 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143320795611 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe -- End of file - 10268 bytes |
 |
 
|
 |
Replies
(1 - 8)
|
Sep 19 2008, 04:14 AM
Post
#2
|
|
 Forum Regular Group: HJT Team Posts: 327 Joined: 18-November 04 From: UK Member No.: 5,388 |
Hi Ed Brown.
Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
Open Hijackthis, Click Config | Misc Tools | Open Unistall Manager. A list of the entries in Add/remove programs will appear. Click on Save List... The list will be saved as 'Uninstall_list.txt' Copy & Paste the contents in your next reply. Joe. -------------------- |
|
|
|
|
Sep 23 2008, 09:32 AM
Post
#3
|
|
|
New Member Group: Members Posts: 5 Joined: 18-September 08 Member No.: 239,798 |
Hi Joe. Thanks for your quick reply. I apologize for the delay in responding - I thought I was to receive an email when someone replied to my post, but I did not. I will download and run combofix tonight and post that log along with the new hijackthis one here.
Thanks again. Ed |
|
|
|
|
Sep 23 2008, 09:40 AM
Post
#4
|
|
|
Forum Regular Group: HJT Team Posts: 327 Joined: 18-November 04 From: UK Member No.: 5,388 |
QUOTE I apologize for the delay in responding No problem. QUOTE I thought I was to receive an email when someone replied to my post, but I did not. I think you have to enable the email option. Joe. -------------------- |
|
|
|
|
Sep 23 2008, 06:23 PM
Post
#5
|
|
|
New Member Group: Members Posts: 5 Joined: 18-September 08 Member No.: 239,798 |
I think ComboFix solved the problem - my pc is no longer chugging and the Symantec infection window with these listed infections are not popping up anymore! Anyway, here are the logs below. Thanks for all your help!
ComboFix 08-09-22.06 - Ed 2008-09-23 19:11:54.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.798 [GMT -4:00] Running from: C:\Documents and Settings\Ed\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\bszip.dll . ((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 ))))))))))))))))))))))))))))))) . 2008-09-23 18:58 . 2008-09-23 19:01 <DIR> d-------- C:\Program Files\ThreatExpert Memory Scanner 2008-09-23 18:58 . 2008-09-23 18:58 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-09-22 20:59 . 2008-09-22 20:59 <DIR> d-------- C:\Program Files\Uniblue 2008-09-22 20:59 . 2008-09-22 20:59 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\Uniblue 2008-09-22 20:59 . 2008-09-22 20:59 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151} 2008-09-22 20:41 . 2008-09-22 20:42 107,832,760 --a------ C:\SYM_REGISTRY_BACKUP.reg 2008-09-22 20:31 . 2008-09-22 20:31 <DIR> d-------- C:\Program Files\CCleaner 2008-09-18 19:03 . 2008-09-18 19:03 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-09-16 17:10 . 2008-09-16 17:10 <DIR> d-------- C:\Program Files\iTunes 2008-09-16 17:10 . 2008-09-16 17:10 <DIR> d-------- C:\Program Files\iPod 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-08-23 16:19 . 2008-08-23 16:19 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-23 16:19 . 2008-08-23 16:19 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-23 16:19 . 2008-08-23 16:19 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-23 16:19 . 2008-08-23 16:19 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-23 16:15 . 2008-08-23 16:20 <DIR> d-------- C:\WINDOWS\ServicePackFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-23 23:10 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-09-23 00:21 --------- d-----w C:\Documents and Settings\Ed\Application Data\Azureus 2008-09-19 01:48 --------- d-----w C:\Program Files\Trend Micro 2008-09-19 00:20 --------- d-----w C:\Program Files\LimeWire 2008-09-18 23:01 --------- d-----w C:\Documents and Settings\Ed\Application Data\LimeWire 2008-09-18 01:12 --------- d-----w C:\Documents and Settings\Peg\Application Data\VOL_TOOLBAR 2008-09-16 10:15 --------- d-----w C:\Program Files\QuickTime 2008-09-16 10:14 --------- d-----w C:\Program Files\Common Files\Apple 2008-08-12 23:04 --------- d-----w C:\Program Files\Apple Software Update 2008-08-05 23:53 --------- d-----w C:\Program Files\The Learning Company 2008-08-01 23:15 --------- d-----w C:\Program Files\Verizon 2008-08-01 00:05 --------- d-----w C:\Program Files\Radialpoint 2008-08-01 00:01 --------- d-----w C:\Program Files\Kazaa Lite K++ 2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-26 08:15 619,520 ------w C:\WINDOWS\system32\dllcache\urlmon.dll 2008-06-26 08:15 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2008-06-24 22:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-23 15:09 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2008-06-23 15:09 3,067,392 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-13 01:38 251 ----a-w C:\Program Files\wt3d.ini 2006-01-31 01:59 56 --sh--r C:\WINDOWS\system32\77DDE18345.sys 2006-01-31 02:01 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 85744] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 406016] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] --a------ 2001-07-20 07:10 53248 C:\Program Files\AIM95\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2005-08-05 23:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 18:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX7400 Series] --a------ 2007-02-15 07:00 179200 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICDA.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM] --a------ 2003-09-03 22:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-06-10 12:44 249856 c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-06-10 12:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-09-10 17:40 289576 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2005-06-08 16:24 458752 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2005-06-08 16:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio] --a------ 2001-08-23 17:52 331830 C:\Program Files\Microsoft Works\wkssb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] --a------ 2001-08-17 00:41 28738 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] --a------ 2005-09-08 21:20 8192 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0] --a------ 2001-07-25 11:00 241714 C:\Program Files\Microsoft Money\System\Activation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2006-01-20 01:41 26112 C:\Program Files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp] --a------ 2007-06-06 19:52 936960 C:\Program Files\Verizon\McciTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD] --a------ 2001-10-05 20:34 24576 C:\Program Files\Microsoft Works\wkfud.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-01-19 13:49 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a------ 2005-03-23 02:20 339968 C:\WINDOWS\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) "WMP54Gv4SVC"=2 (0x2) "SavRoam"=3 (0x3) "RPSUpdaterR"=3 (0x3) "ose"=3 (0x3) "dvpapi"=2 (0x2) "DSBrokerService"=3 (0x3) "Adobe LM Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\Kazaa Lite K++\\Kazaa.kpp"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "C:\\Program Files\\LimeWire\\LimeWire 4.0.8\\LimeWire.exe"= "C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "110:TCP"= 110:TCP:Email "25:TCP"= 25:TCP:Email "1214:TCP"= 1214:TCP:Kazaa "44896:TCP"= 44896:TCP:LimeWire "44896:UDP"= 44896:UDP:LimeWire S3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [ ] S3 Radialpoint Security Services;Radialpoint Security Services;C:\WINDOWS\system32\dllhost.exe [2008-04-13 5120] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe *Newly Created Service* - KTEPROC *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - BHO-{CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - (no file) Toolbar-{196C3A46-4758-433D-A600-802C804AF39C} - (no file) WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file) MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe MSConfigStartUp-VerizonServicepoint - C:\Program Files\Verizon\VSP\VerizonServicepoint.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://my.yahoo.com/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe - . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-23 19:15:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-23 19:16:41 ComboFix-quarantined-files.txt 2008-09-23 23:16:36 Pre-Run: 58,412,843,008 bytes free Post-Run: 58,466,775,040 bytes free 217 --- E O F --- 2008-09-23 22:58:09 Uninstall List: Ad-Aware SE Personal Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player ActiveX Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader 7.0.9 Adobe Shockwave Player Adobe Stock Photos 1.0 AOL Instant Messenger (SM) AOLIcon Apple Mobile Device Support Apple Software Update ArcSoft PhotoImpression 6 ArcSoft Print Creations Arthur's Kindergarten ATI Control Panel ATI Display Driver Authentium AntiVirus SDK - 2 Azureus BUM CCleaner (remove only) Citrix Presentation Server Client - Web Only Compatibility Pack for the 2007 Office system Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Game Console Dell Photo Printer 720 Dell Photo Printer 720 Logger DellSupport Digital Content Portal Disneys Digital Coloring Book Featuring Little Mermaid DivX Player DivX Pro Codec Adware DivX Web Player ELIcon EPSON CX7400 User's Guide EPSON Printer Software EPSON Scan EPSON Stylus CX7400 Series Scanner Driver Update EPSON Web-To-Page FA Alphabet & Numbers For Font Sakes Full Tilt Poker.Net Garmin WebUpdater Garmin WebUpdater GemMaster Mystic Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer HijackThis 2.0.2 Hollywood FX 5.5 Additional Effects Intel® 537EP V9x DF PCI Modem Intel® PRO Network Connections Drivers Intel® PROSet for Wired Connections iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 Java 2 Runtime Environment, SE v1.4.2_03 Java™ 6 Update 2 Java™ 6 Update 3 Java™ SE Runtime Environment 6 Update 1 Kazaa Lite K++ v2.4.1 Kid Pix Deluxe 3 KODAK EASYSHARE Gallery Upload ActiveX Control Lernout & Hauspie TruVoice American English TTS Engine Linksys Wireless-G PCI Adapter Little Mermaid Coloring Book LiveUpdate 2.6 (Symantec Corporation) Logitech QuickCam Software Logitech® Camera Driver Macromedia Flash Player Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Money 2002 Microsoft Money 2002 System Pack Microsoft Office Live Meeting 2005 Microsoft Office Professional Edition 2003 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Works 6.0 Microsoft Works and Money 2002 Setup Launcher MobileMe Control Panel Modem Event Monitor Modem Helper Modem On Hold MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Musicmatch for Windows Media Player Musicmatch® Jukebox neroxml Netflix Movie Viewer Pinnacle Hollywood FX for Studio PowerDVD 5.5 PPSDKRedistributables proDAD Heroglyph 1.0 QuickBooks Simple Start Special Edition QuickTime Radialpoint Security Services Rainbow Fish and the Big Ocean Party RealPlayer Basic Security Advisor Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Office 2007 (KB934062) Security Update for the 2007 Microsoft Office System (KB936960) SmartSound Quicktracks Plugin Sonic DLA Sonic Encoders Sonic MyDVD LE Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data SpyHunter Studio 9 Studio 9 Content CD/DVD Symantec AntiVirus Thomas & Friends - Trouble on the Tracks ThreatExpert Memory Scanner 1.0 Trend Micro PC-cillin Internet Security 12 TurboTax Deluxe 2005 TurboTax Deluxe 2007 TurboTax Deluxe Deduction Maximizer 2006 TurboTax ItsDeductible 2005 TurboTax ItsDeductible 2006 Uniblue RegistryBooster 2009 Uniblue RegistryBooster 2009 Update for Office 2007 (KB932080) Verizon Broadband Toolbar Verizon Online Help and Support Verizon PC Security Checkup Viewpoint Media Player WebCyberCoach 3.2 Dell WexTech AnswerWorks WildTangent Web Driver Windows Genuine Advantage v1.3.0254.0 Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 11 WinRAR archiver Yahoo! Messenger |
|
|
|
|
Sep 24 2008, 01:50 PM
Post
#6
|
|
|
Forum Regular Group: HJT Team Posts: 327 Joined: 18-November 04 From: UK Member No.: 5,388 |
Hi Ed,
Copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. QUOTE I think ComboFix solved the problem - my pc is no longer chugging and the Symantec infection window with these listed infections are not popping up anymore! Thats very good news. Please uninstall the following via the add/remove utility in the control panel: Azureus Kazaa Lite K++ v2.4.1 Viewpoint Media Player WildTangent Web Driver Reboot the Computer to allow the changs to take effect. Please read this article on the dangers of P2P programmes By Taz at CastleCops. Viewpoint is foistware. Open Hijackthis, take another scan and place a checkmark next to these entries. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.shareazaweb.com/sidebar.html?src=ssb R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O2 - BHO: UrlHelper Class - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaIEHelper.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - C:\Program Files\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll (file missing) Also fix these if you don't use them: O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) Close all open Windows except Hijackthis and click on "fix Checked". Reboot again. Now run Combofix as follows: 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open *notepad* Copy and paste all the text in the quotebox below into it: QUOTE KillAll:: File:: C:\WINDOWS\system32\77DDE18345.sys C:\Program Files\Azureus\Azureus.exe C:\Program Files\Kazaa Lite K++\Kazaa.kpp C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe Folder:: C:\Program Files\LimeWire C:\Documents and Settings\Ed\Application Data\LimeWire C:\Program Files\Kazaa Lite K++ ADS:: C:\windows\system32 Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Azureus\\Azureus.exe"=- "C:\\Program Files\\Kazaa Lite K++\\Kazaa.kpp"=- "C:\\Program Files\\LimeWire\\LimeWire 4.0.8\\LimeWire.exe"=- Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop. [image]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/image] If the image isn't visible Click Here to view. Refering to the picture above, drag CFScript.txt into ComboFix.exe This reactivates Combofix. Again follow the prompts. It will create another System restore point. When finished, it shall produce a log for you at C:\ComboFix.txt Copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply. *Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall* Now run Ccleaner. Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. I have concerns about this *Newly Created Service* - KTEPROC If you know what it is please let me know, otherwise please download GetService.zip Extract it to a new folder in the desktop. Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. It will then open getservice.txt for you. getservice.txt will list all active Services. Copy and paste the contents of getservice.txt in your next reply here. Can you post a list of your current security programmes and the version. I can see: Trend Micro PC-cillin Internet Security 12 SpyHunter Symantec AntiVirus <-- Which version? Ad-Aware Is there anything else? Post the following:
This may not remove all the infections present. It is important that you post back and complete the fix. Please post in this thread for further review and evaluation. Please provide details of any problems you encountered whilst performing the above steps & update us on how the Computer is running. Joe. -------------------- |
|
|
|
|
Sep 25 2008, 08:01 PM
Post
#7
|
|
|
New Member Group: Members Posts: 5 Joined: 18-September 08 Member No.: 239,798 |
Thank you so much for all your help! I tried uninstalling WildTangent and it is giving me a message saying I must have administor rights to uninstall, so it remains.
I copy and pasted everything below: A new Hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:55:18 PM, on 9/25/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138064187994 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143320795611 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe -- End of file - 9111 bytes Another Uninstall List. Ad-Aware SE Personal Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player ActiveX Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader 7.0.9 Adobe Shockwave Player Adobe Stock Photos 1.0 AOL Instant Messenger (SM) AOLIcon Apple Mobile Device Support Apple Software Update ArcSoft PhotoImpression 6 ArcSoft Print Creations Arthur's Kindergarten ATI Control Panel ATI Display Driver Authentium AntiVirus SDK - 2 BUM CCleaner (remove only) Citrix Presentation Server Client - Web Only Compatibility Pack for the 2007 Office system Dell Digital Jukebox Driver Dell Driver Reset Tool Dell Game Console Dell Photo Printer 720 Dell Photo Printer 720 Logger DellSupport Digital Content Portal Disneys Digital Coloring Book Featuring Little Mermaid DivX Player DivX Pro Codec Adware DivX Web Player ELIcon EPSON CX7400 User's Guide EPSON Printer Software EPSON Scan EPSON Stylus CX7400 Series Scanner Driver Update EPSON Web-To-Page FA Alphabet & Numbers For Font Sakes Full Tilt Poker.Net Garmin WebUpdater Garmin WebUpdater GemMaster Mystic Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer HijackThis 2.0.2 Hollywood FX 5.5 Additional Effects Intel® 537EP V9x DF PCI Modem Intel® PRO Network Connections Drivers Intel® PROSet for Wired Connections iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 Java 2 Runtime Environment, SE v1.4.2_03 Java™ 6 Update 2 Java™ 6 Update 3 Java™ SE Runtime Environment 6 Update 1 Kid Pix Deluxe 3 KODAK EASYSHARE Gallery Upload ActiveX Control Lernout & Hauspie TruVoice American English TTS Engine Linksys Wireless-G PCI Adapter Little Mermaid Coloring Book LiveUpdate 2.6 (Symantec Corporation) Logitech QuickCam Software Logitech® Camera Driver Macromedia Flash Player Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Money 2002 Microsoft Money 2002 System Pack Microsoft Office Live Meeting 2005 Microsoft Office Professional Edition 2003 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Works 6.0 Microsoft Works and Money 2002 Setup Launcher MobileMe Control Panel Modem Event Monitor Modem Helper Modem On Hold MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Musicmatch for Windows Media Player Musicmatch® Jukebox neroxml Netflix Movie Viewer Pinnacle Hollywood FX for Studio PowerDVD 5.5 PPSDKRedistributables proDAD Heroglyph 1.0 QuickBooks Simple Start Special Edition QuickTime Radialpoint Security Services Rainbow Fish and the Big Ocean Party RealPlayer Basic Security Advisor Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Office 2007 (KB934062) Security Update for the 2007 Microsoft Office System (KB936960) SmartSound Quicktracks Plugin Sonic DLA Sonic Encoders Sonic MyDVD LE Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data SpyHunter Studio 9 Studio 9 Content CD/DVD Symantec AntiVirus Thomas & Friends - Trouble on the Tracks Trend Micro PC-cillin Internet Security 12 TurboTax Deluxe 2005 TurboTax Deluxe 2007 TurboTax Deluxe Deduction Maximizer 2006 TurboTax ItsDeductible 2005 TurboTax ItsDeductible 2006 Uniblue RegistryBooster 2009 Uniblue RegistryBooster 2009 Update for Office 2007 (KB932080) Verizon Broadband Toolbar Verizon Online Help and Support Verizon PC Security Checkup WebCyberCoach 3.2 Dell WexTech AnswerWorks WildTangent Web Driver Windows Genuine Advantage v1.3.0254.0 Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 11 WinRAR archiver Yahoo! Messenger The Combofix log. ComboFix 08-09-25.03 - Ed 2008-09-25 20:16:31.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.950 [GMT -4:00] Running from: C:\Documents and Settings\Ed\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Ed\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Program Files\Azureus\Azureus.exe C:\Program Files\Kazaa Lite K++\Kazaa.kpp C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe C:\WINDOWS\system32\77DDE18345.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Ed\Application Data\LimeWire C:\Documents and Settings\Ed\Application Data\LimeWire\bugs.data C:\Documents and Settings\Ed\Application Data\LimeWire\createtimes.cache C:\Documents and Settings\Ed\Application Data\LimeWire\fileurns.bak C:\Documents and Settings\Ed\Application Data\LimeWire\fileurns.cache C:\Documents and Settings\Ed\Application Data\LimeWire\filters.props C:\Documents and Settings\Ed\Application Data\LimeWire\gnutella.net C:\Documents and Settings\Ed\Application Data\LimeWire\installation.props C:\Documents and Settings\Ed\Application Data\LimeWire\library.dat C:\Documents and Settings\Ed\Application Data\LimeWire\limewire.props C:\Documents and Settings\Ed\Application Data\LimeWire\mojito.props C:\Documents and Settings\Ed\Application Data\LimeWire\questions.props C:\Documents and Settings\Ed\Application Data\LimeWire\responses.cache C:\Documents and Settings\Ed\Application Data\LimeWire\simpp.xml C:\Documents and Settings\Ed\Application Data\LimeWire\spam.dat C:\Documents and Settings\Ed\Application Data\LimeWire\tables.props C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme.lwtp C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\01_star.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\02_star.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\03_star.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\04_star.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\05_star.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\chat.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\forward_dn.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\forward_up.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\kill.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\kill_on.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\logo.png C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\notsearching.png C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\pause_dn.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\pause_up.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\play_dn.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\play_up.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\question.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\rewind_up.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\searching.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\stop_dn.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\stop_up.gif C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\theme.txt C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\version.txt C:\Documents and Settings\Ed\Application Data\LimeWire\themes\windows_theme\warning.gif C:\Documents and Settings\Ed\Application Data\LimeWire\ttrees.cache C:\Documents and Settings\Ed\Application Data\LimeWire\ttroot.cache C:\Documents and Settings\Ed\Application Data\LimeWire\version.xml C:\Documents and Settings\Ed\Application Data\LimeWire\xml\data\audio.sxml C:\Program Files\Kazaa Lite K++ C:\Program Files\LimeWire C:\Program Files\LimeWire\LimeWire 4.0.8\hs_err_pid1988.log C:\Program Files\LimeWire\LimeWire 4.0.8\hs_err_pid2184.log C:\Program Files\LimeWire\LimeWire 4.0.8\hs_err_pid232.log C:\Program Files\LimeWire\LimeWire 4.0.8\hs_err_pid3044.log C:\Program Files\LimeWire\LimeWire 4.0.8\hs_err_pid3104.log C:\Program Files\LimeWire\LimeWire 4.0.8\hs_err_pid3400.log C:\Program Files\LimeWire\LimeWire 4.0.8\hs_err_pid3588.log C:\Program Files\LimeWire\LimeWire 4.0.8\hs_err_pid3704.log C:\Program Files\LimeWire\LimeWire 4.0.8\hs_err_pid744.log C:\Program Files\LimeWire\LimeWire 4.0.8\lib\aopalliance.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\clink.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\commons-httpclient.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\commons-logging.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\commons-net.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\commons-pool.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\daap.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\forms.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\foxtrot.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\gettext-commons.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\guice-1.0.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\httpcore-nio.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\httpcore.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\icu4j.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\id3v2.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\jcraft.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\jdic.dll C:\Program Files\LimeWire\LimeWire 4.0.8\lib\jdic.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\jdic_stub.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\jflac.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\jl.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\jmdns.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\jogg.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\jorbis.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\LimeWire.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\log4j.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\looks.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\messages.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\mp3spi.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\ProgressTabs.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\swt.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\SystemUtilities.dll C:\Program Files\LimeWire\LimeWire 4.0.8\lib\themes.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\tray.dll C:\Program Files\LimeWire\LimeWire 4.0.8\lib\tritonus.jar C:\Program Files\LimeWire\LimeWire 4.0.8\lib\vorbisspi.jar C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe C:\Program Files\LimeWire\LimeWire 4.0.8\limewire.props C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWireWin4.08.0000.exe C:\WINDOWS\system32\77DDE18345.sys . ((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 ))))))))))))))))))))))))))))))) . 2008-09-23 20:10 . 2008-09-23 20:10 <DIR> d-------- C:\Documents and Settings\Ed\.limewire 2008-09-23 19:25 . 2008-09-23 19:25 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-09-23 19:25 . 2008-09-23 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-23 18:58 . 2008-09-23 19:24 <DIR> d-------- C:\Program Files\ThreatExpert Memory Scanner 2008-09-23 18:58 . 2008-09-23 18:58 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-09-22 20:59 . 2008-09-22 20:59 <DIR> d-------- C:\Program Files\Uniblue 2008-09-22 20:59 . 2008-09-22 20:59 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\Uniblue 2008-09-22 20:59 . 2008-09-22 20:59 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151} 2008-09-22 20:41 . 2008-09-22 20:42 107,832,760 --a------ C:\SYM_REGISTRY_BACKUP.reg 2008-09-22 20:31 . 2008-09-22 20:31 <DIR> d-------- C:\Program Files\CCleaner 2008-09-18 19:03 . 2008-09-18 19:03 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-09-16 17:10 . 2008-09-16 17:10 <DIR> d-------- C:\Program Files\iTunes 2008-09-16 17:10 . 2008-09-16 17:10 <DIR> d-------- C:\Program Files\iPod 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-26 00:19 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-09-25 23:39 --------- d-----w C:\Program Files\Azureus 2008-09-25 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-09-23 00:21 --------- d-----w C:\Documents and Settings\Ed\Application Data\Azureus 2008-09-19 01:48 --------- d-----w C:\Program Files\Trend Micro 2008-09-18 01:12 --------- d-----w C:\Documents and Settings\Peg\Application Data\VOL_TOOLBAR 2008-09-16 10:15 --------- d-----w C:\Program Files\QuickTime 2008-09-16 10:14 --------- d-----w C:\Program Files\Common Files\Apple 2008-08-12 23:04 --------- d-----w C:\Program Files\Apple Software Update 2008-08-05 23:53 --------- d-----w C:\Program Files\The Learning Company 2008-08-01 23:15 --------- d-----w C:\Program Files\Verizon 2008-08-01 00:05 --------- d-----w C:\Program Files\Radialpoint 2007-08-13 01:38 251 ----a-w C:\Program Files\wt3d.ini 2006-01-31 02:01 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-09-23_19.16.21.60 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-16 21:11:08 102,400 ----a-r C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe + 2008-09-23 23:25:55 102,400 ----a-r C:\WINDOWS\Installer\{41B9E2CF-0B3F-442A-B5B3-592A4A355634}\iTunesIco.exe + 2008-04-17 17:12:54 107,368 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll + 2008-04-17 17:12:54 15,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 85744] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 406016] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] --a------ 2001-07-20 07:10 53248 C:\Program Files\AIM95\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2005-08-05 23:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 18:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX7400 Series] --a------ 2007-02-15 07:00 179200 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICDA.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM] --a------ 2003-09-03 22:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-06-10 12:44 249856 c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-06-10 12:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-09-10 17:40 289576 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2005-06-08 16:24 458752 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2005-06-08 16:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio] --a------ 2001-08-23 17:52 331830 C:\Program Files\Microsoft Works\wkssb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] --a------ 2001-08-17 00:41 28738 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] --a------ 2005-09-08 21:20 8192 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0] --a------ 2001-07-25 11:00 241714 C:\Program Files\Microsoft Money\System\Activation.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2006-01-20 01:41 26112 C:\Program Files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp] --a------ 2007-06-06 19:52 936960 C:\Program Files\Verizon\McciTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD] --a------ 2001-10-05 20:34 24576 C:\Program Files\Microsoft Works\wkfud.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-01-19 13:49 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a------ 2005-03-23 02:20 339968 C:\WINDOWS\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) "WMP54Gv4SVC"=2 (0x2) "SavRoam"=3 (0x3) "RPSUpdaterR"=3 (0x3) "ose"=3 (0x3) "dvpapi"=2 (0x2) "DSBrokerService"=3 (0x3) "Adobe LM Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\StubInstaller.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "110:TCP"= 110:TCP:Email "25:TCP"= 25:TCP:Email "1214:TCP"= 1214:TCP:Kazaa "44896:TCP"= 44896:TCP:LimeWire "44896:UDP"= 44896:UDP:LimeWire S3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [ ] S3 Radialpoint Security Services;Radialpoint Security Services;C:\WINDOWS\system32\dllhost.exe [2008-04-13 5120] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe . Contents of the 'Scheduled Tasks' folder . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-25 20:19:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\ComboFix\pv.cfexe . ************************************************************************** . Completion time: 2008-09-25 20:25:47 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-26 00:25:43 ComboFix2.txt 2008-09-26 00:10:36 ComboFix3.txt 2008-09-25 23:46:19 ComboFix4.txt 2008-09-24 00:26:50 ComboFix5.txt 2008-09-26 00:15:50 Pre-Run: 58,451,410,944 bytes free Post-Run: 58,438,098,944 bytes free 301 --- E O F --- 2008-09-23 22:58:09 The Malwarebytes report/log. Malwarebytes' Anti-Malware 1.28 Database version: 1207 Windows 5.1.2600 Service Pack 3 9/25/2008 8:49:48 PM mbam-log-2008-09-25 (20-49-48).txt Scan type: Quick Scan Objects scanned: 60266 Time elapsed: 6 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The Get Services list. SERVICE_NAME: ALG DISPLAY_NAME: Application Layer Gateway Service TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 2796 FLAGS : DESCRIPTION : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall. TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Application Layer Gateway Service SERVICE_START_NAME : NT AUTHORITY\LocalService SERVICE_NAME: Apple Mobile Device DISPLAY_NAME: Apple Mobile Device TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 200 FLAGS : DESCRIPTION : Provides the interface to Apple mobile devices. TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Apple Mobile Device DEPENDENCIES : Tcpip SERVICE_START_NAME : LocalSystem SERVICE_NAME: Ati HotKey Poller DISPLAY_NAME: Ati HotKey Poller TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1048 FLAGS : DESCRIPTION : TYPE : 110 WIN32_OWN_PROCESS (interactive) START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\Ati2evxx.exe LOAD_ORDER_GROUP : Event log TAG : 0 DISPLAY_NAME : Ati HotKey Poller SERVICE_START_NAME : LocalSystem SERVICE_NAME: AudioSrv DISPLAY_NAME: Windows Audio TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : AudioGroup TAG : 0 DISPLAY_NAME : Windows Audio DEPENDENCIES : PlugPlay : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: Browser DISPLAY_NAME: Computer Browser TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Computer Browser DEPENDENCIES : LanmanWorkstation : LanmanServer SERVICE_START_NAME : LocalSystem SERVICE_NAME: ccEvtMgr DISPLAY_NAME: Symantec Event Manager TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1772 FLAGS : DESCRIPTION : Event propagation and logging service TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 0 IGNORE BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" LOAD_ORDER_GROUP : Symantec Services TAG : 0 DISPLAY_NAME : Symantec Event Manager DEPENDENCIES : RPCSS : ccSetMgr SERVICE_START_NAME : LocalSystem SERVICE_NAME: ccSetMgr DISPLAY_NAME: Symantec Settings Manager TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1732 FLAGS : DESCRIPTION : Settings storage and management service TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 0 IGNORE BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" LOAD_ORDER_GROUP : Symantec Services TAG : 0 DISPLAY_NAME : Symantec Settings Manager DEPENDENCIES : RPCSS SERVICE_START_NAME : LocalSystem SERVICE_NAME: COMSysApp DISPLAY_NAME: COM+ System Application TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 2632 FLAGS : DESCRIPTION : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : COM+ System Application DEPENDENCIES : rpcss SERVICE_START_NAME : LocalSystem SERVICE_NAME: CryptSvc DISPLAY_NAME: Cryptographic Services TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Cryptographic Services DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: DcomLaunch DISPLAY_NAME: DCOM Server Process Launcher TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1064 FLAGS : DESCRIPTION : Provides launch functionality for DCOM services. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k DcomLaunch LOAD_ORDER_GROUP : Event Log TAG : 0 DISPLAY_NAME : DCOM Server Process Launcher SERVICE_START_NAME : LocalSystem SERVICE_NAME: DefWatch DISPLAY_NAME: Symantec AntiVirus Definition Watcher TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 220 FLAGS : DESCRIPTION : Monitors and maintains virus definitions. TYPE : 110 WIN32_OWN_PROCESS (interactive) START_TYPE : 2 AUTO_START ERROR_CONTROL : 0 IGNORE BINARY_PATH_NAME : "C:\Program Files\Symantec AntiVirus\DefWatch.exe" LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Symantec AntiVirus Definition Watcher SERVICE_START_NAME : LocalSystem SERVICE_NAME: Dhcp DISPLAY_NAME: DHCP Client TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Manages network configuration by registering and updating IP addresses and DNS names. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : DHCP Client DEPENDENCIES : Tcpip : Afd : NetBT SERVICE_START_NAME : LocalSystem SERVICE_NAME: dmserver DISPLAY_NAME: Logical Disk Manager TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Logical Disk Manager DEPENDENCIES : RpcSs : PlugPlay SERVICE_START_NAME : LocalSystem SERVICE_NAME: ehRecvr DISPLAY_NAME: Media Center Receiver Service TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 252 FLAGS : DESCRIPTION : Media Center Service for TV and FM broadcast reception TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 0 IGNORE BINARY_PATH_NAME : C:\WINDOWS\eHome\ehRecvr.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Media Center Receiver Service DEPENDENCIES : RPCSS SERVICE_START_NAME : LocalSystem SERVICE_NAME: ehSched DISPLAY_NAME: Media Center Scheduler Service TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 264 FLAGS : DESCRIPTION : TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\eHome\ehSched.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Media Center Scheduler Service DEPENDENCIES : RPCSS SERVICE_START_NAME : LocalSystem SERVICE_NAME: EPSON_PM_RPCV4_01 DISPLAY_NAME: EPSON V3 Service4(01) TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 276 FLAGS : DESCRIPTION : TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : EPSON V3 Service4(01) DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: ERSvc DISPLAY_NAME: Error Reporting Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Allows error reporting for services and applictions running in non-standard environments. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 0 IGNORE BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Error Reporting Service DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: Eventlog DISPLAY_NAME: Event Log TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 792 FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS DESCRIPTION : Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe LOAD_ORDER_GROUP : Event log TAG : 0 DISPLAY_NAME : Event Log SERVICE_START_NAME : LocalSystem SERVICE_NAME: EventSystem DISPLAY_NAME: COM+ Event System TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : Network TAG : 0 DISPLAY_NAME : COM+ Event System DEPENDENCIES : RPCSS SERVICE_START_NAME : LocalSystem SERVICE_NAME: FastUserSwitchingCompatibility DISPLAY_NAME: Fast User Switching Compatibility TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Provides management for applications that require assistance in a multiple user environment. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Fast User Switching Compatibility DEPENDENCIES : TermService SERVICE_START_NAME : LocalSystem SERVICE_NAME: helpsvc DISPLAY_NAME: Help and Support TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Help and Support DEPENDENCIES : RPCSS SERVICE_START_NAME : LocalSystem SERVICE_NAME: iPod Service DISPLAY_NAME: iPod Service TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 3328 FLAGS : DESCRIPTION : iPod hardware management services TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : "C:\Program Files\iPod\bin\iPodService.exe" LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : iPod Service DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: lanmanserver DISPLAY_NAME: Server TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Server SERVICE_START_NAME : LocalSystem SERVICE_NAME: lanmanworkstation DISPLAY_NAME: Workstation TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : NetworkProvider TAG : 0 DISPLAY_NAME : Workstation SERVICE_START_NAME : LocalSystem SERVICE_NAME: LexBceS DISPLAY_NAME: LexBce Server TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1916 FLAGS : DESCRIPTION : TYPE : 110 WIN32_OWN_PROCESS (interactive) START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\LEXBCES.EXE LOAD_ORDER_GROUP : SpoolerGroup TAG : 0 DISPLAY_NAME : LexBce Server DEPENDENCIES : RPCSS SERVICE_START_NAME : LocalSystem SERVICE_NAME: LmHosts DISPLAY_NAME: TCP/IP NetBIOS Helper TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1584 FLAGS : DESCRIPTION : Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : TCP/IP NetBIOS Helper DEPENDENCIES : NetBT : Afd SERVICE_START_NAME : NT AUTHORITY\LocalService SERVICE_NAME: McrdSvc DISPLAY_NAME: Media Center Extender Service TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1244 FLAGS : DESCRIPTION : TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\ehome\mcrdsvc.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Media Center Extender Service DEPENDENCIES : RPCSS : SSDPSRV SERVICE_START_NAME : NT AUTHORITY\LocalService SERVICE_NAME: Netman DISPLAY_NAME: Network Connections TYPE : 120 WIN32_SHARE_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. TYPE : 120 WIN32_SHARE_PROCESS (interactive) START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Network Connections DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: Nla DISPLAY_NAME: Network Location Awareness (NLA) TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Collects and stores network configuration and location information, and notifies applications when this information changes. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Network Location Awareness (NLA) DEPENDENCIES : Tcpip : Afd SERVICE_START_NAME : LocalSystem SERVICE_NAME: PcCtlCom DISPLAY_NAME: Trend Micro Central Control Component TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1676 FLAGS : DESCRIPTION : Manages the Trend Micro PC-cillin Component. TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Trend Micro Central Control Component DEPENDENCIES : RPCSS SERVICE_START_NAME : LocalSystem SERVICE_NAME: PlugPlay DISPLAY_NAME: Plug and Play TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 792 FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS DESCRIPTION : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe LOAD_ORDER_GROUP : PlugPlay TAG : 0 DISPLAY_NAME : Plug and Play SERVICE_START_NAME : LocalSystem SERVICE_NAME: PolicyAgent DISPLAY_NAME: IPSEC Services TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 804 FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS DESCRIPTION : Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : IPSEC Services DEPENDENCIES : RPCSS : Tcpip : IPSec SERVICE_START_NAME : LocalSystem SERVICE_NAME: ProtectedStorage DISPLAY_NAME: Protected Storage TYPE : 120 WIN32_SHARE_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 804 FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS DESCRIPTION : Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. TYPE : 120 WIN32_SHARE_PROCESS (interactive) START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Protected Storage DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: RasMan DISPLAY_NAME: Remote Access Connection Manager TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Creates a network connection. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Remote Access Connection Manager DEPENDENCIES : Tapisrv SERVICE_START_NAME : LocalSystem SERVICE_NAME: RemoteRegistry DISPLAY_NAME: Remote Registry TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1584 FLAGS : DESCRIPTION : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Remote Registry DEPENDENCIES : RPCSS SERVICE_START_NAME : NT AUTHORITY\LocalService SERVICE_NAME: RpcSs DISPLAY_NAME: Remote Procedure Call (RPC) TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1120 FLAGS : DESCRIPTION : Provides the endpoint mapper and other miscellaneous RPC services. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss LOAD_ORDER_GROUP : COM Infrastructure TAG : 0 DISPLAY_NAME : Remote Procedure Call (RPC) SERVICE_START_NAME : NT Authority\NetworkService SERVICE_NAME: SamSs DISPLAY_NAME: Security Accounts Manager TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 804 FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS DESCRIPTION : Stores security information for local user accounts. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe LOAD_ORDER_GROUP : LocalValidation TAG : 0 DISPLAY_NAME : Security Accounts Manager DEPENDENCIES : RPCSS SERVICE_START_NAME : LocalSystem SERVICE_NAME: Schedule DISPLAY_NAME: Task Scheduler TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : SchedulerGroup TAG : 0 DISPLAY_NAME : Task Scheduler DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: seclogon DISPLAY_NAME: Secondary Logon TYPE : 120 WIN32_SHARE_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 120 WIN32_SHARE_PROCESS (interactive) START_TYPE : 2 AUTO_START ERROR_CONTROL : 0 IGNORE BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Secondary Logon SERVICE_START_NAME : LocalSystem SERVICE_NAME: SENS DISPLAY_NAME: System Event Notification TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : Network TAG : 0 DISPLAY_NAME : System Event Notification DEPENDENCIES : EventSystem SERVICE_START_NAME : LocalSystem SERVICE_NAME: SharedAccess DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS) TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS) DEPENDENCIES : Netman : WinMgmt SERVICE_START_NAME : LocalSystem SERVICE_NAME: ShellHWDetection DISPLAY_NAME: Shell Hardware Detection TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Provides notifications for AutoPlay hardware events. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 0 IGNORE BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : ShellSvcGroup TAG : 0 DISPLAY_NAME : Shell Hardware Detection DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: Spooler DISPLAY_NAME: Print Spooler TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1940 FLAGS : DESCRIPTION : Loads files to memory for later printing. TYPE : 110 WIN32_OWN_PROCESS (interactive) START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe LOAD_ORDER_GROUP : SpoolerGroup TAG : 0 DISPLAY_NAME : Print Spooler DEPENDENCIES : LexBceS : RPCSS SERVICE_START_NAME : LocalSystem SERVICE_NAME: srservice DISPLAY_NAME: System Restore Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : System Restore Service DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: SSDPSRV DISPLAY_NAME: SSDP Discovery Service TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 652 FLAGS : DESCRIPTION : Enables discovery of UPnP devices on your home network. TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : SSDP Discovery Service DEPENDENCIES : HTTP SERVICE_START_NAME : NT AUTHORITY\LocalService SERVICE_NAME: stisvc DISPLAY_NAME: Windows Image Acquisition (WIA) TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1216 FLAGS : DESCRIPTION : Provides image acquisition services for scanners and cameras. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k imgsvc LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Windows Image Acquisition (WIA) DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: Symantec AntiVirus DISPLAY_NAME: Symantec AntiVirus TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 932 FLAGS : DESCRIPTION : Provides real-time virus scanning, reporting, and management functionality for Symantec AntiVirus. TYPE : 110 WIN32_OWN_PROCESS (interactive) START_TYPE : 2 AUTO_START ERROR_CONTROL : 0 IGNORE BINARY_PATH_NAME : "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Symantec AntiVirus SERVICE_START_NAME : LocalSystem SERVICE_NAME: TapiSrv DISPLAY_NAME: Telephony TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Telephony DEPENDENCIES : PlugPlay : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: TermService DISPLAY_NAME: Terminal Services TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1064 FLAGS : DESCRIPTION : Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost -k DComLaunch LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Terminal Services DEPENDENCIES : RPCSS SERVICE_START_NAME : LocalSystem SERVICE_NAME: Themes DISPLAY_NAME: Themes TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Provides user experience theme management. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : UIGroup TAG : 0 DISPLAY_NAME : Themes SERVICE_START_NAME : LocalSystem SERVICE_NAME: Tmntsrv DISPLAY_NAME: Trend Micro Real-time Service TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1520 FLAGS : DESCRIPTION : Enables scanning in real time. TYPE : 110 WIN32_OWN_PROCESS (interactive) START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Trend Micro Real-time Service SERVICE_START_NAME : LocalSystem SERVICE_NAME: tmproxy DISPLAY_NAME: Trend Micro Proxy Service TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1548 FLAGS : DESCRIPTION : Manages the Trend Micro tmtdi module. TYPE : 110 WIN32_OWN_PROCESS (interactive) START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Trend Micro Proxy Service DEPENDENCIES : tmtdi SERVICE_START_NAME : LocalSystem SERVICE_NAME: TrkWks DISPLAY_NAME: Distributed Link Tracking Client TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Maintains links between NTFS files within a computer or across computers in a network domain. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Distributed Link Tracking Client DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem SERVICE_NAME: w32time DISPLAY_NAME: Windows Time TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Windows Time SERVICE_START_NAME : LocalSystem SERVICE_NAME: WebClient DISPLAY_NAME: WebClient TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1584 FLAGS : DESCRIPTION : Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService LOAD_ORDER_GROUP : NetworkProvider TAG : 0 DISPLAY_NAME : WebClient DEPENDENCIES : MRxDAV SERVICE_START_NAME : NT AUTHORITY\LocalService SERVICE_NAME: winmgmt DISPLAY_NAME: Windows Management Instrumentation TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 0 IGNORE BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Windows Management Instrumentation DEPENDENCIES : RPCSS SERVICE_START_NAME : LocalSystem SERVICE_NAME: wscsvc DISPLAY_NAME: Security Center TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Monitors system security settings and configurations. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Security Center DEPENDENCIES : RpcSs : winmgmt SERVICE_START_NAME : LocalSystem SERVICE_NAME: wuauserv DISPLAY_NAME: Automatic Updates TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Automatic Updates SERVICE_START_NAME : LocalSystem SERVICE_NAME: WZCSVC DISPLAY_NAME: Wireless Zero Configuration TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 1340 FLAGS : DESCRIPTION : Provides automatic configuration for the 802.11 adapters TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs LOAD_ORDER_GROUP : TDI TAG : 0 DISPLAY_NAME : Wireless Zero Configuration DEPENDENCIES : RpcSs : Ndisuio SERVICE_START_NAME : LocalSystem The requested information. No other security programs. Norton Antivirus Version 10.0.2.2000 |
|
|
|
|
Sep 26 2008, 02:52 AM
Post
#8
|
|
|
Forum Regular Group: HJT Team Posts: 327 Joined: 18-November 04 From: UK Member No.: 5,388 |
Hi Ed,
QUOTE I tried uninstalling WildTangent and it is giving me a message saying I must have administor rights to uninstall, so it remains. How many user accounts on this computer? If more than one please post separate Hijackthis logs for each user account accordingly named. Is it a company or a home computer? Is the computer on a network? Is there a user account for "Peg"? Who is the administrator and who has administration rights. You need admininstration rights to make system changes? There is still a little work to be done on this but we need to clear up these points first. Joe. -------------------- |
|
|
|
|
Oct 1 2008, 09:41 AM
Post
#9
|
|
|
New Member Group: Members Posts: 5 Joined: 18-September 08 Member No.: 239,798 |
I have tried several times to uninstall WildTangent from Control Panel/Add/Remove and it will not work for any of my 4 user profiles ("Ed" administrator rights, "Peg" or the other two). I even tried going into Safe Mode and logging on as user profile Administrator profile and I keep getting the same error message - "You need administrator priviliges to make any modifications ....". I ran SpyHunter3 and it found a few WildTangent items which I deleted, but WildTangent still remains. Any advice?
|
|
|
|
 |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 08:19 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.