Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

File And Printer Sharing Trying To Connect Out


  • Please log in to reply
19 replies to this topic

#1 joe blow

joe blow

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 24 May 2008 - 02:16 AM

HI,

From time to time microsoft file and printer sharing keeps trying to connect to a remote computer. I don't know why it is doing this as I am not promting it to do so. I even uninstalled it (at least I think I did), and it still keeps trying to connect out. I don't think that it is causing any problems as my firewall is blocking it. But I would like to know if some kind of maleware is causing the problem or if it is normal for file and printer sharing to try to connect to a remote computer.

Thanks for any help.

BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 24 May 2008 - 12:36 PM

please tell us your OS and what programs you have so far run to check FOR an infection?

I would like to be proved wrong BUT my suspicion is an infection on there :thumbsup:

#3 joe blow

joe blow
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 25 May 2008 - 01:28 AM

I have XP with service pack 3.

I have AVG 7.5, AVG antispyware, spybot 1.5 and they all find nothing (spybot does spend a long time scanning zlob.downloader.bs). I have also scanned with AVG rootkit detector and Rootkitrevealer and they also found nothing.

The only other symptom that I have is that sometimes accounts wont log off, or the computer turn off unless I switch user and turn off from the welcome screen.

#4 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 25 May 2008 - 11:01 AM

pleased try running this program to see what, if anything IT flags up

Superantispyware; guide on how to install and run


If you have not already got a Downloads folder , I suggest you create a new folder in My Documents, and name it Downloads ;

Installing superantispywareSuperantispyware is found here


http://www.superantispyware.com/index.html

Download to the Downloads folder the free exe to superantispyware from here


http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

you install superantispyware by clicking on the icon in the downloads folder ;
it will launch the installation process;
follow the instructions and I suggest you ask for a default installation ;
ensure it creates a desktop icon for you ;
once the program has been installed it should ask you if you wish to update the program ; say YES

if it does not ask you , you need TO fully update the definitions by opening the program and find the ‘check for updates ‘tab in the bottom left of the menus you see; click on it and it will do the update for you ;
I suggest you ask it to check for updates again once the first update is complete just to be sure


please then reboot your computer ; it is preferable to run the scan in your computers safe mode;

please open this program from the desktop icon
please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

go to the preferences tab on the right
on the General tab I suggest you disable the scan on start up

on the Hijack protection tab I suggest you tick BOTH items; this enables the program to give you a Hijack home page alert if your home page gets changes ; if you DO get a home page hijack, when you boot up the computer superantispyware will open and tell you the home page has changed and will ask you if this is a legitimate change;

in statistics/logs- go to the bottom and you will see two boxes asking about keeping a log of scanning results and saving empty logs?

Tick both of them

Then go back to the main screen and see the tab that says scan your computer? Do you see that ?

Click on it

A screen will open ;on the left hand side ensure your FIXED drive ( most probably the C drive) is ticked;
Also tick in there any other section that is used and attached .
On the right had side you see three scanning options?; please click the Complete scan option

OK; you are now set to scan

Please then click on the ‘next’ tab and let the scan run please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

From my experience running this program the complete full scan CAN take many hours to run depending on how much is on your computer so be patient and let it run; maybe go for a cuppa or watch a favourite program while this one runs

Once the scan IS complete you will be presented with a box telling you what the scan has found ( if anything); if harmful objects have been found click on the OK button ; on the next screen all the harmful objects should have a check mark beside them, ; click ‘next’


A notification should appear that

‘quarantine and removal is complete’

click ‘ok’
and then the Finish button to get returned to the main menu


If you have run the scan in computers safe mode you will need to reboot to computer normal mode

If you have run in computer’s normal mode I suggest you reboot to enable the ‘fix’ the program has performed to consolidate

You then need to retrieve the scan result

Open the program and return to the statistics /logs section ; locate the most recent log ; left mouse click on it to highlight it and click the ‘view log’ tab

The log should appear in maybe note pad ; you need to copy and paste that log for examination Once you have posted the log please close the superantispyware program

#5 joe blow

joe blow
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 26 May 2008 - 03:31 AM

Hi,

I did a scan with superantispyware, here is the log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/26/2008 at 06:18 PM

Application Version : 4.0.1154

Core Rules Database Version : 3468
Trace Rules Database Version: 1459

Scan type : Complete Scan
Total Scan Time : 00:39:45

Memory items scanned : 169
Memory threats detected : 0
Registry items scanned : 3161
Registry threats detected : 0
File items scanned : 23078
File threats detected : 0

#6 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 26 May 2008 - 08:02 AM

that ran clean;
please take a system restore point NOW;
please also try

asquared


http://www.emsisoft.com/en/software/free/

download from


http://www.emsisoft.com/en/software/download/

suggest you put ITS exe IN the download folder;

then install it from that exe and request a desktop shortcut

I suggest you ask for a custom installation

FULLY update the definitions and reboot the computer; again try for any updates;
on the configuration tab I suggest all you need to tick is to install program help;

on the scan pc tab section you need to go for a DEEP scan; this will THOROUGHLY scan your pc

I suggest you do this scan in your computer safe mode; or if you wish run it in computers normal mode but OFF line please and with NO other things being asked of the computer

the full deep scan MAY take a few hours so be prepared; it too will produce a scan report and you may wish to save it ;
this scan is the type of ''know thy machine' as it MAY produce some 'unexpected results'

pleae post back what, if anything IT finds

#7 joe blow

joe blow
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 28 May 2008 - 04:03 AM

OK

I have done the A2 scan, it seemed to be clean, here is the log.

a-squared Anti-Malware - Version 3.5
Last update: 5/28/2008 5:20:27 PM

Scan settings:

Objects: Memory, Traces, Cookies, C:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 5/28/2008 5:35:26 PM


Scanned

Files: 30467
Traces: 181897
Cookies: 1
Processes: 11

Found

Files: 0
Traces: 0
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 5/28/2008 5:58:47 PM
Scan time: 0:23:21

Is it ok to uninstall A2 now as it seems to clash with my Kerio firewall at startup.

#8 joe blow

joe blow
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 29 May 2008 - 01:35 AM

This warning comes up from my firewall multiple times when I log on to my computer.

Technical details about the intrusion attempt:

Injector application: C:\Program Files\a-squared Anti-Malware\a2service.exe
Description: a-squared Service
File version: 3.0.0.426
Product name: a-squared
Product version: 3.0.0.0
Created: 2008/5/28, 06:57:53
Modified: 2008/5/11, 23:02:50
Accessed: 2008/5/29, 06:02:42

Target application: C:\WINDOWS\system32\ctfmon.exe
Description: CTF Loader
File version: 5.1.2600.5512 (xpsp.080413-2105)
Product name: Microsoft® Windows® Operating System
Product version: 5.1.2600.5512
Created: 2003/7/16, 20:26:03
Modified: 2008/4/14, 00:12:16
Accessed: 2008/5/28, 09:38:14

Address of injection: 0x716F0000

I wasn't that worried about it but I thought you should know.


Also I was wondering if the printer and file sharing problem could be someting external trying to connect in rather than something on my computer trying to connect out. As when I put a permanat block on it, it seemed to be the inward connection that was blocked.

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:44 PM

Posted 29 May 2008 - 04:48 AM

Know thy enemy, not all problems are technically malware

http://support.microsoft.com/default.aspx?...kb;en-us;282599

Goto Control Panel > Regional and Language Options > Languages > Details > Advanced, and check the box Turn off advanced text services


It seems every program/service/whatever wants to call home today


I guess that's why I don't let any of them load at bootup
Chewy

No. Try not. Do... or do not. There is no try.

#10 joe blow

joe blow
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 30 May 2008 - 03:50 AM

I did what you said and it seemed to fix the problem.

Kerio was detecting something trying to connect with file and printer sharing about every 5 to 10 minutes. It has only happened once since I made the changes you suggested. So with any luck the problem has been solved.

I will post what Kerio said about that incident in case it helps. I have removed the IP addresses, the local was my own, the remote my internet provider.

[5/30/2008 2:55:31 PM]

Direction: incoming
Local Point: **.**.***.***, port microsoft-ds [445]
Adapter: N/A
Remote Point: C-61-69-144-264.per.connect.net.au [**.**.***.***], port 10837
Protocol: TCP

Application path: NETBIOS
Description: Microsoft File and Printer Sharing
File version: (null)
Created: N/A
Modified: N/A
Accessed: N/A

RuleId = 268435465

#11 joe blow

joe blow
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 01 June 2008 - 04:13 AM

Just a bit of an update.

I did what you suggested and at first it seemed to work but now I am getting just as many attempts to connect with file and printer sharing as before.

If you have any suggestions about what I could try now that would be great.

Thanks.

#12 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:44 PM

Posted 01 June 2008 - 08:03 AM

http://www.dougknox.com/xp/utils/StartupTracker3.zip

let's see what you have running?

Like I have said many times before every durn program wants to call home, the more you load the worse it gets

It seems most people have forgotten what the remove part does in add and remove programs
Chewy

No. Try not. Do... or do not. There is no try.

#13 joe blow

joe blow
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 02 June 2008 - 04:11 AM

Hi,

Here is the startup log.


6/2/2008 4:04:10 PM

-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

No Items Found

-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

igfxtray C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd C:\WINDOWS\system32\hkcmd.exe
igfxpers C:\WINDOWS\system32\igfxpers.exe
AVG7_CC C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
!AVG Anti-Spyware "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
Dell Photo AIO Printer 922 "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
SiteAdvisor C:\Program Files\SiteAdvisor\6066\SiteAdv.exe

-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

No Items Found

-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

-- Registry --
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce

No Items Found

-- Start Menu - Current User --
No Items Found

-- Start Menu - All Users --
No Items Found

-- Disabled Items --
No Items Found

-- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon --
Explorer.exe

-- Running Processes --
System Idle Process
System
smss.exe \SystemRoot\System32\smss.exe
csrss.exe
winlogon.exe winlogon.exe
services.exe C:\WINDOWS\system32\services.exe
lsass.exe C:\WINDOWS\system32\lsass.exe
svchost.exe C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
spoolsv.exe C:\WINDOWS\system32\spoolsv.exe
guard.exe "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe"
avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
avgemc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
SAService.exe "C:\Program Files\SiteAdvisor\6066\SAService.exe"
kpf4ss.exe "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
svchost.exe C:\WINDOWS\System32\svchost.exe -k imgsvc
alg.exe
kpf4gui.exe "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe" -g 10 -s
explorer.exe C:\WINDOWS\Explorer.EXE
kpf4gui.exe "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe" -g 11
hkcmd.exe "C:\WINDOWS\system32\hkcmd.exe"
igfxpers.exe "C:\WINDOWS\system32\igfxpers.exe"
avgcc.exe "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
avgas.exe "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
dlbtbmgr.exe "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
dlbtbmon.exe "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe"
SiteAdv.exe "C:\Program Files\SiteAdvisor\6066\SiteAdv.exe"
TeaTimer.exe "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
SUPERAntiSpyware.exe"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
wuauclt.exe "C:\WINDOWS\system32\wuauclt.exe"
StartupTracker3.exe "C:\adownloads\StartupTracker3\StartupTracker3.exe"
wmiprvse.exe

-- Running Services --

Name: ALG
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\alg.exe

Name: AudioSrv
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: AVG Anti-Spyware Guard
Description:
Startup Mode: Auto
Run from: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

Name: Avg7Alrt
Description:
Startup Mode: Auto
Run from: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

Name: Avg7UpdSvc
Description:
Startup Mode: Auto
Run from: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

Name: AVGEMS
Description:
Startup Mode: Auto
Run from: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

Name: BITS
Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: CryptSvc
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

Name: DcomLaunch
Description: Provides launch functionality for DCOM services.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost -k DcomLaunch

Name: Dhcp
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: Dnscache
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k NetworkService

Name: ERSvc
Description: Allows error reporting for services and applictions running in non-standard environments.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: Eventlog
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe

Name: EventSystem
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: FastUserSwitchingCompatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: helpsvc
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: lanmanworkstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: LmHosts
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService

Name: Netman
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: Nla
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: PlugPlay
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe

Name: PolicyAgent
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\lsass.exe

Name: ProtectedStorage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe

Name: RasMan
Description: Creates a network connection.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: RpcSs
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost -k rpcss

Name: SamSs
Description: Stores security information for local user accounts.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe

Name: Schedule
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: seclogon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: SENS
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

Name: SharedAccess
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: ShellHWDetection
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: SiteAdvisor Service
Description: Provides low-level support for McAfee SiteAdvisor
Startup Mode: Auto
Run from: C:\Program Files\SiteAdvisor\6066\SAService.exe

Name: SPF4
Description: Sunbelt Personal Firewall Engine
Startup Mode: Auto
Run from: "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"

Name: Spooler
Description: Loads files to memory for later printing.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\spoolsv.exe

Name: srservice
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: SSDPSRV
Description: Enables discovery of UPnP devices on your home network.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService

Name: stisvc
Description: Provides image acquisition services for scanners and cameras.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k imgsvc

Name: TapiSrv
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: TermService
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost -k DComLaunch

Name: Themes
Description: Provides user experience theme management.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: TrkWks
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

Name: W32Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService

Name: winmgmt
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

Name: wscsvc
Description: Monitors system security settings and configurations.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

Name: wuauserv
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

Name: WZCSVC
Description: Provides automatic configuration for the 802.11 adapters
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

#14 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:44 PM

Posted 02 June 2008 - 06:16 AM

Well it looks like your firewall has gone bananas, seeing teatimer might explain why

I have had to unload teatimer from resident protection and reinstall, and/or uninstall applications that it messed up

I reloaded a couple of computers a few years ago where norton's and windows updates and teatimer hosed windows

A couple I saved by uninstalling and then reinstalling apps with teatimer disabled
Chewy

No. Try not. Do... or do not. There is no try.

#15 joe blow

joe blow
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 03 June 2008 - 03:25 AM

After what you said I checked the firewall at GRC and it said port 135 was open.

I uninstalled Spybot and Kerio, then I reinstalled Kerio and went back to GRC, port 135 was still open and Kerio was still giving me the pop ups about File and Printer Sharing.

I then uninstalled Kerio and checked again at GRC using only Windows firewall and it said everything was fine.

Of course now I can't check on what is going on with File and Printer Sharing.

Is there a good free firewall that you could recomend that dosen't use a lot of memory.

Also I have been trying to find the steps necessary to reinstall windows and be 100% certain of removeing all malware, (as opposed to a standard reinstall). I don't want to do it at the moment, I was just wondering what was required.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users