Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Trojan! Hjt Log Included


  • This topic is locked This topic is locked
20 replies to this topic

#1 Deanemachine

Deanemachine

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 19 October 2005 - 05:29 PM

Please help! Stupid me opened up an AIM link without checking to see what it was first and got hit with a trojan. It sent it to everyone on my buddy list, has changed my security settings making it impossible to download or log into anything. AVG picks it up but when it says that it has fixed it the virus just pops up again. Any ideas out there???

Logfile of HijackThis v1.99.1
Scan saved at 12:38:13 AM, on 10/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~2\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~2\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\1125171302\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125171302\ee\AOLServiceHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\PROGRA~1\Grisoft\AVGFRE~2\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~2\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\deane\Desktop\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125171302\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~2\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~2\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000080.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121703115842
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~2\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~2\avgupsvc.exe
O23 - Service: Msdebugsrv1 (Msdebugsrv) - Unknown owner - C:\WINDOWS\dbg32hlp.exe

BC AdBot (Login to Remove)

 


m

#2 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 22 October 2005 - 02:20 AM

Hello and Welcome to Bleepings

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp.exe - Install.

UnHookExec.inf
Right-click the UnHookExec.inf file and click install. (This is a small file. It does not display any notice or boxes when you run it.)

rdrivRem.zip

Ewido Security Suite
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.


'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Next, reboot your computer in SafeMode :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


From Control Panel->Add/Remove Programs, uninstall the following programs, if present, :
  • DNS
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Click Start->Run - type SERVICES.MSC & then click on the OK button
  • Locate the service - Msdebugsrv1 (Msdebugsrv)
  • Double-click on it to open the Properties dialog.
    • Under the General tab, note down the name of "Service name". We shall need it later.
    • Stop the service by using the Stop button.
    • Change the Startup type to Disabled & then click on the OK button
  • Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
  • In the popup box that appears, type in "Service name" & then click on the OK button
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


With HiJackThis & place a check next to these items and select "Fix checked":

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file)
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000080.exe
O23 - Service: Msdebugsrv1 (Msdebugsrv) - Unknown owner - C:\WINDOWS\dbg32hlp.exe



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
  • Untick - Hide file extensions for known types
  • Untick - Hide protected operating system files
Click Yes to confirm & then click OK

Locate and delete the following folders, if present:
  • C:\Program Files\DNS\
Locate and delete the following files:
  • C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe
    C:\Program Files\Common Files\mc-110-12-0000080.exe
    C:\WINDOWS\dbg32hlp.exe
Search for & delete ... using Start> Search... the following files:
  • windir32.exe
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Double-click rdrivRem.zip & run rdrivRem.bat - follow the instructions on the screen.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
  • Delete Newsgroup Subscriptions
  • Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
  • "Perform action on all infections"
  • .Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REBOOT TO NORMAL MODE


Perform an online scan with Internet Explorer with Panda ActiveScan
  • Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  • Click Scan Now
  • Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Double-click the tmas-web-scan.exe icon
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh logs from:
  • HiJackThis log
  • Online Scan
  • Ewido
  • AntiSpyware.log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

#3 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 29 October 2005 - 12:14 AM

* * * * * * * * *

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

* * * * * * * * *

#4 Deanemachine

Deanemachine
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 29 October 2005 - 06:36 PM

Thanks for reopening my post...Along with the following I also switched from AVG Free to Norton Antivirus, and that seemed to help me to start things out..Since running these scans my computer is running well, the only problem is I had to readjust my security settings to allow all cookies and I also have to manually download any updates from Norton, I'm not sure if that is connected or not though..thanks a million..

NEW HJT LOG

Logfile of HijackThis v1.99.1
Scan saved at 3:49:45 PM, on 10/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\AOL\1125171302\ee\AOLHostManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\1125171302\ee\AOLServiceHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\AOL\1125171302\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1125171302\ee\AOLServiceHost.exe
C:\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125171302\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: www.aim.com
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://www.jayloden.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://www.snapfiles.com
O15 - Trusted Zone: http://www.windowsupdate.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121703115842
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

ACTIVESCAN LOG


Incident Status Location

Adware:adware/maxifiles No disinfected C:\PROGRAM FILES\COMMON FILES\system32.dll
Adware:adware/wupd No disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\deane\Desktop\aimfix_quarantine\16635_mc-110-12-0000080.exe.bak
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\eric\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-11e6b98c-3a17c74e.zip[Dummy.class]
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[cwebpage.dll]

EWIDO LOG

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:21:20 PM, 10/28/2005
+ Report-Checksum: D41354AC

+ Scan result:

HKU\S-1-5-21-1454471165-1993962763-682003330-1003\Software\DNS -> Adware.Shorty : Cleaned with backup
C:\Documents and Settings\deane\Desktop\aimfix_quarantine\16635_services.exe.bak -> Spyware.Maxifiles : Cleaned with backup
:mozilla.6:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.7:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.8:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.9:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.10:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.11:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.12:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.14:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.15:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.16:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.17:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.22:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.23:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.24:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.25:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.26:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.27:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.28:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.29:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.30:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.33:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.34:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.35:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.36:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.37:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.38:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.39:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.43:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.44:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.45:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.46:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.47:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.48:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.49:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.50:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.51:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.62:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.67:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.74:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.114:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.117:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.119:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.134:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.135:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.136:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.137:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.138:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.143:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.144:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.146:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.147:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.148:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.149:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.150:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.151:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.152:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.153:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.154:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.155:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.160:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.161:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.162:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.163:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.164:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.187:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.211:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.212:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.237:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.238:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.239:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.240:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.241:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.242:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.243:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.244:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.245:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.246:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.247:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.248:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.249:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.269:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.270:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.281:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.282:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.301:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.302:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.303:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.304:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.305:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.306:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.307:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.308:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.309:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.310:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.329:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.330:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.331:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.332:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.333:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.334:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.342:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.343:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.344:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.345:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.346:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.347:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.348:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.349:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.350:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.351:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.352:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.353:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.361:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.364:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.389:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.403:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.404:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.405:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.406:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.407:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.410:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.427:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.430:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.431:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.444:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.445:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.446:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.447:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.455:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.458:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.459:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.460:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.461:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.463:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.471:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.472:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.473:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.474:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.490:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.495:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\3tdhf6zq.eric\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.7:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.12:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.15:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.16:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.17:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.18:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.19:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.20:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.21:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.22:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.23:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.24:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.25:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.26:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.29:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.30:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.31:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.37:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.38:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.41:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.43:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.44:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.45:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.46:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.47:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.48:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.52:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.53:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.54:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.55:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9asdhgqg.eric2\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\9

#5 Deanemachine

Deanemachine
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 29 October 2005 - 06:40 PM

One more item I must have forgotten to include..

ANTISPYWARE.log

Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Internet URL Shortcuts
Files and Directories
Found '16635_WinMX.exe.bak' in 'C:\Documents and Settings\deane\Desktop\aimfix_quarantine'
Found 'winmx353.exe' in 'C:\Documents and Settings\eric\Desktop\Unused Desktop Shortcuts'
Found '' in 'C:\Program Files\WinMX'
Found 'errcatch.exe' in 'C:\Program Files\WinMX'
Found 'uninstall.exe' in 'C:\Program Files\WinMX'
Found 'ide21201.vxd' in 'C:\WINDOWS\system32'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\deane\Desktop\aimfix_quarantine\16635_WinMX.exe.bak' in shortcut areas.
Checking for 'C:\Documents and Settings\deane\Desktop\aimfix_quarantine\16635_WinMX.exe.bak' in startup areas.
Cleaning 'C:\Documents and Settings\deane\Desktop\aimfix_quarantine\16635_WinMX.exe.bak'
Checking for 'C:\Documents and Settings\eric\Desktop\Unused Desktop Shortcuts\winmx353.exe' in shortcut areas.
Checking for 'C:\Documents and Settings\eric\Desktop\Unused Desktop Shortcuts\winmx353.exe' in startup areas.
Cleaning 'C:\Documents and Settings\eric\Desktop\Unused Desktop Shortcuts\winmx353.exe'
Checking for 'C:\Program Files\WinMX' in shortcut areas.
Checking for 'C:\Program Files\WinMX' in startup areas.
Cleaning 'C:\Program Files\WinMX'
Checking for 'C:\Program Files\WinMX\colors.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\colors.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\colors.dat'
Checking for 'C:\Program Files\WinMX\contacts.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\contacts.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\contacts.dat'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
Checking for 'C:\Program Files\WinMX\library.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\library.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\library.dat'
Checking for 'C:\Program Files\WinMX\license.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\license.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\license.txt'
Checking for 'C:\Program Files\WinMX\settings.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\settings.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\settings.dat'
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\wpnpchannelcmds.txt'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\errcatch.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\uninstall.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\WINDOWS\system32\ide21201.vxd' in shortcut areas.
Checking for 'C:\WINDOWS\system32\ide21201.vxd' in startup areas.
Cleaning 'C:\WINDOWS\system32\ide21201.vxd'
Finished Cleaning
Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning

#6 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 29 October 2005 - 06:53 PM

You seem to have done a very good job with the disinfection process. We're almost done.

Please delete the following files/folders: (let me know if you fail to find/delete any)
  • C:\PROGRAM FILES\COMMON FILES\system32.dll
    C:\Documents and Settings\deane\Desktop\aimfix_quarantine\16635_mc-110-12-0000080.exe.bak
    C:\Documents and Settings\eric\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-11e6b98c-3a17c74e.zip
After you have done that, please post a fresh HJT log so that I can verify it's clean

#7 Deanemachine

Deanemachine
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 30 October 2005 - 01:35 AM

Thanks for the quick response! I was able to locate two of those three documents, all but:
C:\Documents and Settings\deane\Desktop\aimfix_quarantine\16635_mc-110-12-0000080.exe.bak
although I think I may have deleted that since my last HJT log. However, even after getting everything removed, my computer (a desktop, AMD Processor) has shut itself down probably 10 times in 1 day alone! I have always had problems with my computer doing this but it has never done it this often. Could this be related in any way? Please lemme know..Here is my newest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:18:16 AM, on 10/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\1125171302\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125171302\ee\AOLServiceHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\AOL\1125171302\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125171302\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: www.aim.com
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://www.jayloden.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://www.snapfiles.com
O15 - Trusted Zone: http://www.windowsupdate.com
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121703115842
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#8 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 30 October 2005 - 02:03 AM

Your log is clean. I don't think your random reboots are related to malware.
Malware usually like to keep the system running so that they can go about their business. :thumbsup:

Let's have a look at what's causing these reboots.

Go to Start > Run - type eventvwr <Press Enter> (this starts the event viewer)
Under Application & System, try looking for error/failure messages.
This may give us an indication as to what's causing these reboots.

Please post any error messages found.

#9 Deanemachine

Deanemachine
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 30 October 2005 - 07:59 PM

I opened up my event viewer and this is what I found:

Application

Event Type: Error
Event Source: EventSystem
Event Category: (50)
Event ID: 4609
Date: 10/30/2005
Time: 6:10:02 PM
User: N/A
Computer: DEANE-DY5RGMWX5
Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070422 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: VSS
Event Category: None
Event ID: 8193
Date: 10/30/2005
Time: 6:08:08 PM
User: N/A
Computer: DEANE-DY5RGMWX5
Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 57 52 54 57 52 54 49 43 WRTWRTIC
0008: 32 31 34 39 00 00 00 00 2149....
0010: 57 52 54 57 52 54 49 43 WRTWRTIC
0018: 32 31 31 31 00 00 00 00 2111....

Event Type: Error
Event Source: VSS
Event Category: None
Event ID: 8193
Date: 10/30/2005
Time: 1:21:28 AM
User: N/A
Computer: DEANE-DY5RGMWX5
Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 57 52 54 57 52 54 49 43 WRTWRTIC
0008: 32 31 34 39 00 00 00 00 2149....
0010: 57 52 54 57 52 54 49 43 WRTWRTIC
0018: 32 31 31 31 00 00 00 00 2111....


-----------All Errors under application were either from eventsystem or VSS

System
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 10/30/2005
Time: 6:10:15 PM
User: NT AUTHORITY\SYSTEM
Computer: DEANE-DY5RGMWX5
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 10/30/2005
Time: 6:09:30 PM
User: N/A
Computer: DEANE-DY5RGMWX5
Description:
The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1002
Date: 10/30/2005
Time: 6:07:52 PM
User: N/A
Computer: DEANE-DY5RGMWX5
Description:
The IP address lease 192.168.2.37 for the Network Card with network address 000D6131EDE8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

------------All errors under system were either DCOM dhcp or Service control manager

I'm not sure if that is exactly what you need, but if there is more let me know and I'll give you more..Thanks!

#10 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 31 October 2005 - 06:00 AM

Please download this file - GetServices.zip

# It's important you extract it to it's own folder before proceeding

From the newly created folder, double click on getservice.bat & post the resultant log here.

#11 Deanemachine

Deanemachine
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 31 October 2005 - 02:00 PM

I ran that getservices program, and here is the log I came up with....

PsService v1.1 - local and remote services viewer/controller
Copyright © 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerter
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Management
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: aspnet_state
Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ASP.NET State Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Automatic LiveUpdate Scheduler
Manages the scheduling of Automatic LiveUpdate sessions
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic LiveUpdate Scheduler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : Rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Computer Browser
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccEvtMgr
Event propagation and logging service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
LOAD_ORDER_GROUP : Symantec Core Services
TAG : 0
DISPLAY_NAME : Symantec Event Manager
DEPENDENCIES : RPCSS
: ccSetMgr
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccSetMgr
Settings storage and management service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
LOAD_ORDER_GROUP : Symantec Core Services
TAG : 0
DISPLAY_NAME : Symantec Settings Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: cisvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Indexing Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : COM+ System Application
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 30 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
: Restart DELAY: 5000 seconds
: None DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cryptographic Services
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: DcomLaunch
Provides launch functionality for DCOM services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k DcomLaunch
LOAD_ORDER_GROUP : Event Log
TAG : 0
DISPLAY_NAME : DCOM Server Process Launcher
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager Administrative Service
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ewido security suite control
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\Program Files\ewido\security suite\ewidoctrl.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ewido security suite control
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HID Input Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: HTTPFilter
This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HTTP SSL
DEPENDENCIES : HTTP
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\imapi.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IMAPI CD-Burning COM Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LiveUpdate
LiveUpdate Core Engine
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : LiveUpdate
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: PlugPlay
: RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetMeeting Remote Desktop Sharing
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 0
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: MSIServer
Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\msiexec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: navapsvc
Handles Norton AntiVirus Auto-Protect events.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Norton AntiVirus Auto-Protect Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Network DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Network DDE DSDM
: etwork DDE
: on AntiVirus Auto-Protect Service
: n Coordinator
: ion
: r
: ager
: Af
: 
: ¾
: 
: ¨6
: ¨6
: ges Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
:
: u
: n
: a
: v
: a
: i
: l
: a
: b
: l
: e
: .
:
: I
: f
:
: t
: h
: i
: s
:
: s
: e
: r
: v
: i
: c
: e
:
: i
: s
:
: d
: i
: s
: a
: b
: l
: e
: d
: ,
:
: a
: n
: y
:
: s
: e
: r
: v
: i
: c
: e
: s
:
: t
: h
: a
: t
:
: e
: x
: p
: l
: i
: c
: i
: t
: l
: y
:
: d
: e
: p
: e
: n
: d
:
: o
: n
:
: i
: t
:
: w
: i
: l
: l
:
: f
: a
: i
: l
:
: t
: o
:
: s
: t
: a
: r
: t
: .
:
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Net Logon
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NPFMntor
Detects installation of Symantec Firewall clients
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Norton AntiVirus Firewall Monitor Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NSCService
Norton Console Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Norton Protection Center Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Removable Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ose
Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Office Source Engine
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Auto Connection Manager
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Desktop Help Session Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing and Remote Access
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteRegistry
Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Registry
DEPENDENCIES : RPCSS
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\rsvp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SAVScan
Handles Norton AntiVirus Auto-Protect Archive Scanning
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Norton AntiVirus\SAVScan.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Symantec AVScan
DEPENDENCIES : SAVRT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP : SmartCardGroup
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secondary Logon
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
DEPENDENCIES : Netman
: WinMgmt
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SNDSrvc
Symantec Network Drivers Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec Network Drivers Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SPBBCSvc
Symantec SPBBC
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : SPBBCSvc
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SSDP Discovery Service
DEPENDENCIES : HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{C82B16CE-369F-45D8-99C2-38EF6481F5F2}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MS Software Shadow Copy Provider
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Symantec Core LC
Symantec Core LC
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec Core LC
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Performance Logs and Alerts
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost -k DComLaunch
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: TlntSvr
Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\tlntsvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telnet
DEPENDENCIES : RPCSS
: TCPIP
: NTLMSSP
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Universal Plug and Play Device Host
DEPENDENCIES : SSDPSRV
: HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Uninterruptible Power Supply
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Volume Shadow Copy
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.


TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 5 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
: Eventlog
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Portable Media Serial Number Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Wmi
Provides systems management information to and from drivers.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation Driver Extensions
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\wbem\wmiapsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : WMI Performance Adapter
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wscsvc
Monitors system security settings and configurations.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Security Center
DEPENDENCIES : RpcSs
: winmgmt
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: xmlprov
Manages XML configuration files on a domain basis for automatic network provisioning.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Provisioning Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

#12 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 31 October 2005 - 03:02 PM

Click Start->Run - type SERVICES.MSC & then click on the OK button
  • Locate the service - COM+ Event System
  • Double-click on it to open the Properties dialog.
  • Change the Startup type to Automatic & then click on the OK button
Let me know how that went

#13 Deanemachine

Deanemachine
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 31 October 2005 - 04:36 PM

I changed the startup type from disabled to automatic, and I didn't notice any changes, is that a good thing? Oddly enough, my computer has been on for awhile now with no shutdowns, it seems like it will do this for a day or two when I first restart it, then it will be fine for awhile, I'm not sure if that means anything...Thanks for all of your help,

Eric

#14 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 31 October 2005 - 04:40 PM

Let it run & we'll see what happens within the next 2 days.

#15 Deanemachine

Deanemachine
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 04 November 2005 - 12:09 PM

I've run my computer and I've had no problems with any restarts or anything else really...I think the last question I have is somewhere in the process of cleaning out my computer, all of these transparent looking icons have shown up on my computer..Mainly in my music section. The ones in my music section all come up as "album art", and when I go to delete them it tells me this is a system file..Is there an option anywhere that I can click to hide all of these transparent icons? Or can I delete them? Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users