Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dr Watson is Killing me[RESOLVED]

Started by Airbarto1 , Apr 27 2005 03:49 AM

  • This topic is locked This topic is locked

#1
Airbarto1
Posted 27 April 2005 - 03:49 AM

Airbarto1

    Member

  • Member
  • PipPip
  • 71 posts
Hello - this is my first post and although I've tried to take care of this problem on my own for a few hours now I've decided to post a hijack this log. Any help would be greatly appreciated. I've already downloaded most of the programs you've told other users with similar problems to run, but I feel that each issue is rather unique.

Here we go...

Logfile of HijackThis v1.99.1
Scan saved at 5:45:00 AM, on 4/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\addsw.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\appcx32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\DOCUME~1\BARTOL~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hnfwa.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hnfwa.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hnfwa.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hnfwa.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hnfwa.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hnfwa.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hnfwa.dll/sp.html#96676
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {55B9BF74-5683-BABA-EBB1-63E94A1461AE} - C:\WINDOWS\addhr32.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [apily.exe] C:\WINDOWS\system32\apily.exe
O4 - HKLM\..\Run: [appcx32.exe] C:\WINDOWS\system32\appcx32.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\addsw.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




Theres the log - please give me some help - i hate not being able to access any of my files - i have finals next week !
  • 0

Advertisements

#2
Metallica
Posted 27 April 2005 - 08:02 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder it's in.
These easily get lost in a Temp folder.

Download and run: http://securityrespo...moval.tool.html

Download and run CWShredder from:
http://www.intermute...r_download.html
Use the Fix button.

Download and run About:Buster from:
http://www.majorgeek...wnload4289.html
It usually takes two runs to get cleaned.

Then run HijackThis again and fix any of the lines below that are still present.
Check those items in HijackThis, close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hnfwa.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hnfwa.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hnfwa.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\hnfwa.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hnfwa.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hnfwa.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\hnfwa.dll/sp.html#96676
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {55B9BF74-5683-BABA-EBB1-63E94A1461AE} - C:\WINDOWS\addhr32.dll

O4 - HKLM\..\Run: [apily.exe] C:\WINDOWS\system32\apily.exe
O4 - HKLM\..\Run: [appcx32.exe] C:\WINDOWS\system32\appcx32.exe

O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\addsw.exe

Then reboot and run a full system scan with MSAS (I saw you have that installed) after making sure it's up-to-date.

Regards,
  • 0

#3
Airbarto1
Posted 27 April 2005 - 10:46 AM

Airbarto1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Sorry quick question - what is MSAS? I downloaded a lot of programs last night to try and get rid of this and am having trouble keeping track of them


thanks so much for the reply - i'll run a hijack this as soon as i get back to my computer
  • 0

#4
Metallica
Posted 27 April 2005 - 12:11 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
MSAS is the MicroSoft AntiSpyware (beta)

Regards,

Pieter
  • 0

#5
Airbarto1
Posted 27 April 2005 - 01:55 PM

Airbarto1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Thanks for getting back to me- okay i ran everything that you told me to - heres my nwe hjt log. Hopefully its getting better. let me know what else i can do - i haven't opened any files since I've started to contact this site so I'm not sure if its gone or not yet. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 3:30:02 PM, on 4/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\DOCUME~1\BARTOL~1\LOCALS~1\Temp\Temporary Directory 3 for
hijackthis.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {55B9BF74-5683-BABA-EBB1-63E94A1461AE} -
C:\WINDOWS\addhr32.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common
Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cab
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner -
C:\WINDOWS\addsw.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#6
Metallica
Posted 27 April 2005 - 02:12 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O2 - BHO: (no name) - {55B9BF74-5683-BABA-EBB1-63E94A1461AE} -
C:\WINDOWS\addhr32.dll

O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner -
C:\WINDOWS\addsw.exe (file missing)

Then reboot and download http://computercops....rijn/adsspy.zip

Unzip and run it. Post the log and your new HijackThis log.

Regards,

Pieter
  • 0

#7
Airbarto1
Posted 27 April 2005 - 07:49 PM

Airbarto1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Okay - sorry for the delay - here are the two logs that you asked for, the first one is the hijack this and the second is the program that i downloaded and ran. I've kept my computer off for the majority of the day to stop any further problems. Thanks again for all your help - i hope i can get rid of this !


Logfile of HijackThis v1.99.1
Scan saved at 6:22:38 PM, on 4/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\BARTOL~1\LOCALS~1\Temp\Temporary Directory 7 for
hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\system32\iucno.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\system32\iucno.dll/sp.html#96676
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common
Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cab
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner -
C:\WINDOWS\addsw.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


C:\WINDOWS\_DEFAULT.PIF : dngwg (56832 bytes)
C:\WINDOWS\_DEFAULT.PIF : enygnz (11638 bytes)
C:\WINDOWS\_DEFAULT.PIF : ojxub (11591 bytes)
C:\WINDOWS\_DEFAULT.PIF : rtnvw (11388 bytes)
C:\WINDOWS\_DEFAULT.PIF : zilia (56320 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : adzudd (30355 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : bfrhfd (12357 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : bxgqju (11736 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : cazem (10743 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : dkjmoo (66560 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : eahmxz (3567 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : ezcoar (66560 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : frbfgz (7423 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : gdseka (30355 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : gehwtf (12357 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : ifzdp (11388 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : ikomkd (30355 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : kjygtd (3567 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : kwrtu (27750 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : lghrxa (11638 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : lilclb (30355 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : mzjjfh (3567 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : mzogdw (4870 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : nrqamo (11736 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : okhyqx (12357 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : pbvkgq (12357 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : qduybh (30355 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : qlmycm (66560 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : sigbrb (7473 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : sitwjq (12357 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : tpbmy (56320 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : tyydlw (4870 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : ugcuio (30355 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : uzwbbm (11736 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : vkdyv (56320 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : vujhu (103946 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : wzsbtn (30355 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : xbszzj (66560 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : xrltoi (12357 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : yfscvh (30355 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : yoffk (30355 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : ysukij (3567 bytes)
C:\WINDOWS\{E659B56C-30F2-4405-80FC-653B683C1A99}.dat : zinoxr (11736 bytes)
C:\WINDOWS\aassm.txt : jutwts (11638 bytes)
C:\WINDOWS\addjk.dll : besbv (10743 bytes)
C:\WINDOWS\addjk.dll : lwfoh (11638 bytes)
C:\WINDOWS\addjk.dll : oyidmn (11638 bytes)
C:\WINDOWS\addpq.dll : agsir (3063 bytes)
C:\WINDOWS\addpq.dll : gwqrp (26624 bytes)
C:\WINDOWS\aqadcup.rcf : dvcuj (10743 bytes)
C:\WINDOWS\aqadcup.rcf : hmrsv (56832 bytes)
C:\WINDOWS\aqadcup.rcf : pixqw (26624 bytes)
C:\WINDOWS\aqadcup.rcf : wkizwe (70144 bytes)
C:\WINDOWS\atlee32.dll : wifgq (103946 bytes)
C:\WINDOWS\atlef.exe : juajk (26624 bytes)
C:\WINDOWS\atlef.exe : kofbp (26624 bytes)
C:\WINDOWS\atlef.exe : pzxdd (11638 bytes)
C:\WINDOWS\atlqn32.dll : kifsag (11592 bytes)
C:\WINDOWS\atlqn32.dll : pkttw (11638 bytes)
C:\WINDOWS\Blue Lace 16.bmp : hsqjf (26624 bytes)
C:\WINDOWS\Blue Lace 16.bmp : stxcw (56320 bytes)
C:\WINDOWS\Blue Lace 16.bmp : vjxycr (7305 bytes)
C:\WINDOWS\Blue Lace 16.bmp : ylszh (18944 bytes)
C:\WINDOWS\BOOTSTAT.DAT : mxmga (11638 bytes)
C:\WINDOWS\BOOTSTAT.DAT : rdjiu (10743 bytes)
C:\WINDOWS\cdplayer.ini : ebossw (11638 bytes)
C:\WINDOWS\cdplayer.ini : hllzy (30355 bytes)
C:\WINDOWS\cdplayer.ini : mhcdx (26624 bytes)
C:\WINDOWS\cdplayer.ini : nvseds (55808 bytes)
C:\WINDOWS\ckuuw.txt : oxyrev (11638 bytes)
C:\WINDOWS\Coffee Bean.bmp : bdtnx (27750 bytes)
C:\WINDOWS\Coffee Bean.bmp : gyreyx (30355 bytes)
C:\WINDOWS\Coffee Bean.bmp : wcgxmh (30355 bytes)
C:\WINDOWS\COM+.log : blpuy (10743 bytes)
C:\WINDOWS\COM+.log : szfmo (30355 bytes)
C:\WINDOWS\COM+.log : zcbeg (12357 bytes)
C:\WINDOWS\COMSETUP.LOG : aoslpy (11638 bytes)
C:\WINDOWS\COMSETUP.LOG : lptyh (27750 bytes)
C:\WINDOWS\COMSETUP.LOG : rtvuim (11638 bytes)
C:\WINDOWS\COMSETUP.LOG : vtqox (11591 bytes)
C:\WINDOWS\CONTROL.INI : igghq (11591 bytes)
C:\WINDOWS\CONTROL.INI : xitdt (10743 bytes)
C:\WINDOWS\crth32.exe.bak : gfapb (11638 bytes)
C:\WINDOWS\crth32.exe.bak : jfnnr (10743 bytes)
C:\WINDOWS\crth32.exe.bak : kunacw (30355 bytes)
C:\WINDOWS\crth32.exe.bak : xslrjt (11591 bytes)
C:\WINDOWS\crzv32.dll : qtewlw (7305 bytes)
C:\WINDOWS\crzv32.dll : wabqpe (11638 bytes)
C:\WINDOWS\crzv32.dll : zxtud (30355 bytes)
C:\WINDOWS\CS_setup.ini : cwvevp (11638 bytes)
C:\WINDOWS\CS_setup.ini : hvbox (26624 bytes)
C:\WINDOWS\d3gy32.dll : bmhpzr (70144 bytes)
C:\WINDOWS\d3gy32.dll : nxypjc (30355 bytes)
C:\WINDOWS\d3gy32.dll : ttzbnk (3347 bytes)
C:\WINDOWS\d3gy32.dll : xgxqmt (11638 bytes)
C:\WINDOWS\d3rl.dll : hbmjly (30355 bytes)
C:\WINDOWS\DELL.BMP : mtsgpv (68096 bytes)
C:\WINDOWS\DELL.BMP : paxni (10743 bytes)
C:\WINDOWS\dencvw.dat : ahdwg (10743 bytes)
C:\WINDOWS\dencvw.dat : pwauwe (11591 bytes)
C:\WINDOWS\dencvw.dat : tjqrme (11591 bytes)
C:\WINDOWS\DESKTOP.INI : icmgw (26624 bytes)
C:\WINDOWS\DESKTOP.INI : kzjrn (56832 bytes)
C:\WINDOWS\DESKTOP.INI : vptja (11638 bytes)
C:\WINDOWS\DESKTOP.INI : wbpbw (11591 bytes)
C:\WINDOWS\dfwbp.dll : iiaiao (30355 bytes)
C:\WINDOWS\dfwbp.dll : yzbigx (11591 bytes)
C:\WINDOWS\DHCPUPG.LOG : caknun (11883 bytes)
C:\WINDOWS\DHCPUPG.LOG : gybxf (7305 bytes)
C:\WINDOWS\DHCPUPG.LOG : mwhtv (11638 bytes)
C:\WINDOWS\DHCPUPG.LOG : zwlzqp (7305 bytes)
C:\WINDOWS\dhghb.dat : pbigy (3063 bytes)
C:\WINDOWS\dhghb.dat : rsuniz (7305 bytes)
C:\WINDOWS\dhghb.dat : sivka (26624 bytes)
C:\WINDOWS\dhghb.dat : vqnqb (10743 bytes)
C:\WINDOWS\dhghb.dll : ugtom (10743 bytes)
C:\WINDOWS\dhghb.dll : wkntf (10743 bytes)
C:\WINDOWS\dhghb.dll : worbk (11591 bytes)
C:\WINDOWS\dicnv.dat : eltkjz (3347 bytes)
C:\WINDOWS\dicnv.dat : ubdawy (30355 bytes)
C:\WINDOWS\dicnv.dat : yyldh (3347 bytes)
C:\WINDOWS\DirectX.log : fxagx (30355 bytes)
C:\WINDOWS\DirectX.log : orgwe (26624 bytes)
C:\WINDOWS\DirectX.log : rqdpus (30355 bytes)
C:\WINDOWS\DirectX.log : spdnsr (3347 bytes)
C:\WINDOWS\dlywi.dat : greuw (30355 bytes)
C:\WINDOWS\dlywi.dat : huats (56832 bytes)
C:\WINDOWS\dlywi.dat : mhlup (27750 bytes)
C:\WINDOWS\DtcInstall.log : amuxl (11591 bytes)
C:\WINDOWS\DtcInstall.log : qatcbn (11591 bytes)
C:\WINDOWS\DtcInstall.log : rreib (56320 bytes)
C:\WINDOWS\eReg.dat : gltte (10743 bytes)
C:\WINDOWS\eReg.dat : iaalf (11591 bytes)
C:\WINDOWS\eReg.dat : kqwsmb (55808 bytes)
C:\WINDOWS\eurls.bin : jampdx (7305 bytes)
C:\WINDOWS\eurls.bin : rifia (10743 bytes)
C:\WINDOWS\eurls.bin : shgvw (11591 bytes)
C:\WINDOWS\eurls.bin : xalfm (10743 bytes)
C:\WINDOWS\FaxSetup.log : hstee (56832 bytes)
C:\WINDOWS\FaxSetup.log : kiywu (27750 bytes)
C:\WINDOWS\FaxSetup.log : sklqc (11591 bytes)
C:\WINDOWS\FaxSetup.log : tumdc (11388 bytes)
C:\WINDOWS\FaxSetup.log : vjjgt (3063 bytes)
C:\WINDOWS\FaxSetup.log : wrsdo (10743 bytes)
C:\WINDOWS\FeatherTexture.bmp : csexw (26624 bytes)
C:\WINDOWS\FeatherTexture.bmp : ucxazk (70144 bytes)
C:\WINDOWS\Gone Fishing.bmp : kuyhh (11591 bytes)
C:\WINDOWS\Gone Fishing.bmp : mlkjff (11638 bytes)
C:\WINDOWS\Gone Fishing.bmp : mvwjw (3347 bytes)
C:\WINDOWS\gqszwl.dat : apvij (10743 bytes)
C:\WINDOWS\gqszwl.dat : cducog (11883 bytes)
C:\WINDOWS\gqszwl.dat : dloby (11388 bytes)
C:\WINDOWS\gqszwl.dat : sgnpn (11591 bytes)
C:\WINDOWS\gqszwl.dat : zlusn (56320 bytes)
C:\WINDOWS\ieey.dll : cvrgz (11638 bytes)
C:\WINDOWS\IEPatchUninstall.log : elvsp (10743 bytes)
C:\WINDOWS\IEPatchUninstall.log : xyitxg (7305 bytes)
C:\WINDOWS\iesu.dll : jpggl (56832 bytes)
C:\WINDOWS\iesu.dll : nsjum (11591 bytes)
C:\WINDOWS\iesu.dll : xtsnoa (11638 bytes)
C:\WINDOWS\iesu.dll : zmzox (26624 bytes)
C:\WINDOWS\ietc.exe : izprlk (11591 bytes)
C:\WINDOWS\ietc.exe : uwklt (30355 bytes)
C:\WINDOWS\ieuninst.exe : pybgar (3347 bytes)
C:\WINDOWS\ifddv.dat : fppdk (26624 bytes)
C:\WINDOWS\ifddv.dat : htcsjc (30355 bytes)
C:\WINDOWS\ifddv.dat : svzyq (10743 bytes)
C:\WINDOWS\ifddv.dat : wycxf (26624 bytes)
C:\WINDOWS\ifddv.dat : ycjas (10743 bytes)
C:\WINDOWS\IIS6.LOG : gtuzg (11591 bytes)
C:\WINDOWS\IIS6.LOG : qmsno (10743 bytes)
C:\WINDOWS\IIS6.LOG : tbscix (3347 bytes)
C:\WINDOWS\IIS6.LOG : ypqmzm (11736 bytes)
C:\WINDOWS\ipmt32.dll : dblpkh (70144 bytes)
C:\WINDOWS\ipmt32.dll : epudli (30355 bytes)
C:\WINDOWS\ipmt32.dll : qibrtx (7471 bytes)
C:\WINDOWS\ipmt32.dll : qnggrn (11638 bytes)
C:\WINDOWS\ipmt32.dll : vcwxfb (11638 bytes)
C:\WINDOWS\ipvn.exe : gadsyp (7305 bytes)
C:\WINDOWS\IsUninst.exe : inyllx (30355 bytes)
C:\WINDOWS\javabc.dll : jcoduc (68096 bytes)
C:\WINDOWS\jrwcp.dat : pfqviv (12357 bytes)
C:\WINDOWS\KB821557.log : iyjaly (30355 bytes)
C:\WINDOWS\KB821557.log : jmeei (3063 bytes)
C:\WINDOWS\KB821557.log : owngr (26624 bytes)
C:\WINDOWS\KB821557.log : vsxvbl (11638 bytes)
C:\WINDOWS\KB823182.log : qnlqd (30355 bytes)
C:\WINDOWS\KB823980.log : cnpkc (56832 bytes)
C:\WINDOWS\KB823980.log : otqbdn (30355 bytes)
C:\WINDOWS\KB824141.log : ihjhv (26624 bytes)
C:\WINDOWS\KB824141.log : mzjzx (30355 bytes)
C:\WINDOWS\KB824141.log : ococw (27750 bytes)
C:\WINDOWS\KB828028.log : bdsyzu (30355 bytes)
C:\WINDOWS\KB828028.log : dplqu (3347 bytes)
C:\WINDOWS\KB828035.log : axrus (10743 bytes)
C:\WINDOWS\KB828035.log : djknc (11591 bytes)
C:\WINDOWS\KB833987.log : lffzd (10743 bytes)
C:\WINDOWS\KB833987.log : vqdvp (56320 bytes)
C:\WINDOWS\KB834707-IE6SP1-20040929.091901.log : syjzu (26624 bytes)
C:\WINDOWS\KB834707-IE6SP1-20040929.091901.log : tafct (11638 bytes)
C:\WINDOWS\KB837001.log : hdvri (10743 bytes)
C:\WINDOWS\KB837001.log : vjdaw (11388 bytes)
C:\WINDOWS\KB839643-DirectX9.log : kmlfqp (11591 bytes)
C:\WINDOWS\KB839643-DirectX9.log : qpoqs (11591 bytes)
C:\WINDOWS\KB839645.log : egxef (26624 bytes)
C:\WINDOWS\KB839645.log : lsypv (30355 bytes)
C:\WINDOWS\KB839645.log : vajof (10743 bytes)
C:\WINDOWS\KB840315.log : llbia (11638 bytes)
C:\WINDOWS\KB840315.log : okvfq (11388 bytes)
C:\WINDOWS\KB840315.log : rwkzn (11591 bytes)
C:\WINDOWS\KB840374.log : bqaxt (11638 bytes)
C:\WINDOWS\KB840374.log : dfektz (7305 bytes)
C:\WINDOWS\KB840374.log : duttic (11592 bytes)
C:\WINDOWS\KB840374.log : iqyvm (11591 bytes)
C:\WINDOWS\KB840374.log : kflrz (10743 bytes)
C:\WINDOWS\KB840374.log : nqfel (10743 bytes)
C:\WINDOWS\KB840374.log : sbjaw (11591 bytes)
C:\WINDOWS\KB840987.log : cppjqf (68096 bytes)
C:\WINDOWS\KB841533.log : dgdfb (26624 bytes)
C:\WINDOWS\KB841533.log : lbboq (11388 bytes)
C:\WINDOWS\KB841533.log : vfopnk (3347 bytes)
C:\WINDOWS\KB841533.log : wvmydn (7305 bytes)
C:\WINDOWS\KB841873.log : crsxy (11638 bytes)
C:\WINDOWS\KB841873.log : cvopb (10743 bytes)
C:\WINDOWS\KB841873.log : nabti (27750 bytes)
C:\WINDOWS\KB841873.log : yqjme (10743 bytes)
C:\WINDOWS\KB842773.log : glgls (56832 bytes)
C:\WINDOWS\KB842773.log : jxdfh (11388 bytes)
C:\WINDOWS\KB871250.log : oghvhm (70144 bytes)
C:\WINDOWS\KB871250.log : ovflfp (0 bytes)
C:\WINDOWS\KB873376.log : dcmts (11388 bytes)
C:\WINDOWS\KB873376.log : feledz (11638 bytes)
C:\WINDOWS\KB873376.log : mrdip (30355 bytes)
C:\WINDOWS\KB873376.log : xzkyj (10743 bytes)
C:\WINDOWS\KB883357.log : gqxkf (26624 bytes)
C:\WINDOWS\KB883357.log : kyodf (10743 bytes)
C:\WINDOWS\KB883357.log : ojang (11638 bytes)
C:\WINDOWS\KB883357.log : sfyce (26624 bytes)
C:\WINDOWS\KB883357.log : uslca (26624 bytes)
C:\WINDOWS\KB883357.log : vvhuv (26624 bytes)
C:\WINDOWS\KB885835.log : afpdur (11638 bytes)
C:\WINDOWS\KB885835.log : gwprzz (68096 bytes)
C:\WINDOWS\KB885836.log : yeejfj (30355 bytes)
C:\WINDOWS\KB889293-IE6SP1-20041111.235619.log : edfdso (30355 bytes)
C:\WINDOWS\KB891711.log : sghiob (30355 bytes)
C:\WINDOWS\KB893086.log : oipkvl (11736 bytes)
C:\WINDOWS\kdajnb.dat : bjrig (3063 bytes)
C:\WINDOWS\kdajnb.dat : ehcto (11591 bytes)
C:\WINDOWS\kdajnb.dat : qrbsy (26624 bytes)
C:\WINDOWS\kjbyj.dat : cxvkj (3063 bytes)
C:\WINDOWS\kjbyj.dat : gbvvd (10743 bytes)
C:\WINDOWS\kjbyj.dat : gjippv (4870 bytes)
C:\WINDOWS\kjbyj.dat : havel (26624 bytes)
C:\WINDOWS\kjbyj.dat : uyhih (26624 bytes)
C:\WINDOWS\kjbyj.dat : wdfym (56320 bytes)
C:\WINDOWS\krltp.dll : pzpzpt (11638 bytes)
C:\WINDOWS\lbxer.dat : hdbxp (10743 bytes)
C:\WINDOWS\lbxer.dat : qcfaf (26624 bytes)
C:\WINDOWS\lbxer.dat : tyrfk (10743 bytes)
C:\WINDOWS\lbxer.dat : zkadky (3567 bytes)
C:\WINDOWS\MedCtrOC.log : gtjpmw (11638 bytes)
C:\WINDOWS\MedCtrOC.log : ifoxq (11388 bytes)
C:\WINDOWS\MedCtrOC.log : kldngs (66560 bytes)
C:\WINDOWS\MedCtrOC.log : mdzcqs (30355 bytes)
C:\WINDOWS\MedCtrOC.log : qqmrbr (11638 bytes)
C:\WINDOWS\MedCtrOC.log : rbhpmc (7305 bytes)
C:\WINDOWS\MedCtrOC.log : xigph (10743 bytes)
C:\WINDOWS\mfcxg32.exe : ctavge (3347 bytes)
C:\WINDOWS\mfcxg32.exe : dzckm (26624 bytes)
C:\WINDOWS\mfcxg32.exe : igqnu (11591 bytes)
C:\WINDOWS\mfcxg32.exe : rpjjf (11591 bytes)
C:\WINDOWS\mfcxg32.exe : vtfme (11591 bytes)
C:\WINDOWS\mfcxg32.exe : wayce (10743 bytes)
C:\WINDOWS\mfcxu.dll : dmejxg (11591 bytes)
C:\WINDOWS\mfcxu.dll : iqfxdt (30355 bytes)
C:\WINDOWS\mfcxu.dll : qmtcog (30355 bytes)
C:\WINDOWS\mfcyc32.exe : pjycj (10743 bytes)
C:\WINDOWS\msct.dll : miulk (11388 bytes)
C:\WINDOWS\msct.dll : nkkhr (26624 bytes)
C:\WINDOWS\msct.dll : obhcz (11388 bytes)
C:\WINDOWS\msct.dll : oghutt (7305 bytes)
C:\WINDOWS\msct.dll : rojyj (11591 bytes)
C:\WINDOWS\MSGSOCM.LOG : jocld (11591 bytes)
C:\WINDOWS\MSGSOCM.LOG : psagn (10743 bytes)
C:\WINDOWS\msiv.dll : ghzhne (3347 bytes)
C:\WINDOWS\msiv.dll : wvhvwo (3547 bytes)
C:\WINDOWS\MSMQINST.LOG : bhfuh (11591 bytes)
C:\WINDOWS\MSMQINST.LOG : lyjfb (11591 bytes)
C:\WINDOWS\msoffice.ini : devjr (10743 bytes)
C:\WINDOWS\msoffice.ini : htslp (26624 bytes)
C:\WINDOWS\msoffice.ini : uwamj (11638 bytes)
C:\WINDOWS\msoffice.ini : wemwc (56320 bytes)
C:\WINDOWS\msoffice.ini : znbkd (11591 bytes)
C:\WINDOWS\msrk.exe : gmttk (10743 bytes)
C:\WINDOWS\msrk.exe : ugrjv (56320 bytes)
C:\WINDOWS\msrk.exe : uiqzb (11591 bytes)
C:\WINDOWS\msrk.exe : yhkmpo (70144 bytes)
C:\WINDOWS\msrk.exe : zdkvo (56832 bytes)
C:\WINDOWS\msvl32.dll : gwrazy (68096 bytes)
C:\WINDOWS\msvl32.dll : libfbr (11638 bytes)
C:\WINDOWS\mswr32.dll : nvnwdc (11591 bytes)
C:\WINDOWS\mswr32.dll : tzfuad (11638 bytes)
C:\WINDOWS\muninst.exe : dauswc (30355 bytes)
C:\WINDOWS\muninst.exe : reffh (11591 bytes)
C:\WINDOWS\muninst.exe : rouqx (56320 bytes)
C:\WINDOWS\mxdjv.log : msyacn (30355 bytes)
C:\WINDOWS\n_amdhoy.dat : iyozbm (30355 bytes)
C:\WINDOWS\n_amdhoy.dat : zfxdn (10743 bytes)
C:\WINDOWS\n_asbflj.dat : jjzfz (30355 bytes)
C:\WINDOWS\n_asbflj.dat : lxedkc (11638 bytes)
C:\WINDOWS\n_bfzvnz.dat : dyxrem (30355 bytes)
C:\WINDOWS\n_bfzvnz.dat : kmsuv (11638 bytes)
C:\WINDOWS\n_bfzvnz.dat : rxkyc (11591 bytes)
C:\WINDOWS\n_dsulxs.log : delap (30355 bytes)
C:\WINDOWS\n_egihul.dat : jxudw (11388 bytes)
C:\WINDOWS\n_egihul.dat : orrhym (11638 bytes)
C:\WINDOWS\n_eiupjc.dat : cfbxy (11591 bytes)
C:\WINDOWS\n_eiupjc.dat : nrspz (3063 bytes)
C:\WINDOWS\n_fdrlky.dat : cynjz (11388 bytes)
C:\WINDOWS\n_fdrlky.dat : hscmbw (30355 bytes)
C:\WINDOWS\n_fdrlky.dat : kswrk (10743 bytes)
C:\WINDOWS\n_hfrnxd.dat : ewbrk (10743 bytes)
C:\WINDOWS\n_hfrnxd.dat : ilgtu (10743 bytes)
C:\WINDOWS\n_hfrnxd.dat : slaog (10743 bytes)
C:\WINDOWS\n_hfrnxd.dat : xcvjx (10743 bytes)
C:\WINDOWS\n_isfjaj.dat : aohhg (10743 bytes)
C:\WINDOWS\n_isfjaj.dat : ctpwm (26624 bytes)
C:\WINDOWS\n_isfjaj.dat : ngeqm (11388 bytes)
C:\WINDOWS\n_isfjaj.dat : ofiyl (11638 bytes)
C:\WINDOWS\n_isfjaj.dat : urfot (56832 bytes)
C:\WINDOWS\n_jaheun.dat : amzzo (26624 bytes)
C:\WINDOWS\n_jaheun.dat : atoex (11638 bytes)
C:\WINDOWS\n_jaheun.dat : lmtba (26624 bytes)
C:\WINDOWS\n_jmrkll.dat : iyckt (11591 bytes)
C:\WINDOWS\n_jmrkll.dat : kmdhf (11591 bytes)
C:\WINDOWS\n_jmrkll.dat : mmzso (11591 bytes)
C:\WINDOWS\n_jmrkll.dat : wymon (10743 bytes)
C:\WINDOWS\n_jprbwq.dat : ibkape (11591 bytes)
C:\WINDOWS\n_kgbkvs.dat : dnwmh (7305 bytes)
C:\WINDOWS\n_kgbkvs.dat : ghxvp (56320 bytes)
C:\WINDOWS\n_kgbkvs.dat : riebh (11591 bytes)
C:\WINDOWS\n_kgbkvs.dat : sprma (10743 bytes)
C:\WINDOWS\n_kgbkvs.dat : szuqw (7305 bytes)
C:\WINDOWS\n_kixfxo.dat : bcvfkp (7305 bytes)
C:\WINDOWS\n_kixfxo.dat : efsgj (11591 bytes)
C:\WINDOWS\n_kixfxo.dat : pzfuq (26624 bytes)
C:\WINDOWS\n_kixfxo.dat : rglii (30355 bytes)
C:\WINDOWS\n_lcdvsg.dat : bjwhj (11591 bytes)
C:\WINDOWS\n_lcdvsg.dat : landq (3347 bytes)
C:\WINDOWS\n_lcdvsg.dat : lqkzc (26624 bytes)
C:\WINDOWS\n_lcdvsg.dat : rupkz (11638 bytes)
C:\WINDOWS\n_mamyzo.dat : aerhn (11591 bytes)
C:\WINDOWS\n_mamyzo.dat : vogrc (3347 bytes)
C:\WINDOWS\n_mogdmx.txt : yqhjsl (11638 bytes)
C:\WINDOWS\n_nuqyes.dat : ntmlwj (11591 bytes)
C:\WINDOWS\n_nuqyes.dat : shhxr (11591 bytes)
C:\WINDOWS\n_nuqyes.dat : tdnkmr (3347 bytes)
C:\WINDOWS\n_nuqyes.dat : uoboq (11638 bytes)
C:\WINDOWS\n_nuqyes.dat : xfcll (11591 bytes)
C:\WINDOWS\n_omwmlx.dat : ahvha (11638 bytes)
C:\WINDOWS\n_omwmlx.dat : knhpt (30355 bytes)
C:\WINDOWS\n_pmzxck.dat : daxis (56320 bytes)
C:\WINDOWS\n_pmzxck.dat : fhzfw (56320 bytes)
C:\WINDOWS\n_pmzxck.dat : pgbmea (11638 bytes)
C:\WINDOWS\n_pmzxck.dat : tfknp (11388 bytes)
C:\WINDOWS\n_pmzxck.dat : ujhmd (11591 bytes)
C:\WINDOWS\n_pnsfvq.dat : megygc (55808 bytes)
C:\WINDOWS\n_pnsfvq.dat : qqapuv (30355 bytes)
C:\WINDOWS\n_poqqrx.dat : khsdl (11591 bytes)
C:\WINDOWS\n_poqqrx.dat : obusi (10743 bytes)
C:\WINDOWS\n_poqqrx.dat : tionc (30355 bytes)
C:\WINDOWS\n_poqqrx.dat : xtwyzt (7305 bytes)
C:\WINDOWS\n_qwjzbm.dat : dfgzx (11638 bytes)
C:\WINDOWS\n_qwjzbm.dat : ihtsgk (30355 bytes)
C:\WINDOWS\n_qwjzbm.dat : lgusk (11388 bytes)
C:\WINDOWS\n_qwjzbm.dat : pgvqf (56832 bytes)
C:\WINDOWS\n_qwjzbm.dat : zccih (10743 bytes)
C:\WINDOWS\n_rhnipy.dat : fguyh (10743 bytes)
C:\WINDOWS\n_rkbsqn.dat : anagb (10743 bytes)
C:\WINDOWS\n_rkbsqn.dat : cikio (56832 bytes)
C:\WINDOWS\n_rkbsqn.dat : crnyk (10743 bytes)
C:\WINDOWS\n_rkbsqn.dat : fqegn (30355 bytes)
C:\WINDOWS\n_rkbsqn.dat : gbffc (26624 bytes)
C:\WINDOWS\n_rkbsqn.dat : pupdtw (3347 bytes)
C:\WINDOWS\n_rkbsqn.dat : vmiwx (11591 bytes)
C:\WINDOWS\n_shtyln.txt : vgznr (11638 bytes)
C:\WINDOWS\n_skgctu.dat : evrus (30355 bytes)
C:\WINDOWS\n_uidpda.log : ivijvg (70144 bytes)
C:\WINDOWS\n_uqzogb.dat : eznxm (56832 bytes)
C:\WINDOWS\n_uqzogb.dat : kferpn (11638 bytes)
C:\WINDOWS\n_uqzogb.dat : ogsst (30355 bytes)
C:\WINDOWS\n_uqzogb.dat : sdvvj (10743 bytes)
C:\WINDOWS\n_uqzogb.dat : srlrjd (11638 bytes)
C:\WINDOWS\n_uqzogb.dat : zcsaf (10743 bytes)
C:\WINDOWS\n_vozbaj.log : lkcis (11591 bytes)
C:\WINDOWS\n_vozbaj.log : rseux (11591 bytes)
C:\WINDOWS\n_vozbaj.log : zpvrw (27750 bytes)
C:\WINDOWS\n_vvzegb.dat : kreeen (30355 bytes)
C:\WINDOWS\n_vvzegb.dat : nmbcr (11591 bytes)
C:\WINDOWS\n_vvzegb.dat : vsgdf (26624 bytes)
C:\WINDOWS\n_vvzegb.dat : xhedk (26624 bytes)
C:\WINDOWS\n_xamzcc.dat : kefad (26624 bytes)
C:\WINDOWS\n_xamzcc.dat : svkoh (26624 bytes)
C:\WINDOWS\n_xmduld.txt : dfwwry (30355 bytes)
C:\WINDOWS\n_xtvdvz.dat : ekuou (7305 bytes)
C:\WINDOWS\n_xtvdvz.dat : yfhwd (11638 bytes)
C:\WINDOWS\n_xwnenv.dat : jmnrli (12357 bytes)
C:\WINDOWS\n_xwnenv.dat : lodqx (26624 bytes)
C:\WINDOWS\NCUNINST.EXE : gvfbxn (7305 bytes)
C:\WINDOWS\NCUNINST.EXE : wamyy (11388 bytes)
C:\WINDOWS\NCUNINST.EXE : xxdfg (11638 bytes)
C:\WINDOWS\neise.dat : roemg (27750 bytes)
C:\WINDOWS\neise.dat : xklxs (56832 bytes)
C:\WINDOWS\neise.dll : dwbdf (27750 bytes)
C:\WINDOWS\neise.dll : ufqpe (11591 bytes)
C:\WINDOWS\neise.dll : wzizt (26624 bytes)
C:\WINDOWS\NETFXOCM.LOG : lzdig (11388 bytes)
C:\WINDOWS\NETFXOCM.LOG : qqvka (30355 bytes)
C:\WINDOWS\NETFXOCM.LOG : ywqgrp (3347 bytes)
C:\WINDOWS\neton32.dll : edwbhp (11592 bytes)
C:\WINDOWS\neton32.dll : hthdb (11591 bytes)
C:\WINDOWS\neton32.dll : vhbtz (10743 bytes)
C:\WINDOWS\netqr.dll : mgbvy (56832 bytes)
C:\WINDOWS\netqr.dll : rxiuua (70144 bytes)
C:\WINDOWS\netqr.dll : yfpcf (10743 bytes)
C:\WINDOWS\nettq.dll : airtmb (11592 bytes)
C:\WINDOWS\nettq.dll : davoa (11388 bytes)
C:\WINDOWS\nettq.dll : nitgc (26624 bytes)
C:\WINDOWS\nettq.dll : ztajd (7305 bytes)
C:\WINDOWS\netut.dll : qqcut (10743 bytes)
C:\WINDOWS\netuu32.dll : numtn (10743 bytes)
C:\WINDOWS\nsreg.dat : hfrzgm (3547 bytes)
C:\WINDOWS\ntbtlog.txt : cphwc (11591 bytes)
C:\WINDOWS\ntbtlog.txt : gvfyp (26624 bytes)
C:\WINDOWS\ntbtlog.txt : kvdba (3347 bytes)
C:\WINDOWS\ntbtlog.txt : oldkj (10743 bytes)
C:\WINDOWS\ntdtcsetup.log : dkmrcy (3567 bytes)
C:\WINDOWS\ntdtcsetup.log : qxwuzb (12357 bytes)
C:\WINDOWS\ntdtcsetup.log : wosza (10743 bytes)
C:\WINDOWS\ntnu.dll : aykeap (68096 bytes)
C:\WINDOWS\ntnu.dll : zpwnd (11638 bytes)
C:\WINDOWS\ntou32.exe : dagby (11591 bytes)
C:\WINDOWS\ntou32.exe : dwvgu (56320 bytes)
C:\WINDOWS\ntou32.exe : nents (30355 bytes)
C:\WINDOWS\ntrh.dll : glvpd (26624 bytes)
C:\WINDOWS\ntrh.dll : vkfwfi (64000 bytes)
C:\WINDOWS\nyioeu.dat : tuqzo (91050 bytes)
C:\WINDOWS\nyioeu.dat : uqzke (11388 bytes)
C:\WINDOWS\nyioeu.dat : wrwxa (10743 bytes)
C:\WINDOWS\OCGEN.LOG : ajttj (11591 bytes)
C:\WINDOWS\OCGEN.LOG : gntht (11591 bytes)
C:\WINDOWS\OCGEN.LOG : gtahw (27750 bytes)
C:\WINDOWS\OCGEN.LOG : tbvfah (11592 bytes)
C:\WINDOWS\OCGEN.LOG : wlfbp (3347 bytes)
C:\WINDOWS\OCGEN.LOG : ztnor (11638 bytes)
C:\WINDOWS\OCMSN.LOG : rgzcx (30355 bytes)
C:\WINDOWS\ODBC.INI : mcgluj (7305 bytes)
C:\WINDOWS\ODBC.INI : mvakv (7305 bytes)
C:\WINDOWS\ODBC.INI : opupv (10743 bytes)
C:\WINDOWS\ODBC.INI : uozqg (10743 bytes)
C:\WINDOWS\ODBC.INI : wuzym (11591 bytes)
C:\WINDOWS\ODBCINST.INI : aegph (10743 bytes)
C:\WINDOWS\ODBCINST.INI : pexgr (55808 bytes)
C:\WINDOWS\ODBCINST.INI : sklgm (11591 bytes)
C:\WINDOWS\ODBCINST.INI : vvnur (10743 bytes)
C:\WINDOWS\ODBCINST.INI : yoemn (56320 bytes)
C:\WINDOWS\OEWABLog.txt : edyyxu (3547 bytes)
C:\WINDOWS\OEWABLog.txt : gqmup (27750 bytes)
C:\WINDOWS\OEWABLog.txt : jtfdd (10743 bytes)
C:\WINDOWS\OEWABLog.txt : lmlpa (56320 bytes)
C:\WINDOWS\OEWABLog.txt : mnqbhu (30355 bytes)
C:\WINDOWS\OEWABLog.txt : vakelp (11591 bytes)
C:\WINDOWS\OOBEACT.LOG : deori (56832 bytes)
C:\WINDOWS\OOBEACT.LOG : oyyra (3063 bytes)
C:\WINDOWS\OOBEACT.LOG : utshn (11591 bytes)
C:\WINDOWS\orun32.isu : eqjegi (30355 bytes)
C:\WINDOWS\orun32.isu : jviyp (10743 bytes)
C:\WINDOWS\pcdlib32.dll : gexkr (56832 bytes)
C:\WINDOWS\pcdlib32.dll : kxobf (56832 bytes)
C:\WINDOWS\pcdlib32.dll : rydrl (11638 bytes)
C:\WINDOWS\pcdlib32.dll : xjqep (11591 bytes)
C:\WINDOWS\pcdlib32.dll : xnoxe (11388 bytes)
C:\WINDOWS\pjycj.txt : brsntz (11638 bytes)
C:\WINDOWS\pjycj.txt : fiaccg (11592 bytes)
C:\WINDOWS\pjycj.txt : ldqva (11638 bytes)
C:\WINDOWS\pjycj.txt : ngngq (11638 bytes)
C:\WINDOWS\pjycj.txt : poglg (56832 bytes)
C:\WINDOWS\Prairie Wind.bmp : hqnib (3347 bytes)
C:\WINDOWS\Prairie Wind.bmp : mwjiw (11638 bytes)
C:\WINDOWS\Prairie Wind.bmp : qxxlr (10743 bytes)
C:\WINDOWS\Prairie Wind.bmp : yjspei (7305 bytes)
C:\WINDOWS\Q327979.log : oaytq (11638 bytes)
C:\WINDOWS\Q327979.log : uwlil (27750 bytes)
C:\WINDOWS\Q327979.log : xllcjo (11592 bytes)
C:\WINDOWS\Q327979.log : zmqhwx (11638 bytes)
C:\WINDOWS\Q327979.log : zrxvd (56320 bytes)
C:\WINDOWS\Q328310.log : avten (11591 bytes)
C:\WINDOWS\Q328310.log : fxcvy (26624 bytes)
C:\WINDOWS\Q328310.log : qjluyt (4402 bytes)
C:\WINDOWS\Q329441.log : dwaoid (11638 bytes)
C:\WINDOWS\Q329909.log : lwexj (11591 bytes)
C:\WINDOWS\Q329909.log : qnjeu (11591 bytes)
C:\WINDOWS\Q329909.log : qxwkh (10743 bytes)
C:\WINDOWS\Q329909.log : uxiwa (10743 bytes)
C:\WINDOWS\q330512.log : bnhail (68096 bytes)
C:\WINDOWS\q330512.log : lkpns (27750 bytes)
C:\WINDOWS\q330512.log : qkcex (26624 bytes)
C:\WINDOWS\q330512.log : yimlb (11591 bytes)
C:\WINDOWS\Q331953.log : dxpce (56832 bytes)
C:\WINDOWS\Q331953.log : ixhpb (26624 bytes)
C:\WINDOWS\Q331953.log : mybbu (26624 bytes)
C:\WINDOWS\Q810577.log : itnny (11591 bytes)
C:\WINDOWS\Q810577.log : rrxqv (10743 bytes)
C:\WINDOWS\Q810833.log : oylyfy (30355 bytes)
C:\WINDOWS\Q828026.log : awxxo (56320 bytes)
C:\WINDOWS\Q828026.log : glybc (10743 bytes)
C:\WINDOWS\Q828026.log : oubnc (27750 bytes)
C:\WINDOWS\qwwgm.dll : oqpvh (30355 bytes)
C:\WINDOWS\REGLOCS.OLD : immwq (11638 bytes)
C:\WINDOWS\Rhododendron.bmp : ddosh (3347 bytes)
C:\WINDOWS\Rhododendron.bmp : jbyye (11591 bytes)
C:\WINDOWS\Rhododendron.bmp : sepsw (93448 bytes)
C:\WINDOWS\Rhododendron.bmp : yajcn (26624 bytes)
C:\WINDOWS\River Sumida.bmp : bnwjk (26624 bytes)
C:\WINDOWS\River Sumida.bmp : jmmbv (11591 bytes)
C:\WINDOWS\River Sumida.bmp : tawfl (10743 bytes)
C:\WINDOWS\River Sumida.bmp : zurql (10743 bytes)
C:\WINDOWS\rundll32.exe : jbxpz (11591 bytes)
C:\WINDOWS\rundll32.exe : jhawc (10743 bytes)
C:\WINDOWS\rundll32.exe : ucjdy (7305 bytes)
C:\WINDOWS\rundll32.exe : vdgxb (56320 bytes)
C:\WINDOWS\rundll32.exe : ythqz (11388 bytes)
C:\WINDOWS\SchedLgU.Txt : ehfrkk (11638 bytes)
C:\WINDOWS\SchedLgU.Txt : qyfhb (11591 bytes)
C:\WINDOWS\SchedLgU.Txt : vsvce (11388 bytes)
C:\WINDOWS\sdkqs32.dll : tkxei (30355 bytes)
C:\WINDOWS\sessmgr.setup.log : bisbw (27750 bytes)
C:\WINDOWS\sessmgr.setup.log : cnfgx (11591 bytes)
C:\WINDOWS\sessmgr.setup.log : qneis (103946 bytes)
C:\WINDOWS\sessmgr.setup.log : xiyxnn (30355 bytes)
C:\WINDOWS\SETPWRCG.EXE : cxzbq (3063 bytes)
C:\WINDOWS\SETPWRCG.EXE : liups (11388 bytes)
C:\WINDOWS\SETPWRCG.EXE : shzaf (10743 bytes)
C:\WINDOWS\SETPWRCG.EXE : smgovj (11638 bytes)
C:\WINDOWS\SETPWRCG.EXE : tyftf (11591 bytes)
C:\WINDOWS\SETPWRCG.EXE : uzbmx (11388 bytes)
C:\WINDOWS\setupapi.log.0.old : gjoyn (3063 bytes)
C:\WINDOWS\setupapi.log.0.old : vgizx (56832 bytes)
C:\WINDOWS\setupapi.log.0.old : zarpb (27750 bytes)
C:\WINDOWS\setupapi.old : mtxac (26624 bytes)
C:\WINDOWS\setupapi.old : oblhl (10743 bytes)
C:\WINDOWS\smscfg.ini : hltxg (93773 bytes)
C:\WINDOWS\smscfg.ini : mgpou (11591 bytes)
C:\WINDOWS\smscfg.ini : vqnwt (10743 bytes)
C:\WINDOWS\Soap Bubbles.bmp : crwet (26624 bytes)
C:\WINDOWS\Soap Bubbles.bmp : jyeejq (11638 bytes)
C:\WINDOWS\Soap Bubbles.bmp : murph (10743 bytes)
C:\WINDOWS\spnjcj.dat : sliid (30355 bytes)
C:\WINDOWS\spnjcj.dat : wpayt (26624 bytes)
C:\WINDOWS\Sti_Trace.log : dhawm (11591 bytes)
C:\WINDOWS\Sti_Trace.log : evbcb (26624 bytes)
C:\WINDOWS\Sti_Trace.log : hlbsk (56832 bytes)
C:\WINDOWS\Sti_Trace.log : tzojlb (30355 bytes)
C:\WINDOWS\Sti_Trace.log : uielwv (7305 bytes)
C:\WINDOWS\sygnh.log : njoqrf (3547 bytes)
C:\WINDOWS\SynInst.log : grrpq (26624 bytes)
C:\WINDOWS\SynInst.log : xbeok (3347 bytes)
C:\WINDOWS\SynInst.log : ybodz (11591 bytes)
C:\WINDOWS\syscd.dll : zltlhy (11638 bytes)
C:\WINDOWS\sysei32.exe : jbaaqa (11736 bytes)
C:\WINDOWS\sysei32.exe : tlmyvl (11592 bytes)
C:\WINDOWS\sysle32.dll : cctfsk (7471 bytes)
C:\WINDOWS\sysle32.dll : pcxtm (56320 bytes)
C:\WINDOWS\sysle32.dll : rmlrba (30355 bytes)
C:\WINDOWS\syslo.dll : lexdqn (7305 bytes)
C:\WINDOWS\syslo.dll : ylkxc (11591 bytes)
C:\WINDOWS\sysoa32.dll : ucllmv (3567 bytes)
C:\WINDOWS\syspr32.exe : mwruig (11638 bytes)
C:\WINDOWS\syspr32.exe : rmdce (7305 bytes)
C:\WINDOWS\syspr32.exe : zoyap (11638 bytes)
C:\WINDOWS\systl32.dll : exkikr (30355 bytes)
C:\WINDOWS\systl32.dll : jcrow (3063 bytes)
C:\WINDOWS\systl32.dll : jnvqz (3347 bytes)
C:\WINDOWS\systl32.dll : nvwqox (64000 bytes)
C:\WINDOWS\systl32.dll : spqfj (26624 bytes)
C:\WINDOWS\systl32.dll : wfiwmi (4402 bytes)
C:\WINDOWS\TABLETOC.LOG : gvqlr (11388 bytes)
C:\WINDOWS\TABLETOC.LOG : upxjz (10743 bytes)
C:\WINDOWS\TABLETOC.LOG : xrzbg (26624 bytes)
C:\WINDOWS\tpkio.dll : bdywpz (7305 bytes)
C:\WINDOWS\tpkio.dll : vloxky (11592 bytes)
C:\WINDOWS\TSOC.LOG : iahbh (26624 bytes)
C:\WINDOWS\TSOC.LOG : uobqd (11388 bytes)
C:\WINDOWS\ttntna.dll : ezcqio (30355 bytes)
C:\WINDOWS\ttntna.dll : nvloq (103946 bytes)
C:\WINDOWS\uneng.exe : chyih (11388 bytes)
C:\WINDOWS\uneng.exe : jyzrj (30355 bytes)
C:\WINDOWS\uneng.exe : kbxbo (10743 bytes)
C:\WINDOWS\uneng.exe : wcauy (11591 bytes)
C:\WINDOWS\uneng.exe : xixou (56832 bytes)
C:\WINDOWS\uneng.exe : xunxtb (7305 bytes)
C:\WINDOWS\uneng.exe : yauua (10743 bytes)
C:\WINDOWS\uneng.exe : zfkvav (68096 bytes)
C:\WINDOWS\unvise32.exe : lpxbg (11638 bytes)
C:\WINDOWS\unvise32.exe : ngxzgm (7305 bytes)
C:\WINDOWS\unvise32qt.exe : auipm (27750 bytes)
C:\WINDOWS\unvise32qt.exe : dynbs (56832 bytes)
C:\WINDOWS\unvise32qt.exe : nfqvd (27750 bytes)
C:\WINDOWS\VB.INI : iigem (11591 bytes)
C:\WINDOWS\VB.INI : yhqfbx (3347 bytes)
C:\WINDOWS\VBADDIN.INI : buqkr (11591 bytes)
C:\WINDOWS\VBADDIN.INI : dpiga (30355 bytes)
C:\WINDOWS\VBADDIN.INI : gsxss (26624 bytes)
C:\WINDOWS\VBADDIN.INI : wadrv (10743 bytes)
C:\WINDOWS\WIASERVC.LOG : osozj (26624 bytes)
C:\WINDOWS\WIASERVC.LOG : usjmy (3063 bytes)
C:\WINDOWS\WIASERVC.LOG : wrpar (10743 bytes)
C:\WINDOWS\Windows Update.log : nlust (56832 bytes)
C:\WINDOWS\Windows Update.log : prhft (26624 bytes)
C:\WINDOWS\WINNT.BMP : rgqrb (11638 bytes)
C:\WINDOWS\WINNT256.BMP : iafsc (10743 bytes)
C:\WINDOWS\WINNT256.BMP : mibrn (10743 bytes)
C:\WINDOWS\WINNT256.BMP : mzdyyv (11736 bytes)
C:\WINDOWS\WINNT256.BMP : zdiby (10743 bytes)
C:\WINDOWS\winoz.exe : byple (11388 bytes)
C:\WINDOWS\winoz.exe : jziwv (30355 bytes)
C:\WINDOWS\winrw.exe : wzvdsf (7471 bytes)
C:\WINDOWS\winvv.dll : dxicv (11638 bytes)
C:\WINDOWS\wmsetup.log : gdppie (11592 bytes)
C:\WINDOWS\wmsetup.log : ztkyq (11591 bytes)
C:\WINDOWS\wryph.txt : hbgwos (3567 bytes)
C:\WINDOWS\wtmskm.dat : glboe (10743 bytes)
C:\WINDOWS\wtmskm.dat : lblqz (10743 bytes)
C:\WINDOWS\wtmskm.dat : reaafr (3567 bytes)
C:\WINDOWS\wtmskm.dat : tckvk (26624 bytes)
C:\WINDOWS\wtmskm.dat : vpmzk (18944 bytes)
C:\WINDOWS\xemawa.dat : aqhaf (7305 bytes)
C:\WINDOWS\xemawa.dat : fimje (11388 bytes)
C:\WINDOWS\xemawa.dat : kczxz (10743 bytes)
C:\WINDOWS\xemawa.dat : qmzea (27750 bytes)
C:\WINDOWS\xemawa.dat : sjduw (26624 bytes)
C:\WINDOWS\xemawa.dat : whipm (7305 bytes)
C:\WINDOWS\xpsp1hfm.log : cdsdt (26624 bytes)
C:\WINDOWS\xpsp1hfm.log : dntar (11591 bytes)
C:\WINDOWS\xpsp1hfm.log : kmnje (3063 bytes)
C:\WINDOWS\xpsp1hfm.log : svhga (10743 bytes)
C:\WINDOWS\yzhwg.dll : zxlqao (30355 bytes)
C:\WINDOWS\Zapotec.bmp : pepxu (11591 bytes)
C:\WINDOWS\Zapotec.bmp : wiepz (11591 bytes)
  • 0

#8
Metallica
Posted 28 April 2005 - 04:38 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Wow. That is a long list of streams.

I think we can best take this approach.

Reboot into safe mode and run AdsSpy again, this time kill all the streams.

Then rerun About:Buster and CWSHredder

Delete these files:
C:\WINDOWS\addjk.dll
C:\WINDOWS\addpq.dll
C:\WINDOWS\atlee32.dll
C:\WINDOWS\atlef.exe
C:\WINDOWS\atlqn32.dll
C:\WINDOWS\crth32.exe.bak
C:\WINDOWS\crzv32.dll
C:\WINDOWS\d3gy32.dll
C:\WINDOWS\d3rl.dll
C:\WINDOWS\dfwbp.dll
C:\WINDOWS\dhghb.dat
C:\WINDOWS\dhghb.dll
C:\WINDOWS\dicnv.dat
C:\WINDOWS\gqszwl.dat
C:\WINDOWS\ieey.dll
C:\WINDOWS\iesu.dll
C:\WINDOWS\ietc.exe
C:\WINDOWS\ifddv.dat
C:\WINDOWS\ipmt32.dll
C:\WINDOWS\ipvn.exe
C:\WINDOWS\javabc.dll
C:\WINDOWS\jrwcp.dat
C:\WINDOWS\kdajnb.dat
C:\WINDOWS\kjbyj.dat
C:\WINDOWS\krltp.dll
C:\WINDOWS\lbxer.dat
C:\WINDOWS\mfcxg32.exe
C:\WINDOWS\mfcxu.dll
C:\WINDOWS\mfcyc32.exe
C:\WINDOWS\msct.dll
C:\WINDOWS\msiv.dll
C:\WINDOWS\msrk.exe
C:\WINDOWS\msvl32.dll
C:\WINDOWS\mswr32.dll
C:\WINDOWS\muninst.exe
C:\WINDOWS\mxdjv.log
C:\WINDOWS\n_amdhoy.dat
C:\WINDOWS\n_asbflj.dat
C:\WINDOWS\n_bfzvnz.dat
C:\WINDOWS\n_dsulxs.log
C:\WINDOWS\n_egihul.dat
C:\WINDOWS\n_eiupjc.dat
C:\WINDOWS\n_fdrlky.dat
C:\WINDOWS\n_hfrnxd.dat
C:\WINDOWS\n_isfjaj.dat
C:\WINDOWS\n_jaheun.dat
C:\WINDOWS\n_jmrkll.dat
C:\WINDOWS\n_jprbwq.dat
C:\WINDOWS\n_kgbkvs.dat
C:\WINDOWS\n_kixfxo.dat
C:\WINDOWS\n_lcdvsg.dat
C:\WINDOWS\n_mamyzo.dat
C:\WINDOWS\n_mogdmx.txt
C:\WINDOWS\n_nuqyes.dat
C:\WINDOWS\n_omwmlx.dat
C:\WINDOWS\n_pmzxck.dat
C:\WINDOWS\n_pnsfvq.dat
C:\WINDOWS\n_poqqrx.dat
C:\WINDOWS\n_qwjzbm.dat
C:\WINDOWS\n_rhnipy.dat
C:\WINDOWS\n_rkbsqn.dat
C:\WINDOWS\n_shtyln.txt
C:\WINDOWS\n_skgctu.dat
C:\WINDOWS\n_uidpda.log
C:\WINDOWS\n_uqzogb.dat
C:\WINDOWS\n_vozbaj.log
C:\WINDOWS\n_vvzegb.dat
C:\WINDOWS\n_xamzcc.dat
C:\WINDOWS\n_xmduld.txt
C:\WINDOWS\n_xtvdvz.dat
C:\WINDOWS\n_xwnenv.dat
C:\WINDOWS\neise.dat
C:\WINDOWS\neise.dll
C:\WINDOWS\neton32.dll
C:\WINDOWS\netqr.dll
C:\WINDOWS\nettq.dll
C:\WINDOWS\netut.dll
C:\WINDOWS\netuu32.dll
C:\WINDOWS\nsreg.dat
C:\WINDOWS\ntbtlog.txt
C:\WINDOWS\ntdtcsetup.log
C:\WINDOWS\ntnu.dll
C:\WINDOWS\ntou32.exe
C:\WINDOWS\ntrh.dll
C:\WINDOWS\nyioeu.dat
C:\WINDOWS\orun32.isu
C:\WINDOWS\pcdlib32.dll
C:\WINDOWS\qwwgm.dll
C:\WINDOWS\sdkqs32.dll
C:\WINDOWS\spnjcj.dat
C:\WINDOWS\syscd.dll
C:\WINDOWS\sysei32.exe
C:\WINDOWS\sysle32.dll
C:\WINDOWS\syslo.dll
C:\WINDOWS\sysoa32.dll
C:\WINDOWS\syspr32.exe
C:\WINDOWS\systl32.dll
C:\WINDOWS\tpkio.dll
C:\WINDOWS\ttntna.dll
C:\WINDOWS\uneng.exe
C:\WINDOWS\unvise32.exe
C:\WINDOWS\unvise32qt.exe
C:\WINDOWS\winoz.exe
C:\WINDOWS\winrw.exe
C:\WINDOWS\winvv.dll
C:\WINDOWS\wtmskm.dat
C:\WINDOWS\xemawa.dat
C:\WINDOWS\yzhwg.dll

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\system32\iucno.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\system32\iucno.dll/sp.html#96676

O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner -
C:\WINDOWS\addsw.exe (file missing)

Then boot back to normal and make a new HijackThis log.
Post that one please.

Regards,

Pieter
  • 0

#9
Airbarto1
Posted 28 April 2005 - 01:34 PM

Airbarto1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Okay - - I deleted all the streams, ran the two programs, and then manually deleted all those files from C:/windows. Here's my new Hijack this log - this o23 keeps coming back up even though i keep deleting it in hijackthis. Thanks one more time for all the help

Anthony


Logfile of HijackThis v1.99.1
Scan saved at 3:29:47 PM, on 4/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJack This\HijackThis.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\addsw.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#10
Metallica
Posted 28 April 2005 - 01:58 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Download Getservices.zip
Extract the zip file to your C: drive. Once it is extracted there will be a directory on your C: drive called getservice. Inside the C:\getservice directory will be a file called getservice.bat. Simply double-click on the getservice.bat file and when it is completed a notepad window will open with a lot of information. You can then copy the entire contents of that notepad file to your next post.

Regards,
  • 0

Advertisements

#11
Airbarto1
Posted 28 April 2005 - 02:27 PM

Airbarto1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Heres the contents of the notepad file



PsService v1.1 - local and remote services viewer/controller
Copyright © 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: 11Fßä#·ºÄÖ`I
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\addsw.exe /s
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Security Service (NSS)
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerter
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Management
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: aspnet_state
Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ASP.NET State Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: Ati HotKey Poller
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\Ati2evxx.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Ati HotKey Poller
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : Rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Computer Browser
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccEvtMgr
Symantec Event Manager
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec Event Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccPwdSvc
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Symantec Password Validation Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: CiSvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Indexing Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : COM+ System Application
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 30 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
: Restart DELAY: 5000 seconds
: None DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cryptographic Services
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: DcomLaunch
Provides launch functionality for DCOM services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k DcomLaunch
LOAD_ORDER_GROUP : Event Log
TAG : 0
DISPLAY_NAME : DCOM Server Process Launcher
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager Administrative Service
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Human Interface Device Access
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: HTTPFilter
This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HTTP SSL
DEPENDENCIES : HTTP
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\imapi.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IMAPI CD-Burning COM Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: iPodService
iPod hardware management services
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\Program Files\iPod\bin\iPodService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : iPod Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: PlugPlay
: RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetMeeting Remote Desktop Sharing
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 1
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: MSIServer
Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msiexec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: navapsvc
Handles Norton AntiVirus Auto-Protect events.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Norton AntiVirus Auto Protect Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Network DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Network DDE DSDM
: etwork DDE
: on AntiVirus Auto Protect Service
: n Coordinator
: ion
: gramFilen
: 
:
: 
: è6
: è6
: ges Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
:
: u
: n
: a
: v
: a
: i
: l
: a
: b
: l
: e
: .
:
: I
: f
:
: t
: h
: i
: s
:
: s
: e
: r
: v
: i
: c
: e
:
: i
: s
:
: d
: i
: s
: a
: b
: l
: e
: d
: ,
:
: a
: n
: y
:
: s
: e
: r
: v
: i
: c
: e
: s
:
: t
: h
: a
: t
:
: e
: x
: p
: l
: i
: c
: i
: t
: l
: y
:
: d
: e
: p
: e
: n
: d
:
: o
: n
:
: i
: t
:
: w
: i
: l
: l
:
: f
: a
: i
: l
:
: t
: o
:
: s
: t
: a
: r
: t
: .
:
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Net Logon
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Removable Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Auto Connection Manager
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Desktop Help Session Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing and Remote Access
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteRegistry
Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Registry
DEPENDENCIES : RPCSS
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\rsvp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SBService
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ScriptBlocking Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP : SmartCardGroup
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secondary Logon
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
DEPENDENCIES : Netman
: WinMgmt
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
Provides notifications for AutoPlay hardware events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SNDSrvc
Symantec Network Drivers Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec Network Drivers Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SSDP Discovery Service
DEPENDENCIES : HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{ED65BE91-FAFE-4D0E-9477-67B4A535ECA0}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MS Software Shadow Copy Provider
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SymWSC
Symantec WMI Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SymWMI Service
DEPENDENCIES : winmgmt
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Performance Logs and Alerts
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost -k DComLaunch
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: TlntSvr
Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\tlntsvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telnet
DEPENDENCIES : RPCSS
: TCPIP
: NTLMSSP
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UMWdf
Enables Windows user mode drivers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\wdfmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows User Mode Driver Framework
DEPENDENCIES : RpcSs
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Universal Plug and Play Device Host
DEPENDENCIES : SSDPSRV
: HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Uninterruptible Power Supply
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Volume Shadow Copy
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: w32time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.


TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 5 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
: Eventlog
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Portable Media Serial Number Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Wmi
Provides systems management information to and from drivers.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation Driver Extensions
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\wbem\wmiapsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : WMI Performance Adapter
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wscsvc
Monitors system security settings and configurations.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Security Center
DEPENDENCIES : RpcSs
: winmgmt
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: xmlprov
Manages XML configuration files on a domain basis for automatic network provisioning.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Provisioning Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
  • 0

#12
Metallica
Posted 28 April 2005 - 03:06 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Copy the part in bold below into notepad and save it as noserv.reg

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY___NS_SERVICE_3]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\__NS_Service_3]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY___NS_SERVICE_3]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\__NS_Service_3]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\11Fßä#·ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\11Fßä#·ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\11Fßä#·ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\11Fßä#·ºÄÖ`I]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_11Fßä#·ºÄÖ`I]

Doubleclick the file you made and confirm you want to merge it with the registry.

Reboot and let me know.

Regards,
  • 0

#13
Airbarto1
Posted 28 April 2005 - 03:28 PM

Airbarto1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Okay - i added the bolded text to the registry thru a notepad file. And i just finished rebooting. Heres a new hijackthis - since you didn't ask for anything i figured it wouldn't hurt to post one

Logfile of HijackThis v1.99.1
Scan saved at 4:25:28 PM, on 4/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJack This\HijackThis.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....738&clcid=0x409
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\addsw.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#14
Metallica
Posted 29 April 2005 - 04:59 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hang on. That's not right.

This may be because we are using different language versions of Windows.

Can you compare the string in post #11 (yours) the funny looking
SERVICE_NAME:
with the string I posted in #12 in the regfile as the last part of the last five lines.

I copied them from your post, but it seems this doesn't always work properly.

Regards,
  • 0

#15
Airbarto1
Posted 29 April 2005 - 12:39 PM

Airbarto1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
11Fßä#·ºÄÖ`I - this is the string from my post with all the services

11Fßä#·ºÄÖ`I - this is what i see from your post concerning the registry key.


they both look identical to me. Weird, but the same. Now I just copied both from our conversation on this board. I was a little unclear if you wanted me to run the get services program again and see what the weird service name was, or if you just wanted me to copy it from our posts. Regardless - they look the same to me - I don't think it was changed in translation. Thanks for the help thus far - let me know what to do next -

a
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP