Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help with trojan removal Agent BN

Started by ux_gal , Sep 01 2004 11:51 AM

Please log in to reply

#1
ux_gal

Posted 01 September 2004 - 11:51 AM

New Member

Member
7 posts

Greetings! <_<

I am running Ad-Aware and AVG but I can't get rid of an annoying Downloader.Agent.2.BN virus in my Windows 2000. Help?? Anyone??

--UX-Gal

#2
ditto

Posted 01 September 2004 - 12:18 PM

- i pwn n00bs -

Member
1,260 posts

Please run a free online virus scan here:
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

#3
ux_gal

Posted 01 September 2004 - 12:22 PM

New Member

Topic Starter
Member
7 posts

Oh, yay, a response!!! Happy! That was fast. Thank you thank you thank you!

I'll check those links and report any progress <_<

I posted my HijackThisLog here:

http://www.geekstogo...hp?showforum=37

---UX-Gal

#4
ditto

Posted 01 September 2004 - 12:24 PM

- i pwn n00bs -

Member
1,260 posts

Yes I saw that. However i closed that topic. Too avoid confusion lets just work with this thread. After you run the scans, post a new HJT Log.

Thanks,
ditto

#5
ux_gal

Posted 01 September 2004 - 01:59 PM

New Member

Topic Starter
Member
7 posts

Yikes!

The Cleaner and House Call didn't find anything, but AVG has lots of little windows popping up lettine me know that it has infected more files. <_<

Halp!

Latest HTL:

Logfile of HijackThis v1.98.2
Scan saved at 4:04:52 p.m., on 01/09/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\discover.exe:cetjv
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Program Files\The Cleaner\tca.exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\InterVideo\DVD5R\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\PROGRAMAS\Adobe\After Effects 5.0\AfterFX.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\1Daniela\HijackThis19802.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\diaod.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\diaod.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\diaod.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\diaod.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\diaod.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\diaod.dll/sp.html#28129
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7930B906-4BEF-9DE1-9D54-B130FEDCC682} - C:\WINNT\appbn32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [winsy32.exe] C:\WINNT\system32\winsy32.exe
O4 - HKLM\..\Run: [tcactive] D:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] D:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVD5R\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = D:\PROGRAMAS\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\PROGRA~1\ARCHIV~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BE5A2AE-CE58-4E7B-9C93-59E064D53020}: NameServer = 200.44.32.13,200.44.32.12

Thanks for all your help, this is a really neat forum!

--UX-Gal

#6
admin

Posted 01 September 2004 - 02:20 PM

Founder Geek

Community Leader
24,639 posts

Please download GetService.zip
Extract it to a new folder in the desktop. Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. It will then open getservice.txt for you.
getservice.txt will list all active Services. Copy and paste the contents of getservice.txt in your next reply here. From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the service will have changed and the fix provided will not work

#7
ux_gal

Posted 01 September 2004 - 02:50 PM

New Member

Topic Starter
Member
7 posts

Contents of GetService.txt posted! Thank you lovely people!

PsService v1.1 - local and remote services viewer/controller
Copyright © 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerter
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Management
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AvgServ
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : AVG6 Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Transfers files in the background using idle network bandwidth. If the service is disabled, then any functions that depend on BITS, such as Windows Update or MSN Explorer will be unable to automatically download programs and other information.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k BITSgroup
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : LanmanWorkstation
: Rpcss
: SENS
: Wmi
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Browser
Maintains an up-to-date list of computers on your network and supplies the list to programs that request it.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Computer Browser
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: C-DillaSrv
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : C-DillaSrv
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: cisvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Indexing Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Supports ClipBook Viewer, which allows pages to be seen by remote ClipBooks.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Administrative service for disk management requests
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager Administrative Service
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Logical Disk Manager Watchdog Service
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Logs event messages issued by programs and Windows. Event Log reports contain information that can be useful in diagnosing problems. Reports are viewed in Event Viewer.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Provides automatic distribution of events to subscribing COM components.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Fax
Helps you send and receive faxes
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\faxsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fax Service
DEPENDENCIES : TapiSrv
: RpcSs
: PlugPlay
: Spooler
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Provides RPC support and file, print, and named pipe sharing.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Provides network connections and communications.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper Service
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Messenger
Sends and receives messages transmitted by administrators or by the Alerter service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Allows authorized people to remotely access your Windows desktop using NetMeeting.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetMeeting Remote Desktop Sharing
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that are distributed across two or more databases, message queues, file systems, or other transaction protected resource managers.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 1
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSIServer
Installs, repairs and removes software according to instructions contained in .MSI files.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\MsiExec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for dynamic data exchange (DDE).
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Network DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages shared dynamic data exchange and is used by Network DDE
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Network DDE DSDM
: etwork DDE
: ted Transaction Coordinator
: trative Service
: h
:
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Net Logon
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
Manages removable media, drives, and libraries.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Removable Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

Error querying status of O?’ŽrtñåÈ²$Ó on \\GRAFICOS:
SERVICE_NAME: PlugPlay
Manages device installation and configuration and notifies programs of device changes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Policy Agent
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Auto Connection Manager
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing and Remote Access
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteRegistry
Allows remote registry manipulation.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\regsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Registry Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost -k rpcss
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\rsvp.exe -s
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardDrv
Provides support for legacy smart card readers attached to the computer.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Smart Card Helper
DEPENDENCIES : +Smart Card Reader
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
Manages and controls access to a smart card inserted into a smart card reader attached to the computer.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Schedule
Enables a program to run at a designated time.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\MSTask.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : RunAs Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Internet Connection Sharing
DEPENDENCIES : RasMan
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SoundMAX Agent Service (default)
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SoundMAX Agent Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: StiSvc
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\stisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Still Image Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Configures performance logs and alerts.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Performance Logs and Alerts
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TlntSvr
Allows a remote user to log on to the system and run console programs using the command line.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\tlntsvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telnet
DEPENDENCIES : RpcSs
: TcpIp
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TrkWks
Sends notifications of files moving between NTFS volumes in a network domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Uninterruptible Power Supply
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UtilMan
Starts and configures accessibility tools from one window
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\UtilMan.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Utility Manager
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Sets the computer clock.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WinMgmt
Provides system management information.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\System32\WBEM\WinMgmt.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Portable Media Serial Number Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Wmi
Provides systems management information to and from drivers.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\Services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation Driver Extensions
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k wugroup
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides authenticated network access control using IEEE 802.1x for wired and wireless Ethernet networks.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Configuration
DEPENDENCIES : RpcSs
: Ndisuio
: ProtectedStorage
: WMI
SERVICE_START_NAME: LocalSystem

#8
admin

Posted 01 September 2004 - 10:10 PM

Founder Geek

Community Leader
24,639 posts

This log is corrupted. Can you please reboot your computer and post a new Hijack This log, and GetService.txt?

When finished, please DO NOT reboot again until directed to do so, or we'll have to start all over. These files names change everytime you reboot.

#9
ux_gal

Posted 02 September 2004 - 07:06 AM

New Member

Topic Starter
Member
7 posts

Sure thing, chief! Thanks again! New Log:

PsService v1.1 - local and remote services viewer/controller
Copyright © 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerter
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Management
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AvgServ
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : AVG6 Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Transfers files in the background using idle network bandwidth. If the service is disabled, then any functions that depend on BITS, such as Windows Update or MSN Explorer will be unable to automatically download programs and other information.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k BITSgroup
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : LanmanWorkstation
: Rpcss
: SENS
: Wmi
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Browser
Maintains an up-to-date list of computers on your network and supplies the list to programs that request it.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Computer Browser
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: C-DillaSrv
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : C-DillaSrv
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: cisvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Indexing Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Supports ClipBook Viewer, which allows pages to be seen by remote ClipBooks.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Administrative service for disk management requests
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager Administrative Service
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Logical Disk Manager Watchdog Service
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Logs event messages issued by programs and Windows. Event Log reports contain information that can be useful in diagnosing problems. Reports are viewed in Event Viewer.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Provides automatic distribution of events to subscribing COM components.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Fax
Helps you send and receive faxes
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\faxsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fax Service
DEPENDENCIES : TapiSrv
: RpcSs
: PlugPlay
: Spooler
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Provides RPC support and file, print, and named pipe sharing.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Provides network connections and communications.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper Service
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Messenger
Sends and receives messages transmitted by administrators or by the Alerter service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Allows authorized people to remotely access your Windows desktop using NetMeeting.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetMeeting Remote Desktop Sharing
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that are distributed across two or more databases, message queues, file systems, or other transaction protected resource managers.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 1
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSIServer
Installs, repairs and removes software according to instructions contained in .MSI files.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\MsiExec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for dynamic data exchange (DDE).
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Network DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages shared dynamic data exchange and is used by Network DDE
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Network DDE DSDM
: etwork DDE
: ted Transaction Coordinator
: trative Service
: h
:
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Net Logon
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
Manages removable media, drives, and libraries.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Removable Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Manages device installation and configuration and notifies programs of device changes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Policy Agent
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Auto Connection Manager
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing and Remote Access
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteRegistry
Allows remote registry manipulation.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\regsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Registry Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost -k rpcss
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\rsvp.exe -s
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardDrv
Provides support for legacy smart card readers attached to the computer.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Smart Card Helper
DEPENDENCIES : +Smart Card Reader
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
Manages and controls access to a smart card inserted into a smart card reader attached to the computer.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Schedule
Enables a program to run at a designated time.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\MSTask.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : RunAs Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Internet Connection Sharing
DEPENDENCIES : RasMan
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SoundMAX Agent Service (default)
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SoundMAX Agent Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: StiSvc
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\stisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Still Image Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Configures performance logs and alerts.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Performance Logs and Alerts
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TlntSvr
Allows a remote user to log on to the system and run console programs using the command line.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\tlntsvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telnet
DEPENDENCIES : RpcSs
: TcpIp
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TrkWks
Sends notifications of files moving between NTFS volumes in a network domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Uninterruptible Power Supply
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UtilMan
Starts and configures accessibility tools from one window
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\UtilMan.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Utility Manager
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Sets the computer clock.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WinMgmt
Provides system management information.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\System32\WBEM\WinMgmt.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Portable Media Serial Number Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Wmi
Provides systems management information to and from drivers.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\Services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation Driver Extensions
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k wugroup
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides authenticated network access control using IEEE 802.1x for wired and wireless Ethernet networks.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Configuration
DEPENDENCIES : RpcSs
: Ndisuio
: ProtectedStorage
: WMI
SERVICE_START_NAME: LocalSystem

#10
ux_gal

Posted 03 September 2004 - 11:39 AM

New Member

Topic Starter
Member
7 posts

Hmm... ran another AVG scan today, no virus. Weird. I'm going to post my Hijack This log and GetService results, am I really virus free now?

CURRENT HIJACK THIS LOG:

Logfile of HijackThis v1.98.2
Scan saved at 1:45:25 p.m., on 03/09/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Program Files\The Cleaner\tca.exe
D:\Program Files\The Cleaner\tcm.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\InterVideo\DVD5R\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\WINNT\system32\ntvdm.exe
D:\3dsmax4\3dsmax.exe
C:\WINNT\CDILLA64.EXE
C:\Program Files\Internet Explorer\iexplore.exe
E:\1Daniela\HijackThis19802.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\diaod.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\diaod.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\diaod.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\diaod.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\diaod.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\diaod.dll/sp.html#28129
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7930B906-4BEF-9DE1-9D54-B130FEDCC682} - C:\WINNT\appbn32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [winsy32.exe] C:\WINNT\system32\winsy32.exe
O4 - HKLM\..\Run: [tcactive] D:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] D:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVD5R\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = D:\PROGRAMAS\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\PROGRA~1\ARCHIV~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BE5A2AE-CE58-4E7B-9C93-59E064D53020}: NameServer = 200.44.32.13,200.44.32.12

GET SERVICE:

PsService v1.1 - local and remote services viewer/controller
Copyright © 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerter
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Management
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AvgServ
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : AVG6 Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Transfers files in the background using idle network bandwidth. If the service is disabled, then any functions that depend on BITS, such as Windows Update or MSN Explorer will be unable to automatically download programs and other information.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k BITSgroup
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : LanmanWorkstation
: Rpcss
: SENS
: Wmi
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Browser
Maintains an up-to-date list of computers on your network and supplies the list to programs that request it.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Computer Browser
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: C-DillaSrv
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : C-DillaSrv
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: cisvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Indexing Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Supports ClipBook Viewer, which allows pages to be seen by remote ClipBooks.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Administrative service for disk management requests
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager Administrative Service
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Logical Disk Manager Watchdog Service
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Logs event messages issued by programs and Windows. Event Log reports contain information that can be useful in diagnosing problems. Reports are viewed in Event Viewer.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Provides automatic distribution of events to subscribing COM components.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Fax
Helps you send and receive faxes
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\faxsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fax Service
DEPENDENCIES : TapiSrv
: RpcSs
: PlugPlay
: Spooler
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Provides RPC support and file, print, and named pipe sharing.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Provides network connections and communications.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper Service
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Messenger
Sends and receives messages transmitted by administrators or by the Alerter service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Allows authorized people to remotely access your Windows desktop using NetMeeting.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetMeeting Remote Desktop Sharing
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that are distributed across two or more databases, message queues, file systems, or other transaction protected resource managers.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 1
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSIServer
Installs, repairs and removes software according to instructions contained in .MSI files.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\MsiExec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for dynamic data exchange (DDE).
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Network DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages shared dynamic data exchange and is used by Network DDE
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Network DDE DSDM
: etwork DDE
: ted Transaction Coordinator
: trative Service
: h
:
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Net Logon
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
Manages removable media, drives, and libraries.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Removable Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Manages device installation and configuration and notifies programs of device changes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Policy Agent
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Auto Connection Manager
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing and Remote Access
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteRegistry
Allows remote registry manipulation.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\regsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Registry Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost -k rpcss
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\rsvp.exe -s
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardDrv
Provides support for legacy smart card readers attached to the computer.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Smart Card Helper
DEPENDENCIES : +Smart Card Reader
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
Manages and controls access to a smart card inserted into a smart card reader attached to the computer.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Schedule
Enables a program to run at a designated time.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\MSTask.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : RunAs Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Internet Connection Sharing
DEPENDENCIES : RasMan
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SoundMAX Agent Service (default)
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SoundMAX Agent Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: StiSvc
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\stisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Still Image Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Configures performance logs and alerts.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Performance Logs and Alerts
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TlntSvr
Allows a remote user to log on to the system and run console programs using the command line.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\tlntsvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telnet
DEPENDENCIES : RpcSs
: TcpIp
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TrkWks
Sends notifications of files moving between NTFS volumes in a network domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Uninterruptible Power Supply
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UtilMan
Starts and configures accessibility tools from one window
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\UtilMan.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Utility Manager
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Sets the computer clock.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WinMgmt
Provides system management information.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\System32\WBEM\WinMgmt.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Portable Media Serial Number Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Wmi
Provides systems management information to and from drivers.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\Services.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation Driver Extensions
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k wugroup
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides authenticated network access control using IEEE 802.1x for wired and wireless Ethernet networks.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Configuration
DEPENDENCIES : RpcSs
: Ndisuio
: ProtectedStorage
: WMI
SERVICE_START_NAME: LocalSystem

#11
admin

Posted 03 September 2004 - 12:56 PM

Founder Geek

Community Leader
24,639 posts

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\diaod.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\diaod.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\diaod.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\diaod.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\diaod.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\diaod.dll/sp.html#28129
O2 - BHO: (no name) - {7930B906-4BEF-9DE1-9D54-B130FEDCC682} - C:\WINNT\appbn32.dll (file missing)
O4 - HKLM\..\Run: [winsy32.exe] C:\WINNT\system32\winsy32.exe

Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\WINNT\system32\diaod.dll
C:\WINNT\system32\winsy32.exe

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. <_<