1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

hijacked homepage

Discussion in 'Malware and Virus Removal Archive' started by ugostar, 2004/10/22.

Thread Status:
Not open for further replies.
  1. 2004/11/03
    ugostar

    ugostar Inactive Thread Starter

    Joined:
    2003/03/01
    Messages:
    98
    Likes Received:
    0
    Have sent please let me know if ok
     
  2. 2004/11/03
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    I would like to recommend you run a couple of other tools also. Somewhat similar to what you have already run but may turn up different results.

    • Download and install Reglite. Open and copy/paste the following string in the address window then click go.
      • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
      • Double click on the AppInit_DLLs entry to open a "Data Editor" properties window. If the Value line contains a .dll filename, copy/paste it here.
      • If no dll listed, click search on the tool bar and then search registry. Maximize the window (sometimes necessary to see the function buttons at the bottom) and enter tgbrfv_5.dll. Then click the magnifying glass in lower left corner to start the search. If an entry is found with the filename in the value column, highlight the entry and click the green 'jump to' arrow on the toolbar below. This will open Reglite to the key containing the entry and the folder it is contained in will be purple in the left hand pane. Right click the folder and select export. Name the file baddll.txt, change the file type to Regedt32/WinApi hive files (*.hiv, *.dat, *.*), and save to your desktop. Open the text file and copy/paste the contents here.


    • ActiveServices ...
      • Please download GetService.zip
      • Extract it to a new folder in the desktop. Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. It will then open getservice.txt for you.
      • getservice.txt will list all active Services. Copy and paste the contents of getservice.txt in your next reply here.
    From the moment you post your getservices log, until you see a detailed fix written up, or otherwise instructed, DO NOT reboot your system or log off. If you do, the illegitimate service (if present) will have changed and the fix provided will not work
     

  3. to hide this advert.

  4. 2004/11/03
    ugostar

    ugostar Inactive Thread Starter

    Joined:
    2003/03/01
    Messages:
    98
    Likes Received:
    0
    Hi Noahdfear
    Thank you for your time
    ok I dloaded reglite nothing came up did the search in the registry with the magnifying glass still nothing
    Also mdid the getservice thing here is the log and I have not turned of my comp till i recieve a reply

    Will not let me paste get service says to many characters
     
  5. 2004/11/04
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Hi

    You can paste half in one post half in another :)

    also Look here in reglite please
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pnpsvc\Parameters\\ServiceDll

    If the pnpsvc is there expand Parameters and ServiceDll and tell us the dll and path to it.
     
  6. 2004/11/04
    ugostar

    ugostar Inactive Thread Starter

    Joined:
    2003/03/01
    Messages:
    98
    Likes Received:
    0
    Here is only about a eighth of the whole log I dont know if I did it right but there is alot of info on this log

    Lonney sorry but can you explain how to do the reglite thing again I,m just a bit confused with how to use it

    Thank you



    PsService v1.1 - local and remote services viewer/controller
    Copyright (C) 2001-2003 Mark Russinovich
    Sysinternals - www.sysinternals.com

    SERVICE_NAME: Alerter
    Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Alerter
    DEPENDENCIES : LanmanWorkstation
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: ALG
    Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Application Layer Gateway Service
    DEPENDENCIES :
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: AppMgmt
    Provides software installation services such as Assign, Publish, and Remove.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Application Management
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: aspnet_state
    Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : ASP.NET State Service
    DEPENDENCIES :
    SERVICE_START_NAME: NT AUTHORITY\NetworkService

    SERVICE_NAME: AudioSrv
    Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : AudioGroup
    TAG : 0
    DISPLAY_NAME : Windows Audio
    DEPENDENCIES : PlugPlay
    : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: BITS
    Uses idle network bandwidth to transfer data.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Background Intelligent Transfer Service
    DEPENDENCIES : Rpcss
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Browser
    Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Computer Browser
    DEPENDENCIES : LanmanWorkstation
    : LanmanServer
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: CFSvcs
    (null)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : ConfigFree Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: CiSvc
    Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\cisvc.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Indexing Service
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: ClipSrv
    Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : ClipBook
    DEPENDENCIES : NetDDE
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: COMSysApp
    Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : COM+ System Application
    DEPENDENCIES : rpcss
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 30 seconds
    FAILURE_ACTIONS : Restart DELAY: 1000 seconds
    : Restart DELAY: 5000 seconds
    : None DELAY: 1000 seconds

    SERVICE_NAME: CryptSvc
    Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Cryptographic Services
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Dhcp
    Manages network configuration by registering and updating IP addresses and DNS names.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : TDI
    TAG : 0
    DISPLAY_NAME : DHCP Client
    DEPENDENCIES : Tcpip
    : Afd
    : NetBT
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: dmadmin
    Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Logical Disk Manager Administrative Service
    DEPENDENCIES : RpcSs
    : PlugPlay
    : DmServer
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: dmserver
    Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Logical Disk Manager
    DEPENDENCIES : RpcSs
    : PlugPlay
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Dnscache
    Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService
    LOAD_ORDER_GROUP : TDI
    TAG : 0
    DISPLAY_NAME : DNS Client
    DEPENDENCIES : Tcpip
    SERVICE_START_NAME: NT AUTHORITY\NetworkService

    SERVICE_NAME: DVD-RAM_Service
    (null)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\DVDRAMSV.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : DVD-RAM_Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: ERSvc
    Allows error reporting for services and applictions running in non-standard environments.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Error Reporting Service
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Eventlog
    Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
    LOAD_ORDER_GROUP : Event log
    TAG : 0
    DISPLAY_NAME : Event Log
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: EventSystem
    Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : Network
    TAG : 0
    DISPLAY_NAME : COM+ Event System
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: FastUserSwitchingCompatibility
    Provides management for applications that require assistance in a multiple user environment.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Fast User Switching Compatibility
    DEPENDENCIES : TermService
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: helpsvc
    Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Help and Support
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS : Restart DELAY: 100 seconds
    : Restart DELAY: 100 seconds
    : None DELAY: 100 seconds

    SERVICE_NAME: HidServ
    Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Human Interface Device Access
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: ImapiService
    Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\imapi.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : IMAPI CD-Burning COM Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: lanmanserver
    Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Server
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: lanmanworkstation
    Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : NetworkProvider
    TAG : 0
    DISPLAY_NAME : Workstation
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: LmHosts
    Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP : TDI
    TAG : 0
    DISPLAY_NAME : TCP/IP NetBIOS Helper
    DEPENDENCIES : NetBT
    : Afd
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: MDM
    Manages local and remote debugging for Visual Studio debuggers
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe "
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Machine Debug Manager
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Messenger
    Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Messenger
    DEPENDENCIES : LanmanWorkstation
    : NetBIOS
    : PlugPlay
    : RpcSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: mnmsrvc
    Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\mnmsrvc.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : NetMeeting Remote Desktop Sharing
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: MSDTC
    Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\msdtc.exe
    LOAD_ORDER_GROUP : MS Transactions
    TAG : 0
    DISPLAY_NAME : Distributed Transaction Coordinator
    DEPENDENCIES : RPCSS
    : SamSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: MSIServer
    Installs, repairs and removes software according to instructions contained in .MSI files.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\msiexec.exe /V
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Windows Installer
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: NetDDE
    Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
    LOAD_ORDER_GROUP : NetDDEGroup
    TAG : 0
    DISPLAY_NAME : Network DDE
    DEPENDENCIES : NetDDEDSDM
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: NetDDEdsdm
    Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Network DDE DSDM
    DEPENDENCIES :
    : EGrLocalSystem
    : Network DDE DSDM
    : etwork DDE
    : ributed Transaction Coordinator
    : r
    : ative Service
    : ion
    : ustin\Apf
    : 
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Netlogon
    Supports pass-through authentication of account logon events for computers in a domain.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
    LOAD_ORDER_GROUP : RemoteValidation
    TAG : 0
    DISPLAY_NAME : Net Logon
    DEPENDENCIES : LanmanWorkstation
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Netman
    Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Network Connections
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem
     
  7. 2004/11/05
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Yep we no its large, if you have to make three posts.
    start where the last one ended
    SERVICE_NAME: Netman

    Then since its bee awhile post a new Hiajckthis log to

    Never mind the reglite instruction's for now.
     
  8. 2004/11/05
    ugostar

    ugostar Inactive Thread Starter

    Joined:
    2003/03/01
    Messages:
    98
    Likes Received:
    0
    SERVICE_NAME: Netman
    Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Network Connections
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Nla
    Collects and stores network configuration and location information, and notifies applications when this information changes.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Network Location Awareness (NLA)
    DEPENDENCIES : Tcpip
    : Afd
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: NtLmSsp
    Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : NT LM Security Support Provider
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: NtmsSvc
    (null)
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Removable Storage
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: ose
    Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Office Source Engine
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: PccPfw
    Manages the Trend Micro Personal Firewall.
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Trend Micro Personal Firewall
    DEPENDENCIES : RasMan
    : tm_cfw
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: PlugPlay
    Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
    LOAD_ORDER_GROUP : PlugPlay
    TAG : 0
    DISPLAY_NAME : Plug and Play
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: PolicyAgent
    Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : IPSEC Services
    DEPENDENCIES : RPCSS
    : Tcpip
    : IPSec
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: ProtectedStorage
    Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Protected Storage
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RasAuto
    Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Access Auto Connection Manager
    DEPENDENCIES : RasMan
    : Tapisrv
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RasMan
    Creates a network connection.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Access Connection Manager
    DEPENDENCIES : Tapisrv
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RDSessMgr
    Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Desktop Help Session Manager
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RegSrvc
    (null)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\RegSrvc.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : RegSrvc
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RemoteAccess
    Offers routing services to businesses in local area and wide area network environments.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Routing and Remote Access
    DEPENDENCIES : RpcSS
    : +NetBIOSGroup
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RemoteRegistry
    Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Registry
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: NT AUTHORITY\LocalService
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS : Restart DELAY: 1000 seconds

    SERVICE_NAME: RpcLocator
    Manages the RPC name service database.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\locator.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Procedure Call (RPC) Locator
    DEPENDENCIES : LanmanWorkstation
    SERVICE_START_NAME: NT AUTHORITY\NetworkService

    SERVICE_NAME: RpcSs
    Provides the endpoint mapper and other miscellaneous RPC services.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
    LOAD_ORDER_GROUP : COM Infrastructure
    TAG : 0
    DISPLAY_NAME : Remote Procedure Call (RPC)
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

    SERVICE_NAME: RSVP
    Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\rsvp.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : QoS RSVP
    DEPENDENCIES : TcpIp
    : Afd
    : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: S24EventMonitor
    (null)
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\S24EvMon.exe
    LOAD_ORDER_GROUP : PNP_TDI
    TAG : 0
    DISPLAY_NAME : Spectrum24 Event Monitor
    DEPENDENCIES : s24trans
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SamSs
    Stores security information for local user accounts.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
    LOAD_ORDER_GROUP : LocalValidation
    TAG : 0
    DISPLAY_NAME : Security Accounts Manager
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SCardDrv
    Enables support for legacy non-plug and play smart-card readers used by this computer. If this service is stopped, this computer will not support legacy reader. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Smart Card Helper
    DEPENDENCIES : +Smart Card Reader
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: SCardSvr
    Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Smart Card
    DEPENDENCIES : PlugPlay
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: Schedule
    Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : SchedulerGroup
    TAG : 0
    DISPLAY_NAME : Task Scheduler
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: seclogon
    Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Secondary Logon
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SENS
    Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : Network
    TAG : 0
    DISPLAY_NAME : System Event Notification
    DEPENDENCIES : EventSystem
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SharedAccess
    Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
    DEPENDENCIES : Netman
    : NLA
    : RasMan
    : ALG
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: ShellHWDetection
    (null)
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : ShellSvcGroup
    TAG : 0
    DISPLAY_NAME : Shell Hardware Detection
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Spooler
    Loads files to memory for later printing.
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
    LOAD_ORDER_GROUP : SpoolerGroup
    TAG : 0
    DISPLAY_NAME : Print Spooler
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS : Restart DELAY: 60000 seconds
    : Restart DELAY: 60000 seconds
    : None DELAY: 0 seconds

    SERVICE_NAME: srservice
    Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : System Restore Service
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SSDPSRV
    Enables discovery of UPnP devices on your home network.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : SSDP Discovery Service
    DEPENDENCIES :
    SERVICE_START_NAME: NT AUTHORITY\LocalService
     
  9. 2004/11/05
    ugostar

    ugostar Inactive Thread Starter

    Joined:
    2003/03/01
    Messages:
    98
    Likes Received:
    0
    SERVICE_NAME: Netman
    Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Network Connections
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Nla
    Collects and stores network configuration and location information, and notifies applications when this information changes.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Network Location Awareness (NLA)
    DEPENDENCIES : Tcpip
    : Afd
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: NtLmSsp
    Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : NT LM Security Support Provider
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: NtmsSvc
    (null)
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Removable Storage
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: ose
    Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Office Source Engine
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: PccPfw
    Manages the Trend Micro Personal Firewall.
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Trend Micro Personal Firewall
    DEPENDENCIES : RasMan
    : tm_cfw
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: PlugPlay
    Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
    LOAD_ORDER_GROUP : PlugPlay
    TAG : 0
    DISPLAY_NAME : Plug and Play
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: PolicyAgent
    Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : IPSEC Services
    DEPENDENCIES : RPCSS
    : Tcpip
    : IPSec
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: ProtectedStorage
    Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Protected Storage
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RasAuto
    Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Access Auto Connection Manager
    DEPENDENCIES : RasMan
    : Tapisrv
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RasMan
    Creates a network connection.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Access Connection Manager
    DEPENDENCIES : Tapisrv
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RDSessMgr
    Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Desktop Help Session Manager
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RegSrvc
    (null)
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\RegSrvc.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : RegSrvc
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RemoteAccess
    Offers routing services to businesses in local area and wide area network environments.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Routing and Remote Access
    DEPENDENCIES : RpcSS
    : +NetBIOSGroup
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: RemoteRegistry
    Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Registry
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: NT AUTHORITY\LocalService
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS : Restart DELAY: 1000 seconds

    SERVICE_NAME: RpcLocator
    Manages the RPC name service database.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\locator.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Remote Procedure Call (RPC) Locator
    DEPENDENCIES : LanmanWorkstation
    SERVICE_START_NAME: NT AUTHORITY\NetworkService

    SERVICE_NAME: RpcSs
    Provides the endpoint mapper and other miscellaneous RPC services.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
    LOAD_ORDER_GROUP : COM Infrastructure
    TAG : 0
    DISPLAY_NAME : Remote Procedure Call (RPC)
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

    SERVICE_NAME: RSVP
    Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\rsvp.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : QoS RSVP
    DEPENDENCIES : TcpIp
    : Afd
    : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: S24EventMonitor
    (null)
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\S24EvMon.exe
    LOAD_ORDER_GROUP : PNP_TDI
    TAG : 0
    DISPLAY_NAME : Spectrum24 Event Monitor
    DEPENDENCIES : s24trans
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SamSs
    Stores security information for local user accounts.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
    LOAD_ORDER_GROUP : LocalValidation
    TAG : 0
    DISPLAY_NAME : Security Accounts Manager
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SCardDrv
    Enables support for legacy non-plug and play smart-card readers used by this computer. If this service is stopped, this computer will not support legacy reader. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Smart Card Helper
    DEPENDENCIES : +Smart Card Reader
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: SCardSvr
    Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Smart Card
    DEPENDENCIES : PlugPlay
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: Schedule
    Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : SchedulerGroup
    TAG : 0
    DISPLAY_NAME : Task Scheduler
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: seclogon
    Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Secondary Logon
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SENS
    Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : Network
    TAG : 0
    DISPLAY_NAME : System Event Notification
    DEPENDENCIES : EventSystem
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SharedAccess
    Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
    DEPENDENCIES : Netman
    : NLA
    : RasMan
    : ALG
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: ShellHWDetection
    (null)
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : ShellSvcGroup
    TAG : 0
    DISPLAY_NAME : Shell Hardware Detection
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Spooler
    Loads files to memory for later printing.
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
    LOAD_ORDER_GROUP : SpoolerGroup
    TAG : 0
    DISPLAY_NAME : Print Spooler
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS : Restart DELAY: 60000 seconds
    : Restart DELAY: 60000 seconds
    : None DELAY: 0 seconds

    SERVICE_NAME: srservice
    Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : System Restore Service
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SSDPSRV
    Enables discovery of UPnP devices on your home network.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : SSDP Discovery ServiceLogfile of HijackThis v1.98.2
    Scan saved at 10:21:07 PM, on 5/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
    C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
    C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
    C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\System32\TFNF5.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\System32\TPSMain.exe
    C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\TPSBattM.exe
    C:\Program Files\Trend Micro\Internet Security\pccguide.exe
    C:\Program Files\Trend Micro\Internet Security\PCClient.exe
    C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\justin\My Documents\HijackThis.exe
    C:\WINDOWS\System32\cmd.exe
    C:\WINDOWS\system32\notepad.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iinet.net.au
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by iiNet
    F2 - REG:system.ini: UserInit=Userinit.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
    O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe "
    O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe "
    O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.iinet.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\..\{799F4E01-C5D9-454F-BD40-BC3EFEAA5FE3}: NameServer = 203.0.178.191


    Here it is Lonney
    Thank you for your time

    DEPENDENCIES :
    SERVICE_START_NAME: NT AUTHORITY\LocalService
     
  10. 2004/11/05
    ugostar

    ugostar Inactive Thread Starter

    Joined:
    2003/03/01
    Messages:
    98
    Likes Received:
    0
    Sorry I think
    I doubled up and forgot the end bit here it is



    SERVICE_NAME: SSDPSRV
    Enables discovery of UPnP devices on your home network.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : SSDP Discovery Service
    DEPENDENCIES :
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: stisvc
    Provides image acquisition services for scanners and cameras.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k imgsvc
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Windows Image Acquisition (WIA)
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SwPrv
    Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{44E2CEA7-81E4-4013-9FF3-EEF43C3C6F79}
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : MS Software Shadow Copy Provider
    DEPENDENCIES : rpcss
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: SysmonLog
    Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Performance Logs and Alerts
    DEPENDENCIES :
    SERVICE_START_NAME: NT Authority\NetworkService

    SERVICE_NAME: TapiSrv
    Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Telephony
    DEPENDENCIES : PlugPlay
    : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: TermService
    Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Terminal Services
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Themes
    Provides user experience theme management.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : UIGroup
    TAG : 0
    DISPLAY_NAME : Themes
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS : Restart DELAY: 60000 seconds
    : Restart DELAY: 60000 seconds
    : None DELAY: 0 seconds

    SERVICE_NAME: TlntSvr
    Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 4 DISABLED
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\tlntsvr.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Telnet
    DEPENDENCIES : RPCSS
    : TCPIP
    : NTLMSSP
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Tmesrv
    (null)
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : "C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Tmesrv3
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Tmntsrv
    Enables scanning in real time.
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : "C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe "
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Trend NT Realtime Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: tmproxy
    Manages the Trend Micro tmtdi module.
    TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Trend Micro Proxy Service
    DEPENDENCIES : tmtdi
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: TrkWks
    Maintains links between NTFS files within a computer or across computers in a network domain.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Distributed Link Tracking Client
    DEPENDENCIES : RpcSs
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: uploadmgr
    Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Upload Manager
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS : Restart DELAY: 100 seconds
    : Restart DELAY: 100 seconds
    : None DELAY: 100 seconds

    SERVICE_NAME: upnphost
    Provides support to host Universal Plug and Play devices.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Universal Plug and Play Device Host
    DEPENDENCIES : SSDPSRV
    SERVICE_START_NAME: NT AUTHORITY\LocalService
    FAIL_RESET_PERIOD : -1 seconds
    FAILURE_ACTIONS : Restart DELAY: 0 seconds

    SERVICE_NAME: UPS
    Manages an uninterruptible power supply (UPS) connected to the computer.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Uninterruptible Power Supply
    DEPENDENCIES :
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: VSS
    Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Volume Shadow Copy
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: W32Time
    Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.


    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Windows Time
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: WebClient
    Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP : NetworkProvider
    TAG : 0
    DISPLAY_NAME : WebClient
    DEPENDENCIES : MRxDAV
    SERVICE_START_NAME: NT AUTHORITY\LocalService

    SERVICE_NAME: winmgmt
    Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 0 IGNORE
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Windows Management Instrumentation
    DEPENDENCIES : RPCSS
    : Eventlog
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS : Restart DELAY: 60000 seconds
    : Restart DELAY: 60000 seconds

    SERVICE_NAME: WmdmPmSN
    Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Portable Media Serial Number Service
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: Wmi
    Provides systems management information to and from drivers.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Windows Management Instrumentation Driver Extensions
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: WmiApSrv
    Provides performance library information from WMI HiPerf providers.
    TYPE : 10 WIN32_OWN_PROCESS
    START_TYPE : 3 DEMAND_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\wbem\wmiapsrv.exe
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : WMI Performance Adapter
    DEPENDENCIES : RPCSS
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: wuauserv
    Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP :
    TAG : 0
    DISPLAY_NAME : Automatic Updates
    DEPENDENCIES :
    SERVICE_START_NAME: LocalSystem

    SERVICE_NAME: WZCSVC
    Provides automatic configuration for the 802.11 adapters
    TYPE : 20 WIN32_SHARE_PROCESS
    START_TYPE : 2 AUTO_START
    ERROR_CONTROL : 1 NORMAL
    BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP : TDI
    TAG : 0
    DISPLAY_NAME : Wireless Zero Configuration
    DEPENDENCIES : RpcSs
    : Ndisuio
    SERVICE_START_NAME: LocalSystem
     
  11. 2004/11/05
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Hi

    Im not seeing any bad services, Dave ?

    Let's use killbox again. this time a little differant

    Start Killbox.exe
    Select the Delete on reboot option.

    Copy and paste the line below in the field labeled "Full path of file to delete"
    C:\Windows\system32\TGBRFV_5.dll
    Then press the button that looks like a red circle with a white X in it.
    When it asks if you would like to Reboot now, press the NO button.

    Copy and paste the line below in the field labeled "Full path of file to delete"
    C:\WINDOWS\System32\TGBRFV_.exe
    Then press the button that looks like a red circle with a white X in it.
    When it asks if you would like to Reboot now, press the YES button.
    Your computer will reboot.

    Post a new log made when here at the forums.
    And another from Dllcompare pease
     
  12. 2004/11/05
    ugostar

    ugostar Inactive Thread Starter

    Joined:
    2003/03/01
    Messages:
    98
    Likes Received:
    0
    Hi Lonney

    Here is my HJT Log but I did the dll compare thing and it did nothing So I redownloaded the program I hit the run locate button it says scan completed
    when `I hit the compare it does nothing

    Thank You

    Logfile of HijackThis v1.98.2
    Scan saved at 12:10:24 AM, on 6/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
    C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
    C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
    C:\WINDOWS\System32\00THotkey.exe
    C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\System32\TFNF5.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\System32\TPSMain.exe
    C:\WINDOWS\System32\TPSBattM.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Trend Micro\Internet Security\pccguide.exe
    C:\Program Files\Trend Micro\Internet Security\PCClient.exe
    C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\justin\My Documents\DllCompare.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\justin\My Documents\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iinet.net.au
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by iiNet
    F2 - REG:system.ini: UserInit=Userinit.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
    O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe "
    O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe "
    O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.iinet.net.au
    O17 - HKLM\System\CCS\Services\Tcpip\..\{799F4E01-C5D9-454F-BD40-BC3EFEAA5FE3}: NameServer = 203.0.178.191
     
  13. 2004/11/05
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    You did unzip it correct ?

    Yes it will appear to nothing for a bit, click locate.com wait a bit
    then click compare just wait , could be another problem but i think you just need to wait a bit.

    Are you still seeing A-Search
     
  14. 2004/11/05
    ugostar

    ugostar Inactive Thread Starter

    Joined:
    2003/03/01
    Messages:
    98
    Likes Received:
    0
    Yes I still get that **** a-search
    as for the dll compare I just dont know it worked the first time now nothing
     
  15. 2004/11/05
    ugostar

    ugostar Inactive Thread Starter

    Joined:
    2003/03/01
    Messages:
    98
    Likes Received:
    0
    Sorry that was not an actual swear word it was d**n just to let you know
     
  16. 2004/11/05
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Ok , close dllcompare if its still open.

    try it again later when there are less things running, like when you first start your PC..

    Post a log from this tool. it can only report, not fix, BUT it might list the other files related to that Huytam.dll and TGBRFV_5.dll

    Download mwav.exe http://www.mwti.net/antivirus/free_utilities.asp
    run mwav.exe, that will make a folder in C:\ called bases extract some files and start mwavscan.com, once it has select all files, press scan when it is completed view log, but here's the catch since the log is so large, we only need to see the lines with "action taken " in them.
     
  17. 2004/11/05
    ugostar

    ugostar Inactive Thread Starter

    Joined:
    2003/03/01
    Messages:
    98
    Likes Received:
    0
    Hi Lonney ok I did what you asked and this is what I found I think I did correct


    Sat Nov 06 01:45:34 2004 => File C:\WINDOWS\system32\TGBRFV_.exe infected by "TrojanDownloader.Win32.Zlob.d" Virus. Action Taken: No Action Taken.
     
  18. 2004/11/05
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Thats all ?

    Ok use Killbox again,, I get the feeling you havent used it correctly.
    try once more please

    Run Hijackthis place a check next to only this item then hit fix checked
    F2 - REG:system.ini: UserInit=Userinit.exe,
    Close Hiajckthis
    Start Killbox.exe
    Select the
    [x]Delete on reboot option.

    Copy and paste the line below in the field labeled "Full path of file to delete"
    C:\Windows\system32\TGBRFV_5.dll
    Then press the button that looks like a red circle with a white X in it.
    When it asks if you would like to Reboot now, press the NO button.
    Copy and paste the line below in the field labeled "Full path of file to delete"
    C:\WINDOWS\System32\TGBRFV_.exe
    Then press the button that looks like a red circle with a white X in it.
    When it asks if you would like to Reboot now, press the YES button.
    Your computer will reboot.

    Lets us know what hapens
     
  19. 2004/11/05
    ugostar

    ugostar Inactive Thread Starter

    Joined:
    2003/03/01
    Messages:
    98
    Likes Received:
    0
    Hi Lonney Thanks for being persistant
    OK We have fopund the problem but cant get rid of it
    Let me just double check my killbox because that does not seem to be able to get rid of it.

    I have it in My Documents its icon is a red circle with white cross its size is 116KB when I open it I get a little box comes up called pocket killbox the one thing I am not sure about is the bottom right hand corner there is a drop box in the box it says (system Process) I am not sure if that is supposed to be set on something else dsoes my killbox sound correct.
    I also did another escan antivirus and got that same tgbrfv but it comes up twice in the virus log infomation window

    Thank You
     
  20. 2004/11/05
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Killbox's (system Process) < thats to stop a proccess, dont use it unless we suggest it, no need to, the other option i had you use once, "end explorer shell while killing a file" if i remember correctly but it didnt work as planned.

    By the way im seeing problems with this nastie all over the net. Huytam the one you had at first is relativly new. the writers must have improved the other one to,, Stick with us we will get the PC clean
    Just to be sure , justin does have all user rights on the PC ?

    I "ll be back later, off to go inverstigate
     
  21. 2004/11/06
    ugostar

    ugostar Inactive Thread Starter

    Joined:
    2003/03/01
    Messages:
    98
    Likes Received:
    0
    yes Justin has all user rights
     
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.