Spoolsv.exe & CPU Mem

Computing.Net > Forums > Security and Virus > Spoolsv.exe & CPU Mem

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Spoolsv.exe & CPU Mem

Name: RainMan
Date: October 20, 2007 at 01:53:12 Pacific
OS: XP
CPU/Ram: P4/3.06GHz 512 MB Ram
Product: Assembled

Comment:

Hello all,
My system started to be very slow since a couple of weeks or more, I tried to check everything; ran a whole system scan using Symantec Antivirus. Nothing was found.
I noticed that “Spoolsv.exe” is always taking 49-50 from the CPU usage regardless of the software running.
Please I need help to solve this. Any guidance or suggestions will be appreciated.
Thanks in advance.
RainMan

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: October 20, 2007 at 04:44:00 Pacific

Reply:

Please download and install the latest version of HijackThis v2.0.2:
Download the HijackThis Installer from this link: HijackThis
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Response Number 2

Name: RainMan
Date: October 20, 2007 at 14:34:13 Pacific

Reply:

Thanks for replying Jabuck,
Here's the log from Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31:13, on 21/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Symantec AntiVirus\DefWatch.exe
g:\Program Files\ewido anti-spyware 4.0\guard.exe
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Symantec AntiVirus\Rtvscan.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.exe
E:\WINDOWS\RTHDCPL.exe
E:\WINDOWS\system32\RUNDLL32.exe
E:\WINDOWS\wt\updater\wcmdmgr.exe
E:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xa\msnappau.exe
E:\Program Files\ICQLite\ICQLite.exe
E:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\PROGRA~1\SYMANT~1\VPTray.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\ewido anti-spyware 4.0\ewido.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
E:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
E:\Program Files\MSN Messenger\usnsvc.exe
G:\Program Files\VideoLAN\VLC\vlc.exe
E:\Program Files\Mozilla Firefox\firefox.exe
g:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\WINDOWS\system32\NOTEPAD.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.co...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - E:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-xa\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-xa\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - E:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [wcmdmgr] E:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [diagnostics] "E:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en
O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xa\msnappau.exe"
O4 - HKLM\..\Run: [ICQ Lite] "E:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] E:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=102107 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!ewido] "G:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LowRateVoip] "G:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: VirtualExpander.lnk = E:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F777BFB0-2595-4F8D-8032-A3A519209F36}: NameServer = 212.77.199.203 212.77.192.59
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: {93ac7c30-3878-4eaa-9420-7977285df5b1} - cinnamomum - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - E:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - g:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GoogleDesktopManager - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - E:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: McDetect.exe - MagicISO, Inc. - (no file)
O23 - Service: McTskshd.exe - MagicISO, Inc. - (no file)
O23 - Service: mcupdmgr.exe - MagicISO, Inc. - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - E:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - E:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - E:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 12851 bytes

RainMan

Response Number 3

Name: RainMan
Date: October 20, 2007 at 14:45:59 Pacific

Reply:

Hello again Jabuck,
Here's the Smitfraudfix log,
SmitFraudFix v2.240
Scan done at 0:39:42.93, 21/10/2007
Run from J:\Old PC All\General Softwares\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Symantec AntiVirus\DefWatch.exe
g:\Program Files\ewido anti-spyware 4.0\guard.exe
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Symantec AntiVirus\Rtvscan.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.exe
E:\WINDOWS\RTHDCPL.exe
E:\WINDOWS\system32\RUNDLL32.exe
E:\WINDOWS\wt\updater\wcmdmgr.exe
E:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xa\msnappau.exe
E:\Program Files\ICQLite\ICQLite.exe
E:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\PROGRA~1\SYMANT~1\VPTray.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\ewido anti-spyware 4.0\ewido.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
E:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
E:\Program Files\MSN Messenger\usnsvc.exe
G:\Program Files\VideoLAN\VLC\vlc.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» E:\

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Administration

»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Administration\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\ADMINI~1\FAVORI~1
E:\DOCUME~1\ADMINI~1\FAVORI~1\Antivirus Test Online.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="E:\\PROGRA~1\\Google\\GOOGLE~3\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 212.77.199.203
DNS Server Search Order: 212.77.192.59
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F777BFB0-2595-4F8D-8032-A3A519209F36}: NameServer=212.77.199.203 212.77.192.59
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F777BFB0-2595-4F8D-8032-A3A519209F36}: NameServer=212.77.199.203 212.77.192.59

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Thanks for your help
RainMan

Response Number 4

Name: jabuck
Date: October 20, 2007 at 14:51:43 Pacific

Reply:

Hello RainMan
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the "SmitfraudFix" folder again and double-click "smitfraudfix.cmd"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing " Y " and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if "wininet.dll " is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing "Y" and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Response Number 5

Name: RainMan
Date: October 20, 2007 at 16:37:52 Pacific

Reply:

I've done the steps, here's the log
Thanks
SmitFraudFix v2.240
Scan done at 2:23:47.25, 21/10/2007
Run from J:\Old PC All\General Softwares\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
E:\DOCUME~1\ADMINI~1\FAVORI~1\Antivirus Test Online.url Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F777BFB0-2595-4F8D-8032-A3A519209F36}: NameServer=212.77.199.203 212.77.192.59
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F777BFB0-2595-4F8D-8032-A3A519209F36}: NameServer=212.77.199.203 212.77.192.59

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
RainMan

oracle notification service wmiapsrv.exe event 8032	enable wmi enrollment CERTIFICAT EXCHANGE rdpclip.exe + CPU
See More

Response Number 6

Name: RainMan
Date: October 20, 2007 at 16:47:28 Pacific

Reply:

Please find the log below,
ComboFix 07-10-20.6 - Administration 2007-10-21 2:41:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.99 [GMT 3:00]
Running from: J:\Old PC All\General Softwares\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Documents and Settings\All Users\Documents\_desktop.ini
E:\Documents and Settings\All Users\Documents\My Music\_desktop.ini
E:\Documents and Settings\All Users\Documents\My Music\Desktop_.ini
E:\Documents and Settings\All Users\Documents\My Music\My Playlists\_desktop.ini
E:\Documents and Settings\All Users\Documents\My Music\My Playlists\Desktop_.ini
E:\Documents and Settings\All Users\Documents\My Music\Sample Music\_desktop.ini
E:\Documents and Settings\All Users\Documents\My Music\Sample Music\Desktop_.ini
E:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\_desktop.ini
E:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\[u]0[/u]00AFCDD\_desktop.ini
E:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\[u]0[/u]00AFCDD\Desktop_.ini
E:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\Desktop_.ini
E:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\_desktop.ini
E:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\16B78E3A\_desktop.ini
E:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\16B78E3A\Desktop_.ini
E:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\Desktop_.ini
E:\Documents and Settings\All Users\Documents\My Pictures\_desktop.ini
E:\Documents and Settings\All Users\Documents\My Pictures\Desktop_.ini
E:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\_desktop.ini
E:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Desktop_.ini
E:\Documents and Settings\All Users\Documents\My Videos\_desktop.ini
E:\Documents and Settings\All Users\Documents\My Videos\Desktop_.ini
E:\Documents and Settings\All Users\Documents\New Folder\_desktop.ini
E:\Documents and Settings\All Users\Documents\New Folder\Desktop_.ini
E:\Documents and Settings\Ra'ed\Desktop\internet.lnk
E:\WINDOWS\system32\components
.
((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))
.
2007-10-21 02:40 51,200 --a------ E:\WINDOWS\NirCmd.exe
2007-10-21 00:40 4,324 --a------ E:\WINDOWS\system32\tmp.reg
2007-10-21 00:38 289,144 --a------ E:\WINDOWS\system32\VCCLSID.exe
2007-10-21 00:38 288,417 --a------ E:\WINDOWS\system32\SrchSTS.exe
2007-10-21 00:38 53,248 --a------ E:\WINDOWS\system32\Process.exe
2007-10-21 00:38 51,200 --a------ E:\WINDOWS\system32\dumphive.exe
2007-10-21 00:38 25,600 --a------ E:\WINDOWS\system32\WS2Fix.exe
2007-10-16 00:08 224 --a------ E:\Documents and Settings\Administration\config.dat
2007-10-15 23:40 <DIR> d-------- E:\Documents and Settings\Administration\Application Data\PCF-VLC
2007-10-14 08:20 12,800 --a------ E:\WINDOWS\system32\WING32.DLL
2007-10-12 20:29 <DIR> d-------- E:\Program Files\Nodtronics
2007-10-08 21:44 92,544 --a------ E:\WINDOWS\system32\drivers\mcdbus.sys
2007-10-02 11:22 0 --a------ E:\WINDOWS\PowerReg.dat
2007-10-02 02:33 685,816 --a------ E:\WINDOWS\system32\drivers\sptd.sys
2007-09-27 20:49 <DIR> d-------- E:\Documents and Settings\Administration\Application Data\LowRateVoip
2007-09-22 14:28 <DIR> d-------- E:\Documents and Settings\Administration\Application Data\COWON
2007-09-22 14:19 <DIR> d-------- E:\Program Files\Common Files\COWON
2007-09-22 13:23 60,416 --a------ E:\WINDOWS\sxstall2.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-20 23:28 --------- d-----w E:\Program Files\Symantec AntiVirus
2007-10-20 00:32 --------- d-----w E:\Program Files\Java
2007-10-19 22:28 --------- d-----w E:\Documents and Settings\Ra'ed\Application Data\Skype
2007-10-16 15:22 --------- d-----w E:\Documents and Settings\All Users\Application Data\Knowledge Adventure
2007-10-15 23:51 --------- d--h--w E:\Program Files\InstallShield Installation Information
2007-10-15 23:51 --------- d-----w E:\Program Files\Disney Interactive
2007-10-15 20:41 --------- d-----w E:\Program Files\Picasa2
2007-10-06 04:52 --------- d-----w E:\Documents and Settings\Administration\Application Data\Skype
2007-09-23 14:57 --------- d-----w E:\Program Files\Windows Live Safety Center
2007-09-18 07:19 --------- d-----w E:\Program Files\Knowledge Adventure
2007-09-17 18:51 --------- d-----w E:\Program Files\Apple Software Update
2007-09-10 17:42 --------- d-----w E:\Program Files\Common Files\Apple
2007-09-10 17:42 --------- d-----w E:\Documents and Settings\All Users\Application Data\Apple
2007-09-06 16:29 --------- d-----w E:\Documents and Settings\Administration\Application Data\Participatory Culture Foundation
2007-09-06 11:53 --------- d-----w E:\Documents and Settings\Ra'ed\Application Data\Corel
2007-08-21 06:15 683,520 ----a-w E:\WINDOWS\system32\inetcomm.dll
2007-07-30 16:19 92,504 ----a-w E:\WINDOWS\system32\cdm.dll
2007-07-30 16:19 549,720 ----a-w E:\WINDOWS\system32\wuapi.dll
2007-07-30 16:19 53,080 ----a-w E:\WINDOWS\system32\wuauclt.exe
2007-07-30 16:19 43,352 ----a-w E:\WINDOWS\system32\wups2.dll
2007-07-30 16:19 325,976 ----a-w E:\WINDOWS\system32\wucltui.dll
2007-07-30 16:19 203,096 ----a-w E:\WINDOWS\system32\wuweb.dll
2007-07-30 16:19 1,712,984 ----a-w E:\WINDOWS\system32\wuaueng.dll
2007-07-30 16:18 33,624 ----a-w E:\WINDOWS\system32\wups.dll
2007-02-12 11:51 32 -c--a-r E:\Documents and Settings\Administration\hash.dat
2007-02-12 10:36 32 -c--a-r E:\Documents and Settings\Ra'ed\hash.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="E:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 E:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-05 03:28 E:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2006-01-17 05:22]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2006-01-17 05:22]
"wcmdmgr"="E:\WINDOWS\wt\updater\wcmdmgrl.exe" [2002-05-07 19:45]
"diagnostics"="E:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" [2007-02-07 21:19]
"msnappau"="E:\Program Files\MSN Apps\Updater\[u]0[/u]1.02.3000.1001\en-xa\msnappau.exe" [2004-08-13 17:41]
"ICQ Lite"="E:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 13:06]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ccApp"="E:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14]
"vptray"="E:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-19 10:11]
"Device Detector"="DevDetect.exe" []
"CorelDRAW Graphics Suite 11b"="E:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39]
"QuickTime Task"="G:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"!ewido"="G:\Program Files\ewido anti-spyware 4.0\ewido.exe" [2006-06-16 17:39]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2002-12-31 15:00]
"PcSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" []
"msnmsgr"="E:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 12:49]
"LowRateVoip"="G:\Program Files\LowRateVoip\LowRateVoip.exe" [2007-04-12 15:39]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=E:\Program Files\ICQLite\ICQLite.exe -trayboot
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Documents and Settings\Administration\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-10-02 11:23:11]
VirtualExpander.lnk - E:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [2006-06-22 09:53:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=E:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
R0 snapman;Acronis Snapshots Manager;E:\WINDOWS\system32\DRIVERS\snapman.sys
R1 oreans32;oreans32;\??\E:\WINDOWS\system32\drivers\oreans32.sys
R3 ST330;ST330;E:\WINDOWS\system32\drivers\st330.sys
R3 STBUS;STBUS;E:\WINDOWS\system32\drivers\stbus.sys
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;E:\WINDOWS\system32\DRIVERS\steth.sys
S3 Fadpu16E;Fadpu16E;\??\E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Fadpu16E.sys
S3 jswmidin;jswmidin;\??\E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jswmidin.sys
S3 PciCon;PciCon;\??\L:\PciCon.sys
S3 SNCP106;PC Camera (6009 CIF);E:\WINDOWS\system32\DRIVERS\sncp106.sys
S3 stppp;Speedtouch PPP Adapter Adapter;E:\WINDOWS\system32\DRIVERS\stppp.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f7df6ca-01bb-11db-a76d-001320a96697}]
AutoRun\command - setupSNK.exe
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C060D52F-8801-BA73-13B9-4C92B499D543}]
E:\WINDOWS\system32\svchost64.exe s
.
Contents of the 'Scheduled Tasks' folder
"2007-10-18 18:39:02 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-21 02:44:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-21 2:45:59
.
--- E O F ---
Thanks
RainMan

Response Number 7

Name: jabuck
Date: October 20, 2007 at 19:37:58 Pacific

Reply:

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop from the following link.
Sophos-Anti-Rootkit
You will need to enter your name, e-mail address and location in order to access the download page.
Once you have downloaded the file, double click the sarsfx icon
Review the licence agreement and click on the Accept button
The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui.
Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
Allow the program to scan your computer - please be patient as it may take some time
Once the scan has completed a window will pop-up with the results of the scan - click OK to this.
In the main window, you will see each of the entries found by the scan (if any)
If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review.
Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you.
If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
To clean up these entries click on the Clean up checked items button.
If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so.
Post a new Combofix log please.

Response Number 8

Name: RainMan
Date: October 21, 2007 at 06:40:03 Pacific

Reply:

Hello again,
this is thresult of the scan
Warning: Error parsing raw registry hive SECURITY. Registry scan may not be supported on this version of Windows.
Warning: Unable to load raw registry hive SECURITY. Registry scan may not be supported on this version of Windows.
Area: Local hard drives
Description: Unknown hidden file
Location: G:\Program Files\ewido anti-spyware 4.0\upd9A.tmp
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

RainMan

Response Number 9

Name: jabuck
Date: October 21, 2007 at 09:06:01 Pacific

Reply:

Sophos does not give a lot of info.
Please post a new Combofix log.

Response Number 10

Name: RainMan
Date: October 21, 2007 at 09:55:46 Pacific

Reply:

Here's the Combofix log file,
ComboFix 07-10-20.6 - Administration 2007-10-21 19:50:08.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.151 [GMT 3:00]
Running from: J:\Old PC All\General Softwares\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 )))))))))))))))))))))))))))))))
.
2007-10-21 16:26 <DIR> d-------- E:\Program Files\Sophos
2007-10-21 02:40 51,200 --a------ E:\WINDOWS\NirCmd.exe
2007-10-21 00:40 4,324 --a------ E:\WINDOWS\system32\tmp.reg
2007-10-21 00:38 289,144 --a------ E:\WINDOWS\system32\VCCLSID.exe
2007-10-21 00:38 288,417 --a------ E:\WINDOWS\system32\SrchSTS.exe
2007-10-21 00:38 53,248 --a------ E:\WINDOWS\system32\Process.exe
2007-10-21 00:38 51,200 --a------ E:\WINDOWS\system32\dumphive.exe
2007-10-21 00:38 25,600 --a------ E:\WINDOWS\system32\WS2Fix.exe
2007-10-16 00:08 224 --a------ E:\Documents and Settings\Administration\config.dat
2007-10-15 23:40 <DIR> d-------- E:\Documents and Settings\Administration\Application Data\PCF-VLC
2007-10-14 08:20 12,800 --a------ E:\WINDOWS\system32\WING32.DLL
2007-10-12 20:29 <DIR> d-------- E:\Program Files\Nodtronics
2007-10-08 21:44 92,544 --a------ E:\WINDOWS\system32\drivers\mcdbus.sys
2007-10-02 11:22 0 --a------ E:\WINDOWS\PowerReg.dat
2007-10-02 02:33 685,816 --a------ E:\WINDOWS\system32\drivers\sptd.sys
2007-09-27 20:49 <DIR> d-------- E:\Documents and Settings\Administration\Application Data\LowRateVoip
2007-09-22 14:28 <DIR> d-------- E:\Documents and Settings\Administration\Application Data\COWON
2007-09-22 14:19 <DIR> d-------- E:\Program Files\Common Files\COWON
2007-09-22 13:23 60,416 --a------ E:\WINDOWS\sxstall2.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-20 23:28 --------- d-----w E:\Program Files\Symantec AntiVirus
2007-10-20 00:32 --------- d-----w E:\Program Files\Java
2007-10-19 22:28 --------- d-----w E:\Documents and Settings\Ra'ed\Application Data\Skype
2007-10-16 15:22 --------- d-----w E:\Documents and Settings\All Users\Application Data\Knowledge Adventure
2007-10-15 23:51 --------- d--h--w E:\Program Files\InstallShield Installation Information
2007-10-15 23:51 --------- d-----w E:\Program Files\Disney Interactive
2007-10-15 20:41 --------- d-----w E:\Program Files\Picasa2
2007-10-06 04:52 --------- d-----w E:\Documents and Settings\Administration\Application Data\Skype
2007-09-23 14:57 --------- d-----w E:\Program Files\Windows Live Safety Center
2007-09-18 07:19 --------- d-----w E:\Program Files\Knowledge Adventure
2007-09-17 18:51 --------- d-----w E:\Program Files\Apple Software Update
2007-09-10 17:42 --------- d-----w E:\Program Files\Common Files\Apple
2007-09-10 17:42 --------- d-----w E:\Documents and Settings\All Users\Application Data\Apple
2007-09-06 16:29 --------- d-----w E:\Documents and Settings\Administration\Application Data\Participatory Culture Foundation
2007-09-06 11:53 --------- d-----w E:\Documents and Settings\Ra'ed\Application Data\Corel
2007-08-21 06:15 683,520 ----a-w E:\WINDOWS\system32\inetcomm.dll
2007-07-30 16:19 92,504 ----a-w E:\WINDOWS\system32\cdm.dll
2007-07-30 16:19 549,720 ----a-w E:\WINDOWS\system32\wuapi.dll
2007-07-30 16:19 53,080 ----a-w E:\WINDOWS\system32\wuauclt.exe
2007-07-30 16:19 43,352 ----a-w E:\WINDOWS\system32\wups2.dll
2007-07-30 16:19 325,976 ----a-w E:\WINDOWS\system32\wucltui.dll
2007-07-30 16:19 203,096 ----a-w E:\WINDOWS\system32\wuweb.dll
2007-07-30 16:19 1,712,984 ----a-w E:\WINDOWS\system32\wuaueng.dll
2007-07-30 16:18 33,624 ----a-w E:\WINDOWS\system32\wups.dll
2007-02-12 11:51 32 -c--a-r E:\Documents and Settings\Administration\hash.dat
2007-02-12 10:36 32 -c--a-r E:\Documents and Settings\Ra'ed\hash.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="E:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 E:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-05 03:28 E:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2006-01-17 05:22]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2006-01-17 05:22]
"wcmdmgr"="E:\WINDOWS\wt\updater\wcmdmgrl.exe" [2002-05-07 19:45]
"diagnostics"="E:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" [2007-02-07 21:19]
"msnappau"="E:\Program Files\MSN Apps\Updater\[u]0[/u]1.02.3000.1001\en-xa\msnappau.exe" [2004-08-13 17:41]
"ICQ Lite"="E:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 13:06]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ccApp"="E:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14]
"vptray"="E:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-19 10:11]
"Device Detector"="DevDetect.exe" []
"CorelDRAW Graphics Suite 11b"="E:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39]
"QuickTime Task"="G:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"!ewido"="G:\Program Files\ewido anti-spyware 4.0\ewido.exe" [2006-06-16 17:39]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2002-12-31 15:00]
"PcSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" []
"msnmsgr"="E:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 12:49]
"LowRateVoip"="G:\Program Files\LowRateVoip\LowRateVoip.exe" [2007-04-12 15:39]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=E:\Program Files\ICQLite\ICQLite.exe -trayboot
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Documents and Settings\Administration\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-10-02 11:23:11]
VirtualExpander.lnk - E:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [2006-06-22 09:53:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=E:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
R0 snapman;Acronis Snapshots Manager;E:\WINDOWS\system32\DRIVERS\snapman.sys
R1 oreans32;oreans32;\??\E:\WINDOWS\system32\drivers\oreans32.sys
R3 MEMSWEEP2;MEMSWEEP2;\??\E:\WINDOWS\system32\99.tmp
R3 ST330;ST330;E:\WINDOWS\system32\drivers\st330.sys
R3 STBUS;STBUS;E:\WINDOWS\system32\drivers\stbus.sys
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;E:\WINDOWS\system32\DRIVERS\steth.sys
S3 Fadpu16E;Fadpu16E;\??\E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Fadpu16E.sys
S3 jswmidin;jswmidin;\??\E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jswmidin.sys
S3 PciCon;PciCon;\??\L:\PciCon.sys
S3 SNCP106;PC Camera (6009 CIF);E:\WINDOWS\system32\DRIVERS\sncp106.sys
S3 stppp;Speedtouch PPP Adapter Adapter;E:\WINDOWS\system32\DRIVERS\stppp.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f7df6ca-01bb-11db-a76d-001320a96697}]
AutoRun\command - setupSNK.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - MEMSWEEP2
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C060D52F-8801-BA73-13B9-4C92B499D543}]
E:\WINDOWS\system32\svchost64.exe s
.
Contents of the 'Scheduled Tasks' folder
"2007-10-18 18:39:02 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-21 19:53:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-21 19:54:35
E:\ComboFix2.txt ... 2007-10-21 02:46
.
--- E O F ---
Thanks
RainMan

Response Number 11

Name: jabuck
Date: October 21, 2007 at 11:01:35 Pacific

Reply:

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Open notepad (Start Menu > Run > Type notepad and press "ok".
Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f7df6ca-01bb-11db-a76d-001320a96697}]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.
Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.
Post a new Hijack This log and a new Combofix log please.

Response Number 12

Name: RainMan
Date: October 21, 2007 at 17:16:29 Pacific

Reply:

Hello again,
after doing the last step and while restarting norma, an error happened in ewido, anyway, heres' the Hijackthis log file.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:05:58, on 22/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Symantec AntiVirus\DefWatch.exe
g:\Program Files\ewido anti-spyware 4.0\guard.exe
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Symantec AntiVirus\Rtvscan.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.exe
E:\WINDOWS\RTHDCPL.exe
E:\WINDOWS\system32\RUNDLL32.exe
E:\WINDOWS\wt\updater\wcmdmgr.exe
E:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xa\msnappau.exe
E:\Program Files\ICQLite\ICQLite.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\PROGRA~1\SYMANT~1\VPTray.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
G:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
G:\Program Files\LowRateVoip\LowRateVoip.exe
E:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\NOTEPAD.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - E:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-xa\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-xa\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - E:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [wcmdmgr] E:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [diagnostics] "E:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en
O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xa\msnappau.exe"
O4 - HKLM\..\Run: [ICQ Lite] "E:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] E:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=110507 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "G:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LowRateVoip] "G:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: VirtualExpander.lnk = E:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F777BFB0-2595-4F8D-8032-A3A519209F36}: NameServer = 212.77.199.203 212.77.192.59
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - E:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - g:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GoogleDesktopManager - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - E:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: McDetect.exe - MagicISO, Inc. - (no file)
O23 - Service: McTskshd.exe - MagicISO, Inc. - (no file)
O23 - Service: mcupdmgr.exe - MagicISO, Inc. - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - E:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - E:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - E:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 12115 bytes

Here's the Combofix log
ComboFix 07-10-20.6 - Administration 2007-10-22 3:09:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.72 [GMT 3:00]
Running from: J:\Old PC All\General Softwares\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 )))))))))))))))))))))))))))))))
.
2007-10-21 16:26 <DIR> d-------- E:\Program Files\Sophos
2007-10-21 02:40 51,200 --a------ E:\WINDOWS\NirCmd.exe
2007-10-21 00:40 4,324 --a------ E:\WINDOWS\system32\tmp.reg
2007-10-21 00:38 289,144 --a------ E:\WINDOWS\system32\VCCLSID.exe
2007-10-21 00:38 288,417 --a------ E:\WINDOWS\system32\SrchSTS.exe
2007-10-21 00:38 53,248 --a------ E:\WINDOWS\system32\Process.exe
2007-10-21 00:38 51,200 --a------ E:\WINDOWS\system32\dumphive.exe
2007-10-21 00:38 25,600 --a------ E:\WINDOWS\system32\WS2Fix.exe
2007-10-16 00:08 224 --a------ E:\Documents and Settings\Administration\config.dat
2007-10-15 23:40 <DIR> d-------- E:\Documents and Settings\Administration\Application Data\PCF-VLC
2007-10-14 08:20 12,800 --a------ E:\WINDOWS\system32\WING32.DLL
2007-10-12 20:29 <DIR> d-------- E:\Program Files\Nodtronics
2007-10-08 21:44 92,544 --a------ E:\WINDOWS\system32\drivers\mcdbus.sys
2007-10-02 11:22 0 --a------ E:\WINDOWS\PowerReg.dat
2007-10-02 02:33 685,816 --a------ E:\WINDOWS\system32\drivers\sptd.sys
2007-09-27 20:49 <DIR> d-------- E:\Documents and Settings\Administration\Application Data\LowRateVoip
2007-09-22 14:28 <DIR> d-------- E:\Documents and Settings\Administration\Application Data\COWON
2007-09-22 14:19 <DIR> d-------- E:\Program Files\Common Files\COWON
2007-09-22 13:23 60,416 --a------ E:\WINDOWS\sxstall2.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 23:40 --------- d-----w E:\Program Files\Symantec AntiVirus
2007-10-20 00:32 --------- d-----w E:\Program Files\Java
2007-10-19 22:28 --------- d-----w E:\Documents and Settings\Ra'ed\Application Data\Skype
2007-10-16 15:22 --------- d-----w E:\Documents and Settings\All Users\Application Data\Knowledge Adventure
2007-10-15 23:51 --------- d--h--w E:\Program Files\InstallShield Installation Information
2007-10-15 23:51 --------- d-----w E:\Program Files\Disney Interactive
2007-10-15 20:41 --------- d-----w E:\Program Files\Picasa2
2007-10-06 04:52 --------- d-----w E:\Documents and Settings\Administration\Application Data\Skype
2007-09-23 14:57 --------- d-----w E:\Program Files\Windows Live Safety Center
2007-09-18 07:19 --------- d-----w E:\Program Files\Knowledge Adventure
2007-09-17 18:51 --------- d-----w E:\Program Files\Apple Software Update
2007-09-10 17:42 --------- d-----w E:\Program Files\Common Files\Apple
2007-09-10 17:42 --------- d-----w E:\Documents and Settings\All Users\Application Data\Apple
2007-09-06 16:29 --------- d-----w E:\Documents and Settings\Administration\Application Data\Participatory Culture Foundation
2007-09-06 11:53 --------- d-----w E:\Documents and Settings\Ra'ed\Application Data\Corel
2007-08-21 06:15 683,520 ----a-w E:\WINDOWS\system32\inetcomm.dll
2007-07-30 16:19 92,504 ----a-w E:\WINDOWS\system32\cdm.dll
2007-07-30 16:19 549,720 ----a-w E:\WINDOWS\system32\wuapi.dll
2007-07-30 16:19 53,080 ----a-w E:\WINDOWS\system32\wuauclt.exe
2007-07-30 16:19 43,352 ----a-w E:\WINDOWS\system32\wups2.dll
2007-07-30 16:19 325,976 ----a-w E:\WINDOWS\system32\wucltui.dll
2007-07-30 16:19 203,096 ----a-w E:\WINDOWS\system32\wuweb.dll
2007-07-30 16:19 1,712,984 ----a-w E:\WINDOWS\system32\wuaueng.dll
2007-07-30 16:18 33,624 ----a-w E:\WINDOWS\system32\wups.dll
2007-02-12 11:51 32 -c--a-r E:\Documents and Settings\Administration\hash.dat
2007-02-12 10:36 32 -c--a-r E:\Documents and Settings\Ra'ed\hash.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="E:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 E:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-05 03:28 E:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2006-01-17 05:22]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2006-01-17 05:22]
"wcmdmgr"="E:\WINDOWS\wt\updater\wcmdmgrl.exe" [2002-05-07 19:45]
"diagnostics"="E:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" [2007-02-07 21:19]
"msnappau"="E:\Program Files\MSN Apps\Updater\[u]0[/u]1.02.3000.1001\en-xa\msnappau.exe" [2004-08-13 17:41]
"ICQ Lite"="E:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 13:06]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ccApp"="E:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14]
"vptray"="E:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-19 10:11]
"Device Detector"="DevDetect.exe" []
"CorelDRAW Graphics Suite 11b"="E:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39]
"QuickTime Task"="G:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"!ewido"="G:\Program Files\ewido anti-spyware 4.0\ewido.exe" [2006-06-16 17:39]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2002-12-31 15:00]
"PcSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" []
"msnmsgr"="E:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 12:49]
"LowRateVoip"="G:\Program Files\LowRateVoip\LowRateVoip.exe" [2007-04-12 15:39]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=E:\Program Files\ICQLite\ICQLite.exe -trayboot
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Documents and Settings\Administration\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-10-02 11:23:11]
VirtualExpander.lnk - E:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe [2006-06-22 09:53:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=E:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
R0 snapman;Acronis Snapshots Manager;E:\WINDOWS\system32\DRIVERS\snapman.sys
R1 oreans32;oreans32;\??\E:\WINDOWS\system32\drivers\oreans32.sys
R3 ST330;ST330;E:\WINDOWS\system32\drivers\st330.sys
R3 STBUS;STBUS;E:\WINDOWS\system32\drivers\stbus.sys
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;E:\WINDOWS\system32\DRIVERS\steth.sys
S3 Fadpu16E;Fadpu16E;\??\E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Fadpu16E.sys
S3 jswmidin;jswmidin;\??\E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jswmidin.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\E:\WINDOWS\system32\99.tmp
S3 PciCon;PciCon;\??\L:\PciCon.sys
S3 SNCP106;PC Camera (6009 CIF);E:\WINDOWS\system32\DRIVERS\sncp106.sys
S3 stppp;Speedtouch PPP Adapter Adapter;E:\WINDOWS\system32\DRIVERS\stppp.sys

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C060D52F-8801-BA73-13B9-4C92B499D543}]
E:\WINDOWS\system32\svchost64.exe s
.
Contents of the 'Scheduled Tasks' folder
"2007-10-18 18:39:02 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-22 03:12:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-22 3:14:07
E:\ComboFix2.txt ... 2007-10-21 19:54
E:\ComboFix3.txt ... 2007-10-21 02:46
.
--- E O F ---
Thanks
RainMan

Response Number 13

Name: jabuck
Date: October 21, 2007 at 17:53:35 Pacific

Reply:

Please download http://www.bleepingcomputer.com/files/getservices.php then follow the instructions at the link and post the list of services in you next post.

Response Number 14

Name: RainMan
Date: October 22, 2007 at 12:36:58 Pacific

Reply:

Hello Jabuck,
I don't know if I got this right. Anyway, here's what I think is the list you asked.

PsService v1.1 - local and remote services viewer/controller
Copyright (C) 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com
SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerter
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\LocalService
SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService
SERVICE_NAME: Apple Mobile Device
Provides the interface to Apple mobile devices.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Apple Mobile Device
DEPENDENCIES : Tcpip
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Management
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: BITS
Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Computer Browser
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: ccEvtMgr
Event propagation and logging service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
LOAD_ORDER_GROUP : Symantec Core Services
TAG : 0
DISPLAY_NAME : Symantec Event Manager
DEPENDENCIES : RPCSS
: ccSetMgr
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: ccSetMgr
Settings storage and management service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
LOAD_ORDER_GROUP : Symantec Core Services
TAG : 0
DISPLAY_NAME : Symantec Settings Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: CiSvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Indexing Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : COM+ System Application
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 30 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
: Restart DELAY: 5000 seconds
: None DELAY: 1000 seconds
SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cryptographic Services
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: DcomLaunch
Provides launch functionality for DCOM services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost -k DcomLaunch
LOAD_ORDER_GROUP : Event Log
TAG : 0
DISPLAY_NAME : DCOM Server Process Launcher
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds
SERVICE_NAME: DefWatch
Monitors and maintains virus definitions.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "E:\Program Files\Symantec AntiVirus\DefWatch.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Symantec AntiVirus Definition Watcher
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager Administrative Service
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME: NT AUTHORITY\NetworkService
SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: ewido anti-spyware 4.0 guard
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : g:\Program Files\ewido anti-spyware 4.0\guard.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ewido anti-spyware 4.0 guard
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: GoogleDesktopManager
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : GoogleDesktopManager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: gusvc
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Google Updater Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 900000 seconds
: Restart DELAY: 900000 seconds
: None DELAY: 0 seconds
SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds
SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Human Interface Device Access
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: HTTPFilter
This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k HTTPFilter
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HTTP SSL
DEPENDENCIES : HTTP
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: IDriverT
Provides support for the Running Object Table for InstallShield Drivers
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : InstallDriver Table Manager
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\imapi.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IMAPI CD-Burning COM Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: InCDsrv
Helper service for the InCD filesystem driver
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\Program Files\Ahead\InCD\InCDsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : InCD File System Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: iPod Service
iPod hardware management services
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "E:\Program Files\iPod\bin\iPodService.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : iPod Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: LiveUpdate
LiveUpdate Core Engine
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : LiveUpdate
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: NT AUTHORITY\LocalService
SERVICE_NAME: McDetect.exe
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME :
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : McDetect.exe
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: McTskshd.exe
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME :
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : McTskshd.exe
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: mcupdmgr.exe
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME :
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : mcupdmgr.exe
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: MDM
Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Machine Debug Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: PlugPlay
: RpcSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetMeeting Remote Desktop Sharing
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 0
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: NT AUTHORITY\NetworkService
SERVICE_NAME: MSIServer
Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\msiexec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Network DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Network DDE DSDM
: etwork DDE
: workService
: Distributed Transaction Coordinator
: x—
: r
: ager
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Net Logon
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: NtmsSvc
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Removable Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: NVSvc
Provides system and desktop level support to the NVIDIA display driver
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\nvsvc32.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NVIDIA Display Driver Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: ose
Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Office Source Engine
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Pml Driver HPZ12
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\HPZipm12.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Pml Driver HPZ12
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Auto Connection Manager
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: RasMan
Creates a network connection.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\sessmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Desktop Help Session Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing and Remote Access
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: RemoteRegistry
Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Registry
DEPENDENCIES : RPCSS
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
SERVICE_NAME: RpcLocator
Manages the RPC name service database.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\NetworkService
SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\NetworkService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds
SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\rsvp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
: RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SamSs
Stores security information for local user accounts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SavRoam
Symantec AntiVirus Roaming Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "E:\Program Files\Symantec AntiVirus\SavRoam.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SAVRoam
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : E:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP : SmartCardGroup
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: NT AUTHORITY\LocalService
SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 6000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds
SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secondary Logon
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
DEPENDENCIES : Netman
: WinMgmt
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: ShellHWDetection
Provides notifications for AutoPlay hardware events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SNDSrvc
Symantec Network Drivers Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec Network Drivers Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SPBBCSvc
Symantec SPBBC
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec SPBBCSvc
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Spooler
Loads files to memory for later printing.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds
SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SSDP Discovery Service
DEPENDENCIES : HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService
SERVICE_NAME: st330service
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe -service
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : SpeedTouch 330 Manager
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: StarWindService
Enables network access to local devices via iSCSI protocol.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : StarWind iSCSI Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : E:\WINDOWS\system32\dllhost.exe /Processid:{DB070DD9-F925-4EA0-9104-4E4AF6FA20C9}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MS Software Shadow Copy Provider
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Symantec AntiVirus
Provides real-time virus scanning, reporting, and management functionality for Symantec AntiVirus.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "E:\Program Files\Symantec AntiVirus\Rtvscan.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Symantec AntiVirus
DEPENDENCIES : ccSetMgr
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 10000 seconds
: Restart DELAY: 10000 seconds
: None DELAY: 0 seconds
SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Performance Logs and Alerts
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService
SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost -k DComLaunch
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Themes
Provides user experience theme management.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds
SERVICE_NAME: TlntSvr
Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\tlntsvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telnet
DEPENDENCIES : RPCSS
: TCPIP
: NTLMSSP
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Universal Plug and Play Device Host
DEPENDENCIES : SSDPSRV
: HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds
SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Uninterruptible Power Supply
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService
SERVICE_NAME: usnjsvc
Service installed by Messenger to enable sharing scenarios
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "E:\Program Files\MSN Messenger\usnsvc.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger Sharing Folders USN Journal Reader service
DEPENDENCIES : rpcss
: eventlog
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Volume Shadow Copy
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME: NT AUTHORITY\LocalService
SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Portable Media Serial Number Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: Wmi
Provides systems management information to and from drivers.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation Driver Extensions
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\wbem\wmiapsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : WMI Performance Adapter
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: WMPNetworkSvc
Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "E:\Program Files\Windows Media Player\WMPNetwk.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Media Player Network Sharing Service
DEPENDENCIES : upnphost
: http
: HTTPFilter
SERVICE_START_NAME: NT AUTHORITY\NetworkService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 30000 seconds
: Restart DELAY: 30000 seconds
: None DELAY: 0 seconds
SERVICE_NAME: wscsvc
Monitors system security settings and configurations.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Security Center
DEPENDENCIES : RpcSs
: winmgmt
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: wuauserv
Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: WudfSvc
Manages user-mode driver host processes
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Windows Driver Foundation - User-mode Driver Framework
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 900 seconds
FAILURE_ACTIONS : Restart DELAY: 120000 seconds
: Restart DELAY: 300000 seconds
: None DELAY: 0 seconds
SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME: LocalSystem
SERVICE_NAME: xmlprov
Manages XML configuration files on a domain basis for automatic network provisioning.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : E:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Provisioning Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
RainMan

Response Number 15

Name: jabuck
Date: October 22, 2007 at 14:41:13 Pacific

Reply:

Go to start> control panel> add/remove programs> and uninstall all the java programs except for the new "jre1.6.0_03" version.
Run Hijack This, close all windows and browsers except Hijack This, placea check tot he left of the following items and press "fix checked":
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O23 - Service: McDetect.exe - MagicISO, Inc. - (no file)
O23 - Service: McTskshd.exe - MagicISO, Inc. - (no file)
O23 - Service: mcupdmgr.exe - MagicISO, Inc. - (no file)
Exit Hijack This.
How is the computer operating.

Response Number 16

Name: RainMan
Date: October 22, 2007 at 17:45:07 Pacific

Reply:

Hello,
I made the steps, there was only one program for java other the version 6.
I'm attaching a hijackthis log after doing the "fix checked"
Sorry, but what do you mean by how is the computer operating?"cpu?? you mean.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:41:52, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Symantec AntiVirus\DefWatch.exe
g:\Program Files\ewido anti-spyware 4.0\guard.exe
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Symantec AntiVirus\Rtvscan.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\RTHDCPL.exe
E:\WINDOWS\system32\RUNDLL32.exe
E:\WINDOWS\wt\updater\wcmdmgr.exe
E:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xa\msnappau.exe
E:\Program Files\ICQLite\ICQLite.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\PROGRA~1\SYMANT~1\VPTray.exe
E:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
G:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
G:\Program Files\LowRateVoip\LowRateVoip.exe
E:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\WINDOWS\system32\msiexec.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - E:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-xa\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-xa\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - E:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [wcmdmgr] E:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [diagnostics] "E:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en
O4 - HKLM\..\Run: [msnappau] "E:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-xa\msnappau.exe"
O4 - HKLM\..\Run: [ICQ Lite] "E:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] E:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] E:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=110507 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "G:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LowRateVoip] "G:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: VirtualExpander.lnk = E:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F777BFB0-2595-4F8D-8032-A3A519209F36}: NameServer = 212.77.199.203 212.77.192.59
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - E:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - g:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GoogleDesktopManager - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - E:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: McDetect.exe - MagicISO, Inc. - (no file)
O23 - Service: McTskshd.exe - MagicISO, Inc. - (no file)
O23 - Service: mcupdmgr.exe - MagicISO, Inc. - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - E:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - E:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - E:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 11873 bytes
Thanks again
RainMan

Response Number 17

Name: jabuck
Date: October 22, 2007 at 19:28:57 Pacific

Reply:

Has any of the repairs we have made so far helped in any way resolve the issues you have with the computer?

Response Number 18

Name: RainMan
Date: October 23, 2007 at 11:31:45 Pacific

Reply:

Hello jabuck,
I think las two steps we did were good, anyway, I'll try to check the coming two days if the spoolsv will use a lot or if it will not do it at all.
I'm grateful for your help.
I noticed that you're there for many, You were 2 years back with me with another problem.
Thanks again, I give a feedback

RainMan

Response Number 19

Name: jabuck
Date: October 23, 2007 at 14:01:37 Pacific

Reply:

Just let us know if we can help RainMan, thanks for the follow-up.

Response Number 20

Name: RainMan
Date: October 24, 2007 at 12:37:01 Pacific

Reply:

Jabuck,
Many Many thanks to you, I don't see the spoolsv at the top of my windows Task Manager sucking half of the CPU usage. I guess whatever was the cause, is not there anymore.
Thanks again for you help, and I don't think I can tell you don't hesitate to ask for any help ;). All what I can say that I wish that gifted ppl such as yourself will be there always for ppl such as me who miss up their PCs without even knowing.
See you
RainMan

Response Number 21

Name: RainMan
Date: November 8, 2007 at 08:16:11 Pacific

Reply:

Hello Jabuck,
Sorry to bother you again, but I left my PC for 10 days, and now I have the same problem again with the spoolsv. I ran scans but no use. What I do now is to end process manually.
I appreciate your help.
Thanks
RainMan

Response Number 22

Name: jabuck
Date: November 8, 2007 at 12:03:38 Pacific

Reply:

I believe you have a corrupt file.
Go to Control Panel> Administrative Tools> Services> scroll down to "Print Spooler" and right click it> click stop> apply> ok. Then turn off the printer.
Navigate to C:\WINDOWS\system32\spool\PRINTERS and delete the files in the PRINTER folder (not the PRINTERS folder).
Now turn your printer back.
Then go to Control Panel> Administrative Tools> Services> scroll down to "Print Spooler" and right click it> click start> apply> ok.

Response Number 23

Name: RainMan
Date: November 8, 2007 at 12:45:35 Pacific

Reply:

Jabuck,
Firstly, thanks for responding.
I think that could be a cause; since a couple of months my printer went crazy. It's a hp psc 1110. My PC doesn't recognize it anymore, I tried to uninstall- reinstall. did's help.
Now I went to the Control panel. It's already stopped. It shows start only.
the path in the properties is:
E:\WINDOWS\system32\spoolsv.exe
RainMan

Response Number 24

Name: jabuck
Date: November 10, 2007 at 10:09:04 Pacific

Reply:

Navigate to C:\WINDOWS\system32\spool\PRINTERS and delete the files in the PRINTER folder (not the PRINTERS folder)as they a most likely corrupt.
If you do not intend to you the printer, restart the computer and stop at this point. Let us know if that helped.
If you intend to use the printer continue.
Now turn your printer back.
Then go to Control Panel> Administrative Tools> Services> scroll down to "Print Spooler" and right click it> click start> apply> ok.

Sponsored Link

Ads by Google

Stopping traffic w/vista ...

backdoor: zonebac.D

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Spoolsv.exe & CPU Mem

Spyware and Spoolsv.exe

Summary

www.computing.net/answers/security/spyware-and-spoolsvexe/14588.html

SPOOLSV.EXE a trojan?

Summary

www.computing.net/answers/security/spoolsvexe-a-trojan/7894.html

spoolsv.exe? Trojan? Spyware?

Summary

www.computing.net/answers/security/spoolsvexe-trojan-spyware/14986.html

From the Geek Dictionary
nForce - Nvidia's line of motherboard chipsets....

Ask a Question!

Weekly Poll
Do you believe in Video Game Addiction?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
Pc problem

Problems with Acer Aspire M7200

WPA2 too recent for laptop?

Networking issue

Cannot read drive e

All Awaiting Reply

Tom's News
Queues in Manhattan Form as DROID Launches

Report: $99 iPhone 3GS in Time For the Holidays

Game Boy, Ball Gets Into Toy Hall of Fame

iPhone Developer Stealing Private Info

Nintendo: There is No Wii HD

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE