I am having a problem removing about:blank. Have tried Pest Patrol, Spybot, CWShredder and none have worked. I really need help! Here is my log.

Logfile of HijackThis v1.98.2
Scan saved at 6:31:57 PM, on 9/22/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\sysew.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\adddj32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC05.EXE
C:\WINDOWS\System32\HPHipm11.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG05.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\grebk.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\grebk.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\grebk.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\grebk.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\grebk.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\grebk.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\grebk.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {B48EBB4A-407C-EF02-EAB7-76EBB8815E8A} - C:\WINDOWS\crdq.dll
O4 - HKLM\..\Run: [adddj32.exe] C:\WINDOWS\system32\adddj32.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095720385410

No. I'll take a look and see if it helps. Thanks!

I couldn't find the .dll file mentioned (it is supposed to show up as BHO, HJT).

Can you please download this file from here:

Getservice.zip

Extract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad into this post.
Also post another hijackthis log.

Can you please download this file from here:

Getservice.zip

Extract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad into this post.
Also post another hijackthis log.

PsService v1.1 - local and remote services viewer/controller
Copyright (C) 2001-2003 Mark Russinovich
Sysinternals - [url]www.sysinternals.com[/url]

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Alerter
    DEPENDENCIES      : LanmanWorkstation
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\alg.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Application Layer Gateway Service
    DEPENDENCIES      : 
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Application Management
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : AudioGroup
    TAG       : 0
    DISPLAY_NAME      : Windows Audio
    DEPENDENCIES      : PlugPlay
              : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Background Intelligent Transfer Service
    DEPENDENCIES      : Rpcss
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Computer Browser
    DEPENDENCIES      : LanmanWorkstation
              : LanmanServer
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccEvtMgr
Symantec Event Manager
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    LOAD_ORDER_GROUP  : Symantec Services
    TAG       : 0
    DISPLAY_NAME      : Symantec Event Manager
    DEPENDENCIES      : RPCSS
              : ccSetMgr
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccProxy
Symantec Network Proxy Service
    TYPE          : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Symantec Network Proxy
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccPwdSvc
Symantec Password Validation Service
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Symantec Password Validation
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccSetMgr
Symantec Settings Manager
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    LOAD_ORDER_GROUP  : Symantec Services
    TAG       : 0
    DISPLAY_NAME      : Symantec Settings Manager
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: CiSvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
    TYPE          : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\cisvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Indexing Service
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\clipsrv.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : ClipBook
    DEPENDENCIES      : NetDDE
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : COM+ System Application
    DEPENDENCIES      : rpcss
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 30 seconds
    FAILURE_ACTIONS   : Restart DELAY: 1000 seconds
              : Restart DELAY: 5000 seconds
              : None    DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Cryptographic Services
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: DcomLaunch
Provides launch functionality for DCOM services.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost -k DcomLaunch
    LOAD_ORDER_GROUP  : Event Log
    TAG       : 0
    DISPLAY_NAME      : DCOM Server Process Launcher
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS   : Reboot  DELAY: 60000 seconds

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : TDI
    TAG       : 0
    DISPLAY_NAME      : DHCP Client
    DEPENDENCIES      : Tcpip
              : Afd
              : NetBT
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\dmadmin.exe /com
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Logical Disk Manager Administrative Service
    DEPENDENCIES      : RpcSs
              : PlugPlay
              : DmServer
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Logical Disk Manager
    DEPENDENCIES      : RpcSs
              : PlugPlay
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k NetworkService
    LOAD_ORDER_GROUP  : TDI
    TAG       : 0
    DISPLAY_NAME      : DNS Client
    DEPENDENCIES      : Tcpip
    SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Error Reporting Service
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\services.exe
    LOAD_ORDER_GROUP  : Event log
    TAG       : 0
    DISPLAY_NAME      : Event Log
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : Network
    TAG       : 0
    DISPLAY_NAME      : COM+ Event System
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Fast User Switching Compatibility
    DEPENDENCIES      : TermService
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Help and Support
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS   : Restart DELAY: 100 seconds
              : Restart DELAY: 100 seconds
              : None    DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : HID Input Service
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: HTTPFilter
This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service,  using the Secure Socket Layer (SSL).  If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : HTTP SSL
    DEPENDENCIES      : HTTP
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\imapi.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : IMAPI CD-Burning COM Service
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Server
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : NetworkProvider
    TAG       : 0
    DISPLAY_NAME      : Workstation
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP  : TDI
    TAG       : 0
    DISPLAY_NAME      : TCP/IP NetBIOS Helper
    DEPENDENCIES      : NetBT
              : Afd
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Messenger
    DEPENDENCIES      : LanmanWorkstation
              : NetBIOS
              : PlugPlay
              : RpcSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\mnmsrvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : NetMeeting Remote Desktop Sharing
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MPService
(null)
    TYPE          : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\Program Files\Canon\MultiPASS\mpservic.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : MPService
    DEPENDENCIES      : cis1284
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. 
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\msdtc.exe
    LOAD_ORDER_GROUP  : MS Transactions
    TAG       : 0
    DISPLAY_NAME      : Distributed Transaction Coordinator
    DEPENDENCIES      : RPCSS
              : SamSS
    SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: MSIServer
Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\msiexec.exe /V
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Windows Installer
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: navapsvc
Handles Norton AntiVirus Auto-Protect events.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Norton AntiVirus Auto Protect Service
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\netdde.exe
    LOAD_ORDER_GROUP  : NetDDEGroup
    TAG       : 0
    DISPLAY_NAME      : Network DDE
    DEPENDENCIES      : NetDDEDSDM
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. 
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\netdde.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Network DDE DSDM
    DEPENDENCIES      : 
              : EGrLocalSystem
              : Network DDE DSDM
              : etwork DDE
              : on AntiVirus Auto Protect Service
              : n Coordinator
              : ion
              : er
              : mmonPf
              : 
              : 
              : 
              : ¨6
              : ¨6
              : ges Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. 
              :  
              : u
              : n
              : a
              : v
              : a
              : i
              : l
              : a
              : b
              : l
              : e
              : .
              :  
              : I
              : f
              :  
              : t
              : h
              : i
              : s
              :  
              : s
              : e
              : r
              : v
              : i
              : c
              : e
              :  
              : i
              : s
              :  
              : d
              : i
              : s
              : a
              : b
              : l
              : e
              : d
              : ,
              :  
              : a
              : n
              : y
              :  
              : s
              : e
              : r
              : v
              : i
              : c
              : e
              : s
              :  
              : t
              : h
              : a
              : t
              :  
              : e
              : x
              : p
              : l
              : i
              : c
              : i
              : t
              : l
              : y
              :  
              : d
              : e
              : p
              : e
              : n
              : d
              :  
              : o
              : n
              :  
              : i
              : t
              :  
              : w
              : i
              : l
              : l
              :  
              : f
              : a
              : i
              : l
              :  
              : t
              : o
              :  
              : s
              : t
              : a
              : r
              : t
              : .
              :  
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\lsass.exe
    LOAD_ORDER_GROUP  : RemoteValidation
    TAG       : 0
    DISPLAY_NAME      : Net Logon
    DEPENDENCIES      : LanmanWorkstation
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
    TYPE          : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Network Connections
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Network Location Awareness (NLA)
    DEPENDENCIES      : Tcpip
              : Afd
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\lsass.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : NT LM Security Support Provider
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Removable Storage
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: O?’ŽrtñåȲ$Ó
(null)
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\system32\sysew.exe /s
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Remote Procedure Call (RPC) Helper
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\services.exe
    LOAD_ORDER_GROUP  : PlugPlay
    TAG       : 0
    DISPLAY_NAME      : Plug and Play
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Pml Driver HPH11
(null)
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\HPHipm11.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Pml Driver HPH11
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\lsass.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : IPSEC Services
    DEPENDENCIES      : RPCSS
              : Tcpip
              : IPSec
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
    TYPE          : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\lsass.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Protected Storage
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Remote Access Auto Connection Manager
    DEPENDENCIES      : RasMan
              : Tapisrv
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Remote Access Connection Manager
    DEPENDENCIES      : Tapisrv
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\sessmgr.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Remote Desktop Help Session Manager
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Routing and Remote Access
    DEPENDENCIES      : RpcSS
              : +NetBIOSGroup
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\locator.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Remote Procedure Call (RPC) Locator
    DEPENDENCIES      : LanmanWorkstation
    SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost -k rpcss
    LOAD_ORDER_GROUP  : COM Infrastructure
    TAG       : 0
    DISPLAY_NAME      : Remote Procedure Call (RPC)
    DEPENDENCIES      : 
    SERVICE_START_NAME: NT Authority\NetworkService
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS   : Reboot  DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\rsvp.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : QoS RSVP
    DEPENDENCIES      : TcpIp
              : Afd
              : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\lsass.exe
    LOAD_ORDER_GROUP  : LocalValidation
    TAG       : 0
    DISPLAY_NAME      : Security Accounts Manager
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SAVScan
Handles Norton AntiVirus Auto-Protect Archive Scanning
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\Program Files\Norton AntiVirus\SAVScan.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : SAVScan
    DEPENDENCIES      : SAVRT
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SBService
(null)
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : ScriptBlocking Service
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\System32\SCardSvr.exe
    LOAD_ORDER_GROUP  : SmartCardGroup
    TAG       : 0
    DISPLAY_NAME      : Smart Card
    DEPENDENCIES      : PlugPlay
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : SchedulerGroup
    TAG       : 0
    DISPLAY_NAME      : Task Scheduler
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Secondary Logon
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events.  Notifies COM+ Event System subscribers of these events.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : Network
    TAG       : 0
    DISPLAY_NAME      : System Event Notification
    DEPENDENCIES      : EventSystem
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Windows Firewall/Internet Connection Sharing (ICS)
    DEPENDENCIES      : Netman
              : WinMgmt
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
(null)
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : ShellSvcGroup
    TAG       : 0
    DISPLAY_NAME      : Shell Hardware Detection
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SNDSrvc
Symantec Network Drivers Service
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Symantec Network Drivers Service
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
    TYPE          : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\spoolsv.exe
    LOAD_ORDER_GROUP  : SpoolerGroup
    TAG       : 0
    DISPLAY_NAME      : Print Spooler
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds
              : None    DELAY: 0 seconds

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : System Restore Service
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : SSDP Discovery Service
    DEPENDENCIES      : HTTP
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k imgsvc
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Windows Image Acquisition (WIA)
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\System32\dllhost.exe /Processid:{0D78CC1A-E766-4936-AFFE-9AF0A961C765}
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : MS Software Shadow Copy Provider
    DEPENDENCIES      : rpcss
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Symantec Core LC
Symantec Core LC
    TYPE          : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Symantec Core LC
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SymWSC
Symantec WMI Service
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : SymWMI Service
    DEPENDENCIES      : winmgmt
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\smlogsvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Performance Logs and Alerts
    DEPENDENCIES      : 
    SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Telephony
    DEPENDENCIES      : PlugPlay
              : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost -k DComLaunch
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Terminal Services
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : UIGroup
    TAG       : 0
    DISPLAY_NAME      : Themes
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds
              : None    DELAY: 0 seconds

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Distributed Link Tracking Client
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Universal Plug and Play Device Host
    DEPENDENCIES      : SSDPSRV
              : HTTP
    SERVICE_START_NAME: NT AUTHORITY\LocalService
    FAIL_RESET_PERIOD : -1 seconds
    FAILURE_ACTIONS   : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\ups.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Uninterruptible Power Supply
    DEPENDENCIES      : 
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\vssvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Volume Shadow Copy
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.


    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Windows Time
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 5 seconds
    FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP  : NetworkProvider
    TAG       : 0
    DISPLAY_NAME      : WebClient
    DEPENDENCIES      : MRxDAV
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Windows Management Instrumentation
    DEPENDENCIES      : RPCSS
              : Eventlog
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Portable Media Serial Number Service
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\wbem\wmiapsrv.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : WMI Performance Adapter
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wscsvc
Monitors system security settings and configurations.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Security Center
    DEPENDENCIES      : RpcSs
              : winmgmt
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Automatic Updates
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : TDI
    TAG       : 0
    DISPLAY_NAME      : Wireless Zero Configuration
    DEPENDENCIES      : RpcSs
              : Ndisuio
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: xmlprov
Manages XML configuration files on a domain basis for automatic network provisioning.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Network Provisioning Service
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

Logfile of HijackThis v1.98.2
Scan saved at 5:55:47 PM, on 10/29/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\sysew.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\adddj32.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\MICROS~2\OFFICE\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {D1E85150-6167-FA43-B812-7C2D5FF83DF9} - C:\WINDOWS\crau32.dll
O4 - HKLM\..\Run: [adddj32.exe] C:\WINDOWS\system32\adddj32.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095720385410[/url]

Hey, I thought you had got lost :).

You may want to print out these directions as the Internet will not be available. Please continue with the next step if you run into a problem with the current one. Just be sure to let us know what the problem was when you reply.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please download About:Buster from here: http://tools.zerosrealm.com/AboutBuster.zip Once it is downloaded extract it to
c:\aboutbuster. We will use that program later in this process.

Reboot your computer into Safe Mode and follow these steps:

Step 1:

Click on start, then control panel, then administrative programs, then services. Look for a service called Remote Procedure Call (RPC) Helper. Double click on that service and click stop and then set the startup to disabled. Also write down the name and path of the file listed in the Path to executable field. This filename must be deleted below.

Step 2:

Press control-alt-delete to get into the task manager and end the follow processes if they exist:

sysew.exe
adddj32.exe

Step 3:
I now need you to delete the following files:

C:\WINDOWS\system32\sysew.exe
C:\WINDOWS\system32\adddj32.exe

C:\WINDOWS\system32\bbrgr.dll

C:\WINDOWS\crau32.dll


If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

Step 4:
Then close all programs and windows and run hijackthis. Put a checkmark next to each of these entries and press the fix button when ready:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {D1E85150-6167-FA43-B812-7C2D5FF83DF9} - C:\WINDOWS\crau32.dll

O4 - HKLM\..\Run: [adddj32.exe] C:\WINDOWS\system32\adddj32.exe

Step 5:

In the next step we are going to remove a service that gets installed by this malware.

Go to Start>Run and type regedit.

Press enter.

Navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Remote Procedure Call (RPC) Helper

If Remote Procedure Call (RPC) Helper exists , right click on it and choose delete from the menu.

Now navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Remote Procedure Call (RPC) Helper

If LEGACY_Remote Procedure Call (RPC) Helper exists then right click on it and choose delete from the menu.

If you have trouble deleting a key. Then click once on the key name to highlight it and click on the Permission menu option under Security or Edit. Then Uncheck "Allow inheritible permissions" and press copy. Then click on everyone and put a checkmark in "full control". Then press apply and ok and attempt to delete the key again.


Step 6:

This is the step where we will use About:Buster that you had downloaded previously.

Navigate to the c:\aboutbuster directory and double-click on aboutbuster.exe When the tool is open press the OK button, then the Start button, then the OK button, and then finally the Yes button. It will start scanning your computer for files. If it asks if you would like to do a second pass, allow it to do so.

When it completed move on to step 7.

Step 7:

Copy the contents of the Quote Box below to Notepad.
Name the file as fix.reg
Change the Save as Type to All Files
Save this file on the desktop

REGEDIT4


[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW]

Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.

Step 8:
Reboot your computer back to normal mode so that we can see if we need to restore some deleted files:

  • Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.
  • If you have Spybot S&D installed you will also need to replace one file. Go here: Merijn's Files (sdhelper) and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy). Then click Start > Run > regsvr32 "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" and press the OK button
  • If you are using Windows 95, 98, or ME it is possible that the malware deleted your control.exe. Please check for the existence of this file by going to to Merijn Files control.exe and examine where the file should be for your operating system. If the file is missing then download the appropriate file and place it in the proper place according to this information.
  • Open IE, go to Tools>Internet Options>then click on the security tab, then click on custon label. Check the following settings:
    • Download Signed ActiveX controls-set to Prompt.
    • Download Un-Signed ActiveX controls-set to Disable.
    • Initialize and script ActiveX controls marked as unsafe-set to disable.

    Step 9:

    Run an online antivirus scan at:

    http://housecall.antivirus.com/

    Reboot and post another log please.

Hey, I thought you had got lost :).

You may want to print out these directions as the Internet will not be available. Please continue with the next step if you run into a problem with the current one. Just be sure to let us know what the problem was when you reply.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please download About:Buster from here: http://tools.zerosrealm.com/AboutBuster.zip Once it is downloaded extract it to
c:\aboutbuster. We will use that program later in this process.

Reboot your computer into Safe Mode and follow these steps:

Step 1:

Click on start, then control panel, then administrative programs, then services. Look for a service called Remote Procedure Call (RPC) Helper. Double click on that service and click stop and then set the startup to disabled. Also write down the name and path of the file listed in the Path to executable field. This filename must be deleted below.

Step 2:

Press control-alt-delete to get into the task manager and end the follow processes if they exist:

sysew.exe
adddj32.exe

Step 3:
I now need you to delete the following files:

C:\WINDOWS\system32\sysew.exe
C:\WINDOWS\system32\adddj32.exe

C:\WINDOWS\system32\bbrgr.dll

C:\WINDOWS\crau32.dll


If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

Step 4:
Then close all programs and windows and run hijackthis. Put a checkmark next to each of these entries and press the fix button when ready:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bbrgr.dll/sp.html#29126
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {D1E85150-6167-FA43-B812-7C2D5FF83DF9} - C:\WINDOWS\crau32.dll

O4 - HKLM\..\Run: [adddj32.exe] C:\WINDOWS\system32\adddj32.exe

Step 5:

In the next step we are going to remove a service that gets installed by this malware.

Go to Start>Run and type regedit.

Press enter.

Navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Remote Procedure Call (RPC) Helper

If Remote Procedure Call (RPC) Helper exists , right click on it and choose delete from the menu.

Now navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Remote Procedure Call (RPC) Helper

If LEGACY_Remote Procedure Call (RPC) Helper exists then right click on it and choose delete from the menu.

If you have trouble deleting a key. Then click once on the key name to highlight it and click on the Permission menu option under Security or Edit. Then Uncheck "Allow inheritible permissions" and press copy. Then click on everyone and put a checkmark in "full control". Then press apply and ok and attempt to delete the key again.


Step 6:

This is the step where we will use About:Buster that you had downloaded previously.

Navigate to the c:\aboutbuster directory and double-click on aboutbuster.exe When the tool is open press the OK button, then the Start button, then the OK button, and then finally the Yes button. It will start scanning your computer for files. If it asks if you would like to do a second pass, allow it to do so.

When it completed move on to step 7.

Step 7:

Copy the contents of the Quote Box below to Notepad.
Name the file as fix.reg
Change the Save as Type to All Files
Save this file on the desktop

Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.

Step 8:
Reboot your computer back to normal mode so that we can see if we need to restore some deleted files:

  • Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.
  • If you have Spybot S&D installed you will also need to replace one file. Go here: Merijn's Files (sdhelper) and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy). Then click Start > Run > regsvr32 "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" and press the OK button
  • If you are using Windows 95, 98, or ME it is possible that the malware deleted your control.exe. Please check for the existence of this file by going to to Merijn Files control.exe and examine where the file should be for your operating system. If the file is missing then download the appropriate file and place it in the proper place according to this information.
  • Open IE, go to Tools>Internet Options>then click on the security tab, then click on custon label. Check the following settings:
    • Download Signed ActiveX controls-set to Prompt.
    • Download Un-Signed ActiveX controls-set to Disable.
    • Initialize and script ActiveX controls marked as unsafe-set to disable.

    Step 9:

    Run an online antivirus scan at:

    http://housecall.antivirus.com/

    Reboot and post another log please.

Hey, Crunchie, I am back. Took me a while to do what you suggested. I haven't had a lot of luck. Here is my latest log. The files seemed to have changed from what you directed me to delete and I could not find some of them. Also, I could not run the antivirus scan at the end. HELP!

Logfile of HijackThis v1.98.2
Scan saved at 3:47:06 PM, on 11/2/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\javalg32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\apivt32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\devldr32.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0CE905C3-8455-A25B-CEAC-5D9DB1D32FCC} - C:\WINDOWS\sdkyu32.dll
O4 - HKLM\..\Run: [javalg32.exe] C:\WINDOWS\system32\javalg32.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095720385410

There is a good chance that every time you reboot the files that need to go change their name! You may have to leave your comp on until this is fixed.

Post another log & another getservice log please, then hang in for an answer. I'm on GMT + 8 hours time zone, so you may have a bit of a wait :).

Thanks, Crunchie. I can wait :D
Here are my logs:

Logfile of HijackThis v1.98.2
Scan saved at 9:17:38 PM, on 10/3/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\javalg32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\apivt32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\MICROS~2\OFFICE\OUTLOOK.EXE
C:\PROGRA~1\MICROS~2\OFFICE\WINWORD.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0CE905C3-8455-A25B-CEAC-5D9DB1D32FCC} - C:\WINDOWS\sdkyu32.dll
O4 - HKLM\..\Run: [javalg32.exe] C:\WINDOWS\system32\javalg32.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095720385410[/url]


PsService v1.1 - local and remote services viewer/controller
Copyright (C) 2001-2003 Mark Russinovich
Sysinternals - [url]www.sysinternals.com[/url]

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Alerter
    DEPENDENCIES      : LanmanWorkstation
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\alg.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Application Layer Gateway Service
    DEPENDENCIES      : 
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Application Management
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : AudioGroup
    TAG       : 0
    DISPLAY_NAME      : Windows Audio
    DEPENDENCIES      : PlugPlay
              : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Background Intelligent Transfer Service
    DEPENDENCIES      : Rpcss
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Computer Browser
    DEPENDENCIES      : LanmanWorkstation
              : LanmanServer
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccEvtMgr
Symantec Event Manager
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    LOAD_ORDER_GROUP  : Symantec Services
    TAG       : 0
    DISPLAY_NAME      : Symantec Event Manager
    DEPENDENCIES      : RPCSS
              : ccSetMgr
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccProxy
Symantec Network Proxy Service
    TYPE          : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Symantec Network Proxy
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccPwdSvc
Symantec Password Validation Service
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Symantec Password Validation
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccSetMgr
Symantec Settings Manager
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    LOAD_ORDER_GROUP  : Symantec Services
    TAG       : 0
    DISPLAY_NAME      : Symantec Settings Manager
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: CiSvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
    TYPE          : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\cisvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Indexing Service
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\clipsrv.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : ClipBook
    DEPENDENCIES      : NetDDE
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : COM+ System Application
    DEPENDENCIES      : rpcss
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 30 seconds
    FAILURE_ACTIONS   : Restart DELAY: 1000 seconds
              : Restart DELAY: 5000 seconds
              : None    DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Cryptographic Services
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: DcomLaunch
Provides launch functionality for DCOM services.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost -k DcomLaunch
    LOAD_ORDER_GROUP  : Event Log
    TAG       : 0
    DISPLAY_NAME      : DCOM Server Process Launcher
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS   : Reboot  DELAY: 60000 seconds

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : TDI
    TAG       : 0
    DISPLAY_NAME      : DHCP Client
    DEPENDENCIES      : Tcpip
              : Afd
              : NetBT
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\dmadmin.exe /com
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Logical Disk Manager Administrative Service
    DEPENDENCIES      : RpcSs
              : PlugPlay
              : DmServer
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Logical Disk Manager
    DEPENDENCIES      : RpcSs
              : PlugPlay
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k NetworkService
    LOAD_ORDER_GROUP  : TDI
    TAG       : 0
    DISPLAY_NAME      : DNS Client
    DEPENDENCIES      : Tcpip
    SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Error Reporting Service
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\services.exe
    LOAD_ORDER_GROUP  : Event log
    TAG       : 0
    DISPLAY_NAME      : Event Log
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : Network
    TAG       : 0
    DISPLAY_NAME      : COM+ Event System
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Fast User Switching Compatibility
    DEPENDENCIES      : TermService
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Help and Support
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS   : Restart DELAY: 100 seconds
              : Restart DELAY: 100 seconds
              : None    DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : HID Input Service
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: HTTPFilter
This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service,  using the Secure Socket Layer (SSL).  If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : HTTP SSL
    DEPENDENCIES      : HTTP
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\imapi.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : IMAPI CD-Burning COM Service
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Server
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : NetworkProvider
    TAG       : 0
    DISPLAY_NAME      : Workstation
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP  : TDI
    TAG       : 0
    DISPLAY_NAME      : TCP/IP NetBIOS Helper
    DEPENDENCIES      : NetBT
              : Afd
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Messenger
    DEPENDENCIES      : LanmanWorkstation
              : NetBIOS
              : PlugPlay
              : RpcSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\mnmsrvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : NetMeeting Remote Desktop Sharing
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MPService
(null)
    TYPE          : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\Program Files\Canon\MultiPASS\mpservic.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : MPService
    DEPENDENCIES      : cis1284
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. 
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\msdtc.exe
    LOAD_ORDER_GROUP  : MS Transactions
    TAG       : 0
    DISPLAY_NAME      : Distributed Transaction Coordinator
    DEPENDENCIES      : RPCSS
              : SamSS
    SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: MSIServer
Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\msiexec.exe /V
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Windows Installer
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: navapsvc
Handles Norton AntiVirus Auto-Protect events.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Norton AntiVirus Auto Protect Service
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\netdde.exe
    LOAD_ORDER_GROUP  : NetDDEGroup
    TAG       : 0
    DISPLAY_NAME      : Network DDE
    DEPENDENCIES      : NetDDEDSDM
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. 
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\netdde.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Network DDE DSDM
    DEPENDENCIES      : 
              : EGrLocalSystem
              : Network DDE DSDM
              : etwork DDE
              : on AntiVirus Auto Protect Service
              : n Coordinator
              : ion
              : er
              : mmonPf
              : 
              : ¤
              : 
              : ¨6
              : ¨6
              : ges Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. 
              :  
              : u
              : n
              : a
              : v
              : a
              : i
              : l
              : a
              : b
              : l
              : e
              : .
              :  
              : I
              : f
              :  
              : t
              : h
              : i
              : s
              :  
              : s
              : e
              : r
              : v
              : i
              : c
              : e
              :  
              : i
              : s
              :  
              : d
              : i
              : s
              : a
              : b
              : l
              : e
              : d
              : ,
              :  
              : a
              : n
              : y
              :  
              : s
              : e
              : r
              : v
              : i
              : c
              : e
              : s
              :  
              : t
              : h
              : a
              : t
              :  
              : e
              : x
              : p
              : l
              : i
              : c
              : i
              : t
              : l
              : y
              :  
              : d
              : e
              : p
              : e
              : n
              : d
              :  
              : o
              : n
              :  
              : i
              : t
              :  
              : w
              : i
              : l
              : l
              :  
              : f
              : a
              : i
              : l
              :  
              : t
              : o
              :  
              : s
              : t
              : a
              : r
              : t
              : .
              :  
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\lsass.exe
    LOAD_ORDER_GROUP  : RemoteValidation
    TAG       : 0
    DISPLAY_NAME      : Net Logon
    DEPENDENCIES      : LanmanWorkstation
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
    TYPE          : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Network Connections
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Network Location Awareness (NLA)
    DEPENDENCIES      : Tcpip
              : Afd
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\lsass.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : NT LM Security Support Provider
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Removable Storage
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: O?’ŽrtñåȲ$Ó
(null)
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\system32\apivt32.exe /s
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Remote Procedure Call (RPC) Helper
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\services.exe
    LOAD_ORDER_GROUP  : PlugPlay
    TAG       : 0
    DISPLAY_NAME      : Plug and Play
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Pml Driver HPH11
(null)
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\HPHipm11.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Pml Driver HPH11
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\lsass.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : IPSEC Services
    DEPENDENCIES      : RPCSS
              : Tcpip
              : IPSec
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
    TYPE          : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\lsass.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Protected Storage
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Remote Access Auto Connection Manager
    DEPENDENCIES      : RasMan
              : Tapisrv
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Remote Access Connection Manager
    DEPENDENCIES      : Tapisrv
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\sessmgr.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Remote Desktop Help Session Manager
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Routing and Remote Access
    DEPENDENCIES      : RpcSS
              : +NetBIOSGroup
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\locator.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Remote Procedure Call (RPC) Locator
    DEPENDENCIES      : LanmanWorkstation
    SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost -k rpcss
    LOAD_ORDER_GROUP  : COM Infrastructure
    TAG       : 0
    DISPLAY_NAME      : Remote Procedure Call (RPC)
    DEPENDENCIES      : 
    SERVICE_START_NAME: NT Authority\NetworkService
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS   : Reboot  DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\rsvp.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : QoS RSVP
    DEPENDENCIES      : TcpIp
              : Afd
              : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\lsass.exe
    LOAD_ORDER_GROUP  : LocalValidation
    TAG       : 0
    DISPLAY_NAME      : Security Accounts Manager
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SAVScan
Handles Norton AntiVirus Auto-Protect Archive Scanning
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\Program Files\Norton AntiVirus\SAVScan.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : SAVScan
    DEPENDENCIES      : SAVRT
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SBService
(null)
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : ScriptBlocking Service
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\System32\SCardSvr.exe
    LOAD_ORDER_GROUP  : SmartCardGroup
    TAG       : 0
    DISPLAY_NAME      : Smart Card
    DEPENDENCIES      : PlugPlay
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : SchedulerGroup
    TAG       : 0
    DISPLAY_NAME      : Task Scheduler
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Secondary Logon
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events.  Notifies COM+ Event System subscribers of these events.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : Network
    TAG       : 0
    DISPLAY_NAME      : System Event Notification
    DEPENDENCIES      : EventSystem
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Windows Firewall/Internet Connection Sharing (ICS)
    DEPENDENCIES      : Netman
              : WinMgmt
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
(null)
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : ShellSvcGroup
    TAG       : 0
    DISPLAY_NAME      : Shell Hardware Detection
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SNDSrvc
Symantec Network Drivers Service
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Symantec Network Drivers Service
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
    TYPE          : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\spoolsv.exe
    LOAD_ORDER_GROUP  : SpoolerGroup
    TAG       : 0
    DISPLAY_NAME      : Print Spooler
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds
              : None    DELAY: 0 seconds

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : System Restore Service
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : SSDP Discovery Service
    DEPENDENCIES      : HTTP
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k imgsvc
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Windows Image Acquisition (WIA)
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\System32\dllhost.exe /Processid:{0D78CC1A-E766-4936-AFFE-9AF0A961C765}
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : MS Software Shadow Copy Provider
    DEPENDENCIES      : rpcss
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Symantec Core LC
Symantec Core LC
    TYPE          : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Symantec Core LC
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SymWSC
Symantec WMI Service
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : SymWMI Service
    DEPENDENCIES      : winmgmt
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\smlogsvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Performance Logs and Alerts
    DEPENDENCIES      : 
    SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Telephony
    DEPENDENCIES      : PlugPlay
              : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost -k DComLaunch
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Terminal Services
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : UIGroup
    TAG       : 0
    DISPLAY_NAME      : Themes
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds
              : None    DELAY: 0 seconds

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Distributed Link Tracking Client
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Universal Plug and Play Device Host
    DEPENDENCIES      : SSDPSRV
              : HTTP
    SERVICE_START_NAME: NT AUTHORITY\LocalService
    FAIL_RESET_PERIOD : -1 seconds
    FAILURE_ACTIONS   : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\ups.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Uninterruptible Power Supply
    DEPENDENCIES      : 
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\vssvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Volume Shadow Copy
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.


    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Windows Time
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 5 seconds
    FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP  : NetworkProvider
    TAG       : 0
    DISPLAY_NAME      : WebClient
    DEPENDENCIES      : MRxDAV
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Windows Management Instrumentation
    DEPENDENCIES      : RPCSS
              : Eventlog
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Portable Media Serial Number Service
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\wbem\wmiapsrv.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : WMI Performance Adapter
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wscsvc
Monitors system security settings and configurations.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Security Center
    DEPENDENCIES      : RpcSs
              : winmgmt
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Automatic Updates
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : TDI
    TAG       : 0
    DISPLAY_NAME      : Wireless Zero Configuration
    DEPENDENCIES      : RpcSs
              : Ndisuio
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: xmlprov
Manages XML configuration files on a domain basis for automatic network provisioning.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Network Provisioning Service
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

You may want to print out these directions as the Internet will not be available. Please continue with the next step if you run into a problem with the current one. Just be sure to let us know what the problem was when you reply.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please download About:Buster from here: http://tools.zerosrealm.com/AboutBuster.zip Once it is downloaded extract it to
c:\aboutbuster. We will use that program later in this process.

Reboot your computer into Safe Mode and follow these steps:

Step 1:

Click on start, then control panel, then administrative programs, then services. Look for a service called Remote Procedure Call (RPC) Helper. Double click on that service and click stop and then set the startup to disabled. Also write down the name and path of the file listed in the Path to executable field. This filename must be deleted below.

Step 2:

Press control-alt-delete to get into the task manager and end the follow processes if they exist:

javalg32.exe
apivt32.exe

Step 3:
I now need you to delete the following files:

C:\WINDOWS\system32\javalg32.exe
C:\WINDOWS\system32\apivt32.exe

C:\WINDOWS\system32\twprk.dll

C:\WINDOWS\sdkyu32.dll

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

Step 4:
Then close all programs and windows and run hijackthis. Put a checkmark next to each of these entries and press the fix button when ready:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\twprk.dll/sp.html#29126
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {0CE905C3-8455-A25B-CEAC-5D9DB1D32FCC} - C:\WINDOWS\sdkyu32.dll

O4 - HKLM\..\Run: [javalg32.exe] C:\WINDOWS\system32\javalg32.exe

Step 5:

In the next step we are going to remove a service that gets installed by this malware.

Go to Start>Run and type regedit.

Press enter.

Navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Remote Procedure Call (RPC) Helper

If Remote Procedure Call (RPC) Helper exists , right click on it and choose delete from the menu.

Now navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Remote Procedure Call (RPC) Helper

If LEGACY_Remote Procedure Call (RPC) Helper exists then right click on it and choose delete from the menu.

If you have trouble deleting a key. Then click once on the key name to highlight it and click on the Permission menu option under Security or Edit. Then Uncheck "Allow inheritible permissions" and press copy. Then click on everyone and put a checkmark in "full control". Then press apply and ok and attempt to delete the key again.


Step 6:

This is the step where we will use About:Buster that you had downloaded previously.

Navigate to the c:\aboutbuster directory and double-click on aboutbuster.exe When the tool is open press the OK button, then the Start button, then the OK button, and then finally the Yes button. It will start scanning your computer for files. If it asks if you would like to do a second pass, allow it to do so.

When it completed move on to step 7.

Step 7:

Copy the contents of the Quote Box below to Notepad.
Name the file as fix.reg
Change the Save as Type to All Files
Save this file on the desktop

REGEDIT4


[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW]

Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.

Step 8:
Reboot your computer back to normal mode so that we can see if we need to restore some deleted files:

  • Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.
  • If you have Spybot S&D installed you will also need to replace one file. Go here: Merijn's Files (sdhelper) and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy). Then click Start > Run > regsvr32 "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" and press the OK button
  • If you are using Windows 95, 98, or ME it is possible that the malware deleted your control.exe. Please check for the existence of this file by going to to Merijn Files control.exe and examine where the file should be for your operating system. If the file is missing then download the appropriate file and place it in the proper place according to this information.
  • Open IE, go to Tools>Internet Options>then click on the security tab, then click on custon label. Check the following settings:
    • Download Signed ActiveX controls-set to Prompt.
    • Download Un-Signed ActiveX controls-set to Disable.
    • Initialize and script ActiveX controls marked as unsafe-set to disable.

    Step 9:

    Go here to TrendMicro for an on-line scan & set it to autoclean for you.

    Try this scan at Panda as well.

    Reboot and post another hijackthis log.

Hey, Crunchie, not much luck again :(
I could not remove the sdkyu32.dll file. Also, there were 2 archive files in C:\WINDOWS\Prefetch - javalg32.EXE-25A8C98B.pf and apivt32.EXE-09367E05.pf
The BHO was changed from the orginal HJT log to
BHO: (no name) - {ECDBD93B-30EF-D196-FC96-85492CDB4F6A} - C:\WINDOWS\javakw32.dll
so I did not fix this file on HJT log.
There was no Remote Procedure Call (RPC) Helper.
Finally, I could not get Housecall or Panda to work.

Here is my current HJT log:
Logfile of HijackThis v1.98.2
Scan saved at 10:59:45 PM, on 10/4/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\applj32.exe
C:\WINDOWS\system32\appja32.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {ECDBD93B-30EF-D196-FC96-85492CDB4F6A} - C:\WINDOWS\javakw32.dll
O4 - HKLM\..\Run: [appja32.exe] C:\WINDOWS\system32\appja32.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095720385410

Thanks for any help you can give me.

Download Registrar Lite from here:
http://www.resplendence.com/download/reglite.exe

Put it in its own folder. You may want to keep this program. It is an excellent free, registry editor.

Install, run, copy and paste this line to reglite's address bar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

and hit the "go" tab. Find: "Appinit_Dlls" value on the right side panel, DoubleClick, copy and post here the information in the 'Value' field.

It doesn't pull up the Appinit_Dlls file! :(

Can you please post hijackthis log & getservice log.

Sorry, Crunchie, I've been out of town. Here are my logs:

Logfile of HijackThis v1.98.2
Scan saved at 9:25:33 PM, on 10/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\applj32.exe
C:\WINDOWS\system32\appja32.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {827D761A-C8F4-42CF-3259-13B99DB3FF0A} - C:\WINDOWS\system32\crit32.dll
O4 - HKLM\..\Run: [appja32.exe] C:\WINDOWS\system32\appja32.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095720385410[/url]

PsService v1.1 - local and remote services viewer/controller
Copyright (C) 2001-2003 Mark Russinovich
Sysinternals - [url]www.sysinternals.com[/url]

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Alerter
    DEPENDENCIES      : LanmanWorkstation
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\alg.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Application Layer Gateway Service
    DEPENDENCIES      : 
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Application Management
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : AudioGroup
    TAG       : 0
    DISPLAY_NAME      : Windows Audio
    DEPENDENCIES      : PlugPlay
              : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Background Intelligent Transfer Service
    DEPENDENCIES      : Rpcss
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Computer Browser
    DEPENDENCIES      : LanmanWorkstation
              : LanmanServer
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccEvtMgr
Symantec Event Manager
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    LOAD_ORDER_GROUP  : Symantec Services
    TAG       : 0
    DISPLAY_NAME      : Symantec Event Manager
    DEPENDENCIES      : RPCSS
              : ccSetMgr
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccProxy
Symantec Network Proxy Service
    TYPE          : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Symantec Network Proxy
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccPwdSvc
Symantec Password Validation Service
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Symantec Password Validation
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccSetMgr
Symantec Settings Manager
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    LOAD_ORDER_GROUP  : Symantec Services
    TAG       : 0
    DISPLAY_NAME      : Symantec Settings Manager
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: CiSvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
    TYPE          : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\cisvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Indexing Service
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\clipsrv.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : ClipBook
    DEPENDENCIES      : NetDDE
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : COM+ System Application
    DEPENDENCIES      : rpcss
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 30 seconds
    FAILURE_ACTIONS   : Restart DELAY: 1000 seconds
              : Restart DELAY: 5000 seconds
              : None    DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Cryptographic Services
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: DcomLaunch
Provides launch functionality for DCOM services.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost -k DcomLaunch
    LOAD_ORDER_GROUP  : Event Log
    TAG       : 0
    DISPLAY_NAME      : DCOM Server Process Launcher
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS   : Reboot  DELAY: 60000 seconds

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : TDI
    TAG       : 0
    DISPLAY_NAME      : DHCP Client
    DEPENDENCIES      : Tcpip
              : Afd
              : NetBT
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\dmadmin.exe /com
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Logical Disk Manager Administrative Service
    DEPENDENCIES      : RpcSs
              : PlugPlay
              : DmServer
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Logical Disk Manager
    DEPENDENCIES      : RpcSs
              : PlugPlay
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k NetworkService
    LOAD_ORDER_GROUP  : TDI
    TAG       : 0
    DISPLAY_NAME      : DNS Client
    DEPENDENCIES      : Tcpip
    SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Error Reporting Service
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\services.exe
    LOAD_ORDER_GROUP  : Event log
    TAG       : 0
    DISPLAY_NAME      : Event Log
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : Network
    TAG       : 0
    DISPLAY_NAME      : COM+ Event System
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Fast User Switching Compatibility
    DEPENDENCIES      : TermService
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Help and Support
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS   : Restart DELAY: 100 seconds
              : Restart DELAY: 100 seconds
              : None    DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : HID Input Service
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: HTTPFilter
This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service,  using the Secure Socket Layer (SSL).  If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : HTTP SSL
    DEPENDENCIES      : HTTP
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\imapi.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : IMAPI CD-Burning COM Service
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Server
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : NetworkProvider
    TAG       : 0
    DISPLAY_NAME      : Workstation
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP  : TDI
    TAG       : 0
    DISPLAY_NAME      : TCP/IP NetBIOS Helper
    DEPENDENCIES      : NetBT
              : Afd
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Messenger
    DEPENDENCIES      : LanmanWorkstation
              : NetBIOS
              : PlugPlay
              : RpcSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\mnmsrvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : NetMeeting Remote Desktop Sharing
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MPService
(null)
    TYPE          : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\Program Files\Canon\MultiPASS\mpservic.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : MPService
    DEPENDENCIES      : cis1284
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. 
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\msdtc.exe
    LOAD_ORDER_GROUP  : MS Transactions
    TAG       : 0
    DISPLAY_NAME      : Distributed Transaction Coordinator
    DEPENDENCIES      : RPCSS
              : SamSS
    SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: MSIServer
Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\msiexec.exe /V
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Windows Installer
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: navapsvc
Handles Norton AntiVirus Auto-Protect events.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Norton AntiVirus Auto Protect Service
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\netdde.exe
    LOAD_ORDER_GROUP  : NetDDEGroup
    TAG       : 0
    DISPLAY_NAME      : Network DDE
    DEPENDENCIES      : NetDDEDSDM
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. 
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\netdde.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Network DDE DSDM
    DEPENDENCIES      : 
              : EGrLocalSystem
              : Network DDE DSDM
              : etwork DDE
              : on AntiVirus Auto Protect Service
              : n Coordinator
              : ion
              : er
              : mmonPf
              : 
              : 
              : 
              : ¨6
              : ¨6
              : ges Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. 
              :  
              : u
              : n
              : a
              : v
              : a
              : i
              : l
              : a
              : b
              : l
              : e
              : .
              :  
              : I
              : f
              :  
              : t
              : h
              : i
              : s
              :  
              : s
              : e
              : r
              : v
              : i
              : c
              : e
              :  
              : i
              : s
              :  
              : d
              : i
              : s
              : a
              : b
              : l
              : e
              : d
              : ,
              :  
              : a
              : n
              : y
              :  
              : s
              : e
              : r
              : v
              : i
              : c
              : e
              : s
              :  
              : t
              : h
              : a
              : t
              :  
              : e
              : x
              : p
              : l
              : i
              : c
              : i
              : t
              : l
              : y
              :  
              : d
              : e
              : p
              : e
              : n
              : d
              :  
              : o
              : n
              :  
              : i
              : t
              :  
              : w
              : i
              : l
              : l
              :  
              : f
              : a
              : i
              : l
              :  
              : t
              : o
              :  
              : s
              : t
              : a
              : r
              : t
              : .
              :  
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\lsass.exe
    LOAD_ORDER_GROUP  : RemoteValidation
    TAG       : 0
    DISPLAY_NAME      : Net Logon
    DEPENDENCIES      : LanmanWorkstation
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
    TYPE          : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Network Connections
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Network Location Awareness (NLA)
    DEPENDENCIES      : Tcpip
              : Afd
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\lsass.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : NT LM Security Support Provider
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Removable Storage
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\services.exe
    LOAD_ORDER_GROUP  : PlugPlay
    TAG       : 0
    DISPLAY_NAME      : Plug and Play
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Pml Driver HPH11
(null)
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\HPHipm11.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Pml Driver HPH11
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\lsass.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : IPSEC Services
    DEPENDENCIES      : RPCSS
              : Tcpip
              : IPSec
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
    TYPE          : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\lsass.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Protected Storage
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Remote Access Auto Connection Manager
    DEPENDENCIES      : RasMan
              : Tapisrv
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Remote Access Connection Manager
    DEPENDENCIES      : Tapisrv
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\sessmgr.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Remote Desktop Help Session Manager
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 4  DISABLED
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Routing and Remote Access
    DEPENDENCIES      : RpcSS
              : +NetBIOSGroup
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\locator.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Remote Procedure Call (RPC) Locator
    DEPENDENCIES      : LanmanWorkstation
    SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost -k rpcss
    LOAD_ORDER_GROUP  : COM Infrastructure
    TAG       : 0
    DISPLAY_NAME      : Remote Procedure Call (RPC)
    DEPENDENCIES      : 
    SERVICE_START_NAME: NT Authority\NetworkService
    FAIL_RESET_PERIOD : 0 seconds
    FAILURE_ACTIONS   : Reboot  DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\rsvp.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : QoS RSVP
    DEPENDENCIES      : TcpIp
              : Afd
              : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\lsass.exe
    LOAD_ORDER_GROUP  : LocalValidation
    TAG       : 0
    DISPLAY_NAME      : Security Accounts Manager
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SAVScan
Handles Norton AntiVirus Auto-Protect Archive Scanning
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\Program Files\Norton AntiVirus\SAVScan.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : SAVScan
    DEPENDENCIES      : SAVRT
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SBService
(null)
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : ScriptBlocking Service
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\System32\SCardSvr.exe
    LOAD_ORDER_GROUP  : SmartCardGroup
    TAG       : 0
    DISPLAY_NAME      : Smart Card
    DEPENDENCIES      : PlugPlay
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : SchedulerGroup
    TAG       : 0
    DISPLAY_NAME      : Task Scheduler
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Secondary Logon
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events.  Notifies COM+ Event System subscribers of these events.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : Network
    TAG       : 0
    DISPLAY_NAME      : System Event Notification
    DEPENDENCIES      : EventSystem
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Windows Firewall/Internet Connection Sharing (ICS)
    DEPENDENCIES      : Netman
              : WinMgmt
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
(null)
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : ShellSvcGroup
    TAG       : 0
    DISPLAY_NAME      : Shell Hardware Detection
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SNDSrvc
Symantec Network Drivers Service
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Symantec Network Drivers Service
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
    TYPE          : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\spoolsv.exe
    LOAD_ORDER_GROUP  : SpoolerGroup
    TAG       : 0
    DISPLAY_NAME      : Print Spooler
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds
              : None    DELAY: 0 seconds

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : System Restore Service
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : SSDP Discovery Service
    DEPENDENCIES      : HTTP
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k imgsvc
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Windows Image Acquisition (WIA)
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\System32\dllhost.exe /Processid:{0D78CC1A-E766-4936-AFFE-9AF0A961C765}
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : MS Software Shadow Copy Provider
    DEPENDENCIES      : rpcss
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Symantec Core LC
Symantec Core LC
    TYPE          : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS  
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Symantec Core LC
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SymWSC
Symantec WMI Service
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : SymWMI Service
    DEPENDENCIES      : winmgmt
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\smlogsvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Performance Logs and Alerts
    DEPENDENCIES      : 
    SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Telephony
    DEPENDENCIES      : PlugPlay
              : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost -k DComLaunch
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Terminal Services
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : UIGroup
    TAG       : 0
    DISPLAY_NAME      : Themes
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds
              : None    DELAY: 0 seconds

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Distributed Link Tracking Client
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Universal Plug and Play Device Host
    DEPENDENCIES      : SSDPSRV
              : HTTP
    SERVICE_START_NAME: NT AUTHORITY\LocalService
    FAIL_RESET_PERIOD : -1 seconds
    FAILURE_ACTIONS   : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\ups.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Uninterruptible Power Supply
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\vssvc.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Volume Shadow Copy
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.


    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Windows Time
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 5 seconds
    FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k LocalService
    LOAD_ORDER_GROUP  : NetworkProvider
    TAG       : 0
    DISPLAY_NAME      : WebClient
    DEPENDENCIES      : MRxDAV
    SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Windows Management Instrumentation
    DEPENDENCIES      : RPCSS
              : Eventlog
    SERVICE_START_NAME: LocalSystem
    FAIL_RESET_PERIOD : 86400 seconds
    FAILURE_ACTIONS   : Restart DELAY: 60000 seconds
              : Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Portable Media Serial Number Service
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
    TYPE          : 10 WIN32_OWN_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\wbem\wmiapsrv.exe
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : WMI Performance Adapter
    DEPENDENCIES      : RPCSS
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wscsvc
Monitors system security settings and configurations.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Security Center
    DEPENDENCIES      : RpcSs
              : winmgmt
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\system32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Automatic Updates
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : TDI
    TAG       : 0
    DISPLAY_NAME      : Wireless Zero Configuration
    DEPENDENCIES      : RpcSs
              : Ndisuio
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: xmlprov
Manages XML configuration files on a domain basis for automatic network provisioning.
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 3  DEMAND_START
    ERROR_CONTROL     : 1  NORMAL
    BINARY_PATH_NAME  : C:\WINDOWS\System32\svchost.exe -k netsvcs
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Network Provisioning Service
    DEPENDENCIES      : RpcSs
    SERVICE_START_NAME: LocalSystem

SERVICE_NAME: O?’ŽrtñåȲ$Ó
(null)
    TYPE          : 20 WIN32_SHARE_PROCESS 
    START_TYPE    : 2  AUTO_START
    ERROR_CONTROL     : 0  IGNORE
    BINARY_PATH_NAME  : C:\WINDOWS\system32\applj32.exe /s
    LOAD_ORDER_GROUP  : 
    TAG       : 0
    DISPLAY_NAME      : Remote Procedure Call (RPC) Helper
    DEPENDENCIES      : 
    SERVICE_START_NAME: LocalSystem

Thanks again for any help!

Check for updates with about:buster.

Reboot into safe mode following the instructions here & open Task Manager & end process on the following:

applj32.exe
appja32.exe

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked':

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qefpj.dll/sp.html#29126
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {827D761A-C8F4-42CF-3259-13B99DB3FF0A} - C:\WINDOWS\system32\crit32.dll

O4 - HKLM\..\Run: [appja32.exe] C:\WINDOWS\system32\appja32.exe

Manually delete;

C:\WINDOWS\system32\applj32.exe-file
C:\WINDOWS\system32\appja32.exe-file
C:\WINDOWS\system32\crit32.dll-file

Run About:buster, click OK, Start, and OK again to start the scan. Let it scan and fix everything it finds.

Still in safe mode, do a full system scan with Adaware. When the scan is finished select *next* & place a check in the boxes to the left of what is found & click *next* again. Let it delete those entries.

Reboot your computer in normal mode. Post another log.

Crunchie-
I think we may have got the dirty bugger! :lol:
Here is my latest log:

Logfile of HijackThis v1.98.2
Scan saved at 8:06:50 PM, on 10/13/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095720385410

Let me know what you think. Thanks!!!!!!!!!

Looks good\short to me :). Give it a couple of reboots & keep your fingers crossed.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.