I am Having Serious Troubles. Hijackthis Log included

AdvancedSetup · September 13, 2009

Please run MSCONFIG and set it to NORMAL STARTUP and reboot the computer.

After the reboot run MSCONFIG again and go to the SERVICES tab and make sure ENABLE ALL is selected if not select it and reboot again.

After the reboot run MSCONFIG one more time and verify that on the General tab it is set to NORMAL STARTUP if not then select it again and reboot again.

Then I NEED those logs to see what else is going on.

Thanks

THUGGY · September 13, 2009

ok i did what you said and started in normal mode but i dont see any difference. Pretty well every single window service is still stopped and I still cant enable firewall and internet connectivity etc. But i am confused, do i run combofix again without uninstalling it first and then reinstalling??

And if i should uninstall it first can you post me the info on exactly what to run to make sure i delete all of it please :rolleyes:

Other than that i cant do much more until i can get my firewall and internet access back but i dont want to rerun combofix until i know if i should delete all the old files first etc. Let me know and thanks. Also like i had said in my mail to you, combofix does have some names in the quarantine file from my last scan. Any chance that would help you out? And is there anything else we cna do or install and run until we figure out these issues?? I will await your reply

THUGGY · September 13, 2009

P.S. all windows services were set to enabled upon reboot, but they were pretty well all showing stopped still :rolleyes:

THUGGY · September 14, 2009

Ok advanced i have a new combofix log on its way but please read this info first so that you cna direct me on this. I had mailed you to see if i was supposed to just run a normal combofix or add those prior things such as the cfscript etc again but yu did not reply so i just went ahead and did the normal run. Also I had posted earlier that my computer was set to run in selective mode and you had told me to run it back in normal mode. I have a feeling my system was running in selective mode for this reason:

In the boot for selective startup, i had the windows recovery console and normal startup. When my pc was runnning in selective and we ran combofix yesterday, combofix recognized that i had the windows recovery installed and did not alert in the logs that i did not. Now that we changed my startup to normal, combofix alerted me today that i dont have the recovery console installed and prompted me to do so. i could not download it again because i cant get a connection on my infected pc so i selected no. Combofix ran fine and produced a log but it alerted in this new log that windows recovery is not installed but like i said i am certain it is installed so let me know what i should do about that. Maybe its not an issue right now, but i do need you to direct me on that.

Ok here are my new logs of combofix, malwarebytes, and hijackthis. Please make sure to let me know exactly what you want me to do more clearly in the future so i know exactly what to do and thanks :rolleyes:

ComboFix 09-09-11.03 - Murry 13/09/2009 19:51.4.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.249 [GMT -6:00]

Running from: c:\documents and settings\Murry\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2009-08-14 to 2009-09-14 )))))))))))))))))))))))))))))))

.

2009-09-07 10:53 . 2009-09-07 10:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Backup

2009-09-07 10:14 . 2009-09-07 10:14 -------- d-----w- c:\documents and settings\Murry\Local Settings\Application Data\Symantec

2009-09-07 10:06 . 2009-09-10 12:45 -------- d-----w- c:\windows\LastGood

2009-09-07 10:06 . 2009-09-07 10:22 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-09-07 10:04 . 2009-09-07 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-09-07 09:59 . 2009-09-07 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-09-07 09:49 . 2009-09-07 09:49 -------- d-----w- c:\documents and settings\Murry\Application Data\AVG8

2009-09-07 09:35 . 2009-09-07 09:35 -------- d-----w- c:\windows\system32\wbem\Repository

2009-09-07 06:34 . 2009-09-07 06:34 -------- d-----w- c:\windows\LastGood.Tmp

2009-09-07 06:33 . 2009-07-28 22:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-09-04 09:34 . 2009-09-06 15:05 -------- d-----w- C:\Downloads

2009-09-04 08:48 . 2009-09-04 08:48 -------- d-----w- c:\program files\SEC

2009-09-04 08:48 . 2009-09-07 10:52 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-04 08:47 . 2009-09-04 08:47 -------- d-----w- c:\documents and settings\Murry\Application Data\InstallShield

2009-09-04 08:46 . 2009-03-21 19:30 20114622 ----a-w- C:\NCPro_Eng.exe

2009-09-04 08:46 . 2008-08-29 19:59 1593344 ----a-w- C:\NCProSetup.exe

2009-09-04 08:30 . 2009-09-04 08:30 -------- d-----w- c:\documents and settings\Murry\Local Settings\Application Data\Help

2009-08-30 19:21 . 2009-08-30 19:55 -------- d-----w- c:\documents and settings\All Users\AdobeTemp

2009-08-25 09:48 . 2009-08-25 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm

2009-08-16 11:22 . 2009-08-16 11:22 -------- d-----w- c:\windows\VirtualEar

2009-08-16 11:22 . 2003-08-20 00:36 65536 ----a-w- c:\windows\system32\Audio3d.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-13 11:52 . 2009-04-15 02:35 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-09-12 22:43 . 2009-04-17 23:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-10 20:54 . 2009-04-17 23:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 20:53 . 2009-04-17 23:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-07 20:54 . 2005-08-15 10:50 -------- d-----w- c:\program files\BitComet

2009-09-07 20:54 . 2009-04-03 22:32 -------- d-----w- c:\program files\Bejeweled 2 Deluxe

2009-09-07 10:08 . 2009-09-07 10:06 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2009-09-07 10:08 . 2009-09-07 10:06 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2009-09-07 10:08 . 2006-02-25 23:07 60808 -c--a-w- c:\windows\system32\S32EVNT1.DLL

2009-09-07 10:08 . 2006-02-25 23:07 124464 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2009-09-07 06:00 . 2008-10-09 22:54 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-09-07 04:58 . 2005-12-30 02:29 -------- d-----w- c:\documents and settings\Murry\Application Data\SlimBrowser

2009-08-31 14:32 . 2009-02-26 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy

2009-08-30 19:55 . 2005-02-05 05:00 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-25 10:35 . 2006-02-28 21:42 -------- d-----w- c:\documents and settings\Murry\Application Data\PC Tools

2009-08-25 10:35 . 2005-05-30 06:33 -------- d-----w- c:\program files\Yahoo!

2009-08-25 10:33 . 2008-09-29 22:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-17 11:03 . 2006-06-20 20:57 -------- d-----w- c:\program files\SlimBrowser2

2009-08-16 11:31 . 2009-04-30 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-14 02:33 . 2005-01-15 14:25 69624 ----a-w- c:\documents and settings\Murry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-14 00:56 . 2009-04-30 22:16 -------- d-----w- c:\program files\Microsoft Works

2009-08-10 21:53 . 2009-07-29 15:33 -------- d-----w- c:\program files\MasqueGames

2009-08-10 05:54 . 2005-02-27 17:40 16 -c--a-w- c:\windows\popcinfo.dat

2009-08-05 09:11 . 2003-06-20 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-23 00:28 . 2009-06-21 15:59 -------- d-----w- c:\documents and settings\Murry\Application Data\Ahead

2009-07-17 18:55 . 2003-06-20 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 05:43 . 2004-09-23 00:46 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-25 18:36 . 2003-06-20 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll

2009-06-25 18:36 . 2003-06-20 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll

2009-06-25 18:36 . 2003-06-20 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll

2009-06-25 18:36 . 2003-06-20 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll

2009-06-25 18:36 . 2003-06-20 12:00 471552 ----a-w- c:\windows\system32\mqutil.dll

2009-06-25 18:36 . 2003-06-20 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll

2009-06-25 18:36 . 2003-06-20 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll

2009-06-25 18:36 . 2003-06-20 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll

2009-06-25 18:36 . 2003-06-20 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll

2009-06-25 18:36 . 2003-06-20 12:00 16896 ----a-w- c:\windows\system32\mqise.dll

2009-06-25 18:36 . 2003-06-20 12:00 138240 ----a-w- c:\windows\system32\mqad.dll

2009-06-25 18:36 . 2003-06-20 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll

2009-06-25 08:44 . 2003-06-20 12:00 724480 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:44 . 2003-06-20 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:44 . 2003-06-20 12:00 56320 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:44 . 2003-06-20 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:44 . 2003-06-20 12:00 168448 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:44 . 2003-06-20 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-22 11:49 . 2003-06-20 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe

2009-06-22 11:49 . 2003-06-20 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe

2009-06-22 11:49 . 2003-06-20 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe

2009-06-22 11:48 . 2003-06-20 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys

2009-06-22 11:34 . 2003-06-20 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:55 . 2003-06-20 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:55 . 2003-06-20 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UniblueSpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe" [2009-04-29 614696]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-26 148888]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-24 516440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NCProTray.lnk]

backup=c:\windows\pss\NCProTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"AntiVirService"=2 (0x2)

"AntiVirSchedulerService"=2 (0x2)

"Norton AntiVirus"=2 (0x2)

"TPSrv"=2 (0x2)

"PAVSRV"=2 (0x2)

"PAVFNSVR"=2 (0x2)

"Panda Software Controller"=2 (0x2)

"PskSvcRetail"=2 (0x2)

"PSIMSVC"=2 (0x2)

"PSHost"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [15/04/2009 12:46 PM 64160]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2009 11:43 AM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2009 11:43 AM 55024]

S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]

S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [17/09/2005 8:13 PM 13225]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2009 11:43 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-09-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:28]

2009-05-14 c:\windows\Tasks\Uniblue DiskRescue 2009.job

- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]

2009-04-22 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 04:18]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://msn.ca/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Murry\Application Data\Mozilla\Firefox\Profiles\lhyik8tq.default\

FF - prefs.js: browser.startup.homepage - hxxp://sympatico.msn.ca/

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe

HKLM-Run-SCANINICIO - c:\program files\Panda Security\Panda Global Protection 2010\Inicio.exe

HKLM-Run-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe

HKLM-Run-APVXDWIN - c:\program files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE

HKLM-Run-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-13 20:12

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2016)

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-09-14 20:16

ComboFix-quarantined-files.txt 2009-09-14 02:16

Pre-Run: 10,964,951,040 bytes free

Post-Run: 10,915,631,104 bytes free

190 --- E O F --- 2009-08-26 04:34

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 2

13/09/2009 8:36:45 PM

mbam-log-2009-09-13 (20-36-45).txt

Scan type: Quick Scan

Objects scanned: 99376

Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:39:33 PM, on 13/09/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [igfxTray] "C:\WINDOWS\system32\igfxtray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [uniblueSpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe -minimize

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://sympatico.zone.msn.com/binFrameWork...UI.cab55579.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games

AdvancedSetup · September 14, 2009

Please copy the following into a new NOTEPAD document. Then save it as FIXMSINFO.REG make sure it has .REG and not .TXT as the extension and save it to your Desktop.

Then double-click on it and say yes to import it.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]

Then run the following.

Please download and run these tools which are designed to restore some standard policy settings. They are not harmful.

VArestorepolicies.INF

Download this INF repair file from here: VArestorepolicies.zip by MS-MVP Miekiemoes
Unzip or open the file VArestorepolicies.zip
Open the folder VArestorepolicies and Right-click the file inside, VArestorepolicies.INF and choose Install

FixPolicies.exe

Download this self-extracting ZIP archive from here: FixPolicies.exe by MS-MVP Bill Castner and save it to your desktop.
Double-click FixPolicies.exe
Click the "Install" button on the bottom toolbar of the box that will open
The program will create a new Folder called FixPolicies
Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd
A black box will briefly appear and then close
These fixes may prove temporary. Active malware may revert these changes on your next startup. You can safely run these utilities again.

Then run this:

Please download and run the following fix from Microsoft How do I restore security settings to the default settings?

When completed please MAKE SURE to reboot your computer.

Then run the following.

Please click on START - RUN and copy and paste the information below into the box and click OK

CMD /C SC QUERY state= all >C:\MYSERVICES.TXT | NOTEPAD C:\MYSERVICES.TXT

This should open NOTEPAD with information regarding the current services on your system. Copy and paste back that information on your next reply.

Then run this.

Click on START - RUN and copy/paste the contents of the code box below into the run box and hit OK

CMD /C DRIVERQUERY /FO TABLE /SI >C:\DriversSigned.txt

Click on START - RUN and copy/paste the contents of the code box below into the run box and hit OK

CMD /C driverquery.exe /FO TABLE /v>C:\DriversGeneral.txt

Then ATTACH the files C:\DriversSigned.txt and C:\DriversGeneral.txt to your next reply please.

AdvancedSetup · September 15, 2009

Please post a status update - thanks.

THUGGY · September 15, 2009

ok advanced i am going to start working on it in about an hour from now. I will post back as fast as possible and thanks !!!

AdvancedSetup · September 15, 2009

Okay well I'll check back some time tomorrow afternoon.

THUGGY · September 15, 2009

hey advanced. I have encountered an issue along the way with your last instructions. When i get to this procedure:

Please download and run the following fix from Microsoft How do I restore security settings to the default settings?
When completed please MAKE SURE to reboot your computer.

the file you had me download opens by default using microsoft windows installer. So as soon as i try to install it i am given that same message : the system administrator has set policies to prevent this installation. It seems i am only having issues most times installing files etc that open as a .msi file extension. But there was an option to use that file or manually apply the fix so i did it manually

THUGGY · September 15, 2009

UPDATE

I ended up looking on the microsoft website and there was an option to do that "fixit program" manually. So i applied the fix to restore security settings but this part kinda confused me on the fixit website page:

Next steps After you run this Microsoft Fix it (or complete these manual steps), standard user accounts may no longer appear on the log on screen when you start your computer or try to switch users. This occurs because standard user accounts are removed from the Users group when you reset Windows security settings. To add the affected users accounts back to the Users group, follow these steps:
1. Click Start, and then All Programs. Or click Programs.
2. Click Accessories, and then click Command Prompt (Windows XP). Or right-click Command Prompt, and then click Run As Administrator (Windows Vista).
3. In the Command Prompt window, type net users and then press ENTER. A list of user accounts is displayed.
4. For each accountname listed in the Command Prompt that is missing from the log on or switch user screen, type the following command and then press ENTER:
net localgroup users accountname /add
5. Now go to the "Did this fix the problem?" section.

Ok so i typed in "net users" and here is what appeared on the command prompt screen:

User accounts for \\

--------------------------------------------------------------------------------

Administrator ASPNET Guest

Help Assistant Murry Support_388945a0

The command completed with one or more errors.

I saw this and went hmmmmm. Who is this guest admin, and why does it say I am a help assistant? Now i am the only person (Murry) who has an account on my computer and i am the only one who should have admin privelidges, but it looks as if i am set to help assistant and ASPNET who i have no clue who or what that is, is the admin. So i am not sure what that info means but it seems the fixes havent yet at this point restored me to admin.

I will wait for further instructions and i hope we can fix this. I think we are getting close????

THUGGY · September 15, 2009

my bad, i just realized you will still need those logs and info so i am getting them right now.

THUGGY · September 15, 2009

Ok here are the logs and i also had something happen yesterday while i was trying to enable a setting of some sort on my pc ( i cant remember which one unfortunately lol ) I got a system message that told me something like " you cannot perform this action while in fail-safe mode. Then i remember getting another message kind of like that when i tried to enable another security setting that said i cant do an action while in safe mode...... I found this very, very weird.

Is this infection somehow making the computer think i am still in safe mode when im not or maybe its some type of error?? I thought i should tell you that since it may help you in figuring out whats going on. Now when i got these messages i was in no way in safe mode so its weird. And that would also make sense because a pile of my services, sound cards, etc all being disabled kind of sounds like how a pc runs in safe mode. So maybe somehow my pc looks as if it is running in normal mode but is not??? Anyways, here are the logs and info as requested

http://www.malwarebytes.org/forums/index.p...ost&id=7156

http://www.malwarebytes.org/forums/index.p...ost&id=7155

and here is the Myservices information that you requested i paste in this reply

SERVICE_NAME: Adobe LM Service

DISPLAY_NAME: Adobe LM Service

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Alerter

DISPLAY_NAME: Alerter

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: ALG

DISPLAY_NAME: Application Layer Gateway Service

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: AppMgmt

DISPLAY_NAME: Application Management

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: aspnet_state

DISPLAY_NAME: ASP.NET State Service

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: AudioSrv

DISPLAY_NAME: Windows Audio

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: BITS

DISPLAY_NAME: Background Intelligent Transfer Service

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Browser

DISPLAY_NAME: Computer Browser

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1068 (0x42c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: CCALib8

DISPLAY_NAME: Canon Camera Access Library 8

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: ccEvtMgr

DISPLAY_NAME: Symantec Event Manager

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: ccSetMgr

DISPLAY_NAME: Symantec Settings Manager

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: CiSvc

DISPLAY_NAME: Indexing Service

TYPE : 120 WIN32_SHARE_PROCESS (interactive)

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: ClipSrv

DISPLAY_NAME: ClipBook

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: clr_optimization_v2.0.50727_32

DISPLAY_NAME: .NET Runtime Optimization Service v2.0.50727_X86

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: COMSysApp

DISPLAY_NAME: COM+ System Application

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: CryptSvc

DISPLAY_NAME: CryptSvc

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: DcomLaunch

DISPLAY_NAME: DCOM Server Process Launcher

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Dhcp

DISPLAY_NAME: DHCP Client

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: dmadmin

DISPLAY_NAME: Logical Disk Manager Administrative Service

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: dmserver

DISPLAY_NAME: Logical Disk Manager

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Dnscache

DISPLAY_NAME: DNS Client

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: ERSvc

DISPLAY_NAME: Error Reporting Service

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Eventlog

DISPLAY_NAME: Event Log

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: EventSystem

DISPLAY_NAME: COM+ Event System

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: FastUserSwitchingCompatibility

DISPLAY_NAME: Fast User Switching Compatibility

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: FontCache3.0.0.0

DISPLAY_NAME: Windows Presentation Foundation Font Cache 3.0.0.0

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: helpsvc

DISPLAY_NAME: Help and Support

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: HidServ

DISPLAY_NAME: HID Input Service

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: hpqcxs08

DISPLAY_NAME: hpqcxs08

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: hpqddsvc

DISPLAY_NAME: HP CUE DeviceDiscovery Service

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: HTTPFilter

DISPLAY_NAME: HTTP SSL

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: idsvc

DISPLAY_NAME: Windows CardSpace

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: ImapiService

DISPLAY_NAME: IMAPI CD-Burning COM Service

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: JavaQuickStarterService

DISPLAY_NAME: Java Quick Starter

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: lanmanserver

DISPLAY_NAME: Server

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: lanmanworkstation

DISPLAY_NAME: Workstation

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Lavasoft Ad-Aware Service

DISPLAY_NAME: Lavasoft Ad-Aware Service

TYPE : 110 WIN32_OWN_PROCESS (interactive)

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: LmHosts

DISPLAY_NAME: TCP/IP NetBIOS Helper

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Messenger

DISPLAY_NAME: Messenger

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1068 (0x42c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Microsoft Office Groove Audit Service

DISPLAY_NAME: Microsoft Office Groove Audit Service

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: mnmsrvc

DISPLAY_NAME: NetMeeting Remote Desktop Sharing

TYPE : 110 WIN32_OWN_PROCESS (interactive)

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: MSDTC

DISPLAY_NAME: Distributed Transaction Coordinator

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: MSIServer

DISPLAY_NAME: Windows Installer

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: NBService

DISPLAY_NAME: NBService

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Net Driver HPZ12

DISPLAY_NAME: Net Driver HPZ12

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: NetDDE

DISPLAY_NAME: Network DDE

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: NetDDEdsdm

DISPLAY_NAME: Network DDE DSDM

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Netlogon

DISPLAY_NAME: Net Logon

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Netman

DISPLAY_NAME: Network Connections

TYPE : 120 WIN32_SHARE_PROCESS (interactive)

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: NetTcpPortSharing

DISPLAY_NAME: Net.Tcp Port Sharing Service

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Nla

DISPLAY_NAME: Network Location Awareness (NLA)

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: NMIndexingService

DISPLAY_NAME: NMIndexingService

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: NtLmSsp

DISPLAY_NAME: NT LM Security Support Provider

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: NtmsSvc

DISPLAY_NAME: Removable Storage

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: odserv

DISPLAY_NAME: Microsoft Office Diagnostics Service

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: ose

DISPLAY_NAME: Office Source Engine

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: PLFlash DeviceIoControl Service

DISPLAY_NAME: PLFlash DeviceIoControl Service

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: PlugPlay

DISPLAY_NAME: Plug and Play

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Pml Driver HPZ12

DISPLAY_NAME: Pml Driver HPZ12

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: PolicyAgent

DISPLAY_NAME: IPSEC Services

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: ProtectedStorage

DISPLAY_NAME: Protected Storage

TYPE : 120 WIN32_SHARE_PROCESS (interactive)

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: PskSvcRetailInst

DISPLAY_NAME: PskSvcRetailInst

TYPE : 110 WIN32_OWN_PROCESS (interactive)

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: RasAuto

DISPLAY_NAME: Remote Access Auto Connection Manager

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: RasMan

DISPLAY_NAME: Remote Access Connection Manager

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: RDSessMgr

DISPLAY_NAME: Remote Desktop Help Session Manager

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: RemoteAccess

DISPLAY_NAME: Routing and Remote Access

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: RemoteRegistry

DISPLAY_NAME: Remote Registry

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: RpcLocator

DISPLAY_NAME: Remote Procedure Call (RPC) Locator

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: RpcSs

DISPLAY_NAME: Remote Procedure Call (RPC)

TYPE : 10 WIN32_OWN_PROCESS

STATE : 4 RUNNING

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: RSVP

DISPLAY_NAME: QoS RSVP

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: SamSs

DISPLAY_NAME: Security Accounts Manager

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: SCardSvr

DISPLAY_NAME: Smart Card

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Schedule

DISPLAY_NAME: Task Scheduler

TYPE : 120 WIN32_SHARE_PROCESS (interactive)

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: seclogon

DISPLAY_NAME: Secondary Logon

TYPE : 120 WIN32_SHARE_PROCESS (interactive)

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: SENS

DISPLAY_NAME: System Event Notification

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: SharedAccess

DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS)

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1068 (0x42c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: ShellHWDetection

DISPLAY_NAME: Shell Hardware Detection

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Spooler

DISPLAY_NAME: Print Spooler

TYPE : 110 WIN32_OWN_PROCESS (interactive)

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: srservice

DISPLAY_NAME: System Restore Service

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: SSDPSRV

DISPLAY_NAME: SSDP Discovery Service

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: stisvc

DISPLAY_NAME: Windows Image Acquisition (WIA)

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: SwPrv

DISPLAY_NAME: MS Software Shadow Copy Provider

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Symantec Core LC

DISPLAY_NAME: Symantec Core LC

TYPE : 110 WIN32_OWN_PROCESS (interactive)

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: SysmonLog

DISPLAY_NAME: Performance Logs and Alerts

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: TapiSrv

DISPLAY_NAME: Telephony

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: TermService

DISPLAY_NAME: Terminal Services

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Themes

DISPLAY_NAME: Themes

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: TlntSvr

DISPLAY_NAME: Telnet

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: TrkWks

DISPLAY_NAME: Distributed Link Tracking Client

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Uniblue DiskRescue

DISPLAY_NAME: Uniblue DiskRescue

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: upnphost

DISPLAY_NAME: Universal Plug and Play Device Host

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: UPS

DISPLAY_NAME: Uninterruptible Power Supply

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: VSS

DISPLAY_NAME: Volume Shadow Copy

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: W32Time

DISPLAY_NAME: Windows Time

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: WebClient

DISPLAY_NAME: WebClient

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: winmgmt

DISPLAY_NAME: Windows Management Instrumentation

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 4 RUNNING

(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: WLSetupSvc

DISPLAY_NAME: Windows Live Setup Service

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: WmdmPmSN

DISPLAY_NAME: Portable Media Serial Number Service

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: Wmi

DISPLAY_NAME: Windows Management Instrumentation Driver Extensions

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: WmiApSrv

DISPLAY_NAME: WMI Performance Adapter

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: WMPNetworkSvc

DISPLAY_NAME: Windows Media Player Network Sharing Service

TYPE : 10 WIN32_OWN_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: wscsvc

DISPLAY_NAME: Security Center

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: wuauserv

DISPLAY_NAME: Automatic Updates

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: WudfSvc

DISPLAY_NAME: Windows Driver Foundation - User-mode Driver Framework

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1084 (0x43c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: WZCSVC

DISPLAY_NAME: Wireless Zero Configuration

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1068 (0x42c)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

SERVICE_NAME: xmlprov

DISPLAY_NAME: Network Provisioning Service

TYPE : 20 WIN32_SHARE_PROCESS

STATE : 1 STOPPED

(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 1077 (0x435)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

AdvancedSetup · September 15, 2009

Okay, please pay close attention and start NOTEPAD and copy the contents below into the new NOTEPAD document. It MUST be notepad and NOT Wordpad or other. Make sure there is at least one blank line at the bottom of the document. Then save the document by clicking on SAVE-AS and set the File Name to: RESETSERVICES.REG and on the "Save as type:" click it and choose "All Files" and save the file to your desktop.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AudioSrv]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cisvc]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmadmin]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmserver]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidServ]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTPFilter]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImapiService]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netman]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nla]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtLmSsp]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtmsSvc]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlay]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcLocator]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RSVP]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SamSs]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSrv]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stisvc]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SwPrv]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSN]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApSrv]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVC]
"Start"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprov]
"Start"=dword:00000003

Now close the document and close all other open applications and double-click on that RESETSERVICES.REG file on your desktop and select YES to allow it to merge into the Registry. Then shut down the computer and restart it.

Then let me know how the services are working.

THUGGY · September 15, 2009

i merged those values into the registry as you requested and rebooted but unfortunately my pc is running the same as before. I still have many essential services stopped such as windows firewall, internet connecting etc and if i try to manually start them i am restricted. My task manager is also still not showing what user is running processes whether i have "show processes from users" checked or unchecked. I also still have no sound on my pc etc.

Anything further you can help me with i will do. I just pray we can solve this mystery

UPDATE

ok this morning i had posted about how i had a weird safe mode message come up when i tried to start a local service manually. I now remembered what it was and i am hoping it is of some assistance to you:

I had tried manually the other day to start back up the windows firewall and network connection service. Upon doing so i got a message that it could not start because other dependent services were stopped. I found the dependent service which is called "Network Connections" and tried to start it as always in normal mode..... This was the message i got:

Could not start the Network Connections service on Local Computer

Error 1084: This service cannot be started in safe mode

Why does the system think i am in safe mode???? I am baffled lol.

P.S. - i also noticed today that i have a process running in my task manager that i havent seen before. Its supposedly a windows service, but i dont know why its running. Its called: unsecapp.exe

I also have a few services running when i checked msconfig today that i havent seen running before. They are called:

Remote Procedure call (RPC) Locator ** it is stopped

Remote Procedure Call (RPC) ** it is running

I am sure that is nothing important but i figured since i noticed it i would post it.

THUGGY · September 16, 2009

anything else i need to do Advanced?

AdvancedSetup · September 17, 2009

Well it's up to you. The system appears to have sustained quite a bit of damage from something. We can continue to work on it and see if we can repair it but no guarantee of that, or you can take a look at backing up your data and re-installing Windows.

Let me know what direction you'd like to go please.

AdvancedSetup · September 17, 2009

Please let me know what you'd like to do.

THUGGY · September 19, 2009

well we can keep trying im ok with that, but in case i do decide to reformat and reinstall my windows xp pro, do you know a website i can use for quick reference that gives the steps on what to all do for reformatting, reinstalling etc so i dont forget to do certain things?? That would help a lot !!!

Also i have a feeling this info may be important to you. Ok i had been talking about the situation where i keep thinking my pc is running in normal mode but maybe somehow thinks i am in safe mode without showing the normal screen etc you get when in safe mode. More and more i am thinking we have some strange error that entails this. Ok i had mentioned in prior posts that when i try to enable firewall, internet etc in normal mode i seem to have issues and even messages stating "you cannot do this in safe mode."

Now, if i actually do try to start my pc in safe mode WITH networking, i now encounter none of these issues.... In other words, when i am in safe mode with networking, i have no blocking of the internet or firewall etc. So its as if my pc thinks i am running in safe mode WITHOUT networking even when im in normal mode. If you think this could be a virus casuing this and if you think maybe my theory is somewhat true, maybe we can run some more tests scans etc to test this?? It seems plausible because my computer is showing many signs of safe mode with no networking while im in normal mode:

no sound enabled

no network connection available

many system and user functions disabled

icons are all set smaller on screen

task manager showing less info and processes running

From what i have read on my own over the last week, it seems that my pc is somehow tricked into believing i am in safe mode when im not??

So yah i am ready to run any more scans etc you would like me to do and if all else fails, i will have to reinstall. But i wont give up just yet if you wont !!!!

AdvancedSetup · September 19, 2009

Yes it's quite possible that it could be but you should still see that information that it's in safe mode.

Let me check some stuff and get back to you.

THUGGY · September 19, 2009

no prob and thanks for sticking with me on this Advanced !! I didnt have access to a good, running pc the last few days but now i have a good pc on me and i will for the next 48 hours so if we can find anything else out within 48 hours, i can be around a lot to reply fast to you

THUGGY · September 20, 2009

Hoping for a reply please??? I only have this other pc for so long to be able to communicate on the internet so i am begging for some assistance if possible

AdvancedSetup · September 20, 2009

Well sorry but I've been sick.

Please click on START - RUN and type in NOTEPAD C:\BOOT.INI and hit OK. Then copy/paste that back here.

Then start the computer in Safe Mode with Networking and run the following scanner.

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.

I also need for you to download this program

OTL.exe

to your desktop.

Close all applications and windows so that you have nothing open and are at your Desktop
Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.
Place a checkmark in the
"Scan All Users"
checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)
Click the Run Scan button
NOTE:
Please be patient and let the scan run without using the computer
When the scan is complete, a text file (
OTListIt.Txt
) will open in Notepad (if not, it can be found on your Desktop)
In Notepad, click
Edit
,
Select all
then
Edit
,
Copy
Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.
Submit your reply and close the Notepad window with
OTList.txt
Also OTListIt's
Extras.txt
log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window
In Notepad, click
Edit
,
Select all
then
Edit
,
Copy
Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.
NOTE:
If the files (
OTListIt.txt, Extras.txt
) do not appear in your taskbar, just open the files in notepad from your desktop.

Please allow me time to analyze your post. If you don't see a reply from me after 48 hours, feel free to PM me.

THUGGY · September 20, 2009

Hey Advanced, i am sorry to hear you are sick. I hope you feel better soon and i hope i didnt seem pushy in my post, i was just worried i wouldnt have access to this good computer for much longer but i have a few more days still.

Ok you had posted "Then start the computer in Safe Mode with Networking and run the following scanner."

I dont know which scanner you meant, i think you may have left it out of your post?? I saw the OTL.exe but i think you wanted me to run a certain scanner too. If you could post the scanner link in your next profile that would be great and thanks

Also If i still have issues with the internet while in safe mode is there a way to download the scanner and copy it over to my infected pc??

However maybe you meant the scanner is the OTL.exe so i will just post the boot.ini info and the OTL info asap for now

THUGGY · September 20, 2009

NOTE **There is no Whitelist option but there is something called "Use Company Name Whitelist" and it appears under the 30 days option. I need to know if i check this one or not?

NOTE ** I also forgot to ask you if it is ok for me to run this scan in normal mode?? I figured you maybe only asked me to run in safe mode with networking if you thought i was going to download the OTL exe from my pc?? So since i transferred the exe over via a CD i am assuming i could run this exe in normal mode?

NOTE*** Also the exe is not creating am Extras.txt file. The only file created after the scan is called OTL.txt and the prior instructions say i should have the files OTListIt and Extras so i am a bit confused. And I double checked 3 times and did a search for the Extras.txt one and it is not created. Are you sure this program always makes an Extras notepad file?? If so maybe something isnt working?? Just let me know if this is important or not. I am 100% sure the Extras file was not created and i ran multiple scans just to double check, hoping it would be created. No Extras or OTlistIt notepad file shows up minimized or anywhere in my computer as the instructions stated it should, only an OTL.txt file.

AdvancedSetup · September 20, 2009

I want it in the Safe with Networking to see if I can find any reason for this odd behavior. Yes you can check the white list as shown.

When replying please use the ADDreply button and not the Reply button. Thanks.

I am Having Serious Troubles. Hijackthis Log included

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information