Thread: Firewall won't stay enabled
View Single Post
  #31  
Old July 26th 04, 01:04 PM
Doug Knox MS-MVP
external usenet poster
  
Posts: n/a
Default Firewall won't stay enabled
The first entries I would look at a

SystemTray SysTray.Exe
WINDVDPatch CTHELPER.EXE
UpdReg C:\WINDOWS\UpdReg.EXE

These are all launched from:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run

Click Start, Run and enter REGEDIT Go to:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run

Rght click on the Run subkey and select Export. This creates a backup =
of this particular subkey. After this is completed, right click each =
of the 3 values indicated, above and select Delete. Log off/logon or =
reboot. Check the HKLM\........... Run key again to see if any "new" =
values have been created. If not, rescan your system, ensuring that =
you have the latest updates for your AV program.

--=20
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.
=20
"jay" wrote in message =
...
Here is the tracker log file:
=20
=20
-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce
=20
No Items Found
=20
-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
=20
NvCplDaemon RUNDLL32.EXE =
C:\WINDOWS\System32\NvCpl.dll,NvStartup
SystemTray SysTray.Exe
nwiz nwiz.exe /install
IntelliType "C:\Program Files\Microsoft =
Hardware\Keyboard\type32.exe"
iexplore C:\WINDOWS\System32\iexplore.exe
ccApp "C:\Program Files\Common Files\Symantec =
Shared\ccApp.exe"
WINDVDPatch CTHELPER.EXE
UpdReg C:\WINDOWS\UpdReg.EXE
RoxioEngineUtility "C:\Program Files\Common Files\Roxio =
Shared\System\EngUtil.exe"
QuickTime Task "C:\program files\quicktime\qttask.exe" =
-atboottime
NAV CfgWiz C:\Program Files\Common Files\Symantec =
Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
Jet Detection "C:\Program =
Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
Advanced Tools Check C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
=20
-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce
=20
No Items Found
=20
-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
=20
NvMediaCenter RUNDLL32.EXE =
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
=20
-- Registry --
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce
=20
No Items Found
=20
-- Start Menu - Current User --
No Items Found
=20
-- Start Menu - All Users --
iexplore.exe
=20
-- Disabled Items --
No Items Found
=20
-- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows =
NT\CurrentVersion\Winlogon --
explorer.exe
=20
-- Running Processes --
System Idle Process=20
System =20
SMSS.EXE \SystemRoot\System32\smss.exe
CSRSS.EXE =20
WINLOGON.EXE winlogon.exe
SERVICES.EXE C:\WINDOWS\system32\services.exe
LSASS.EXE C:\WINDOWS\system32\lsass.exe
SVCHOST.EXE C:\WINDOWS\system32\svchost -k rpcss
SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE =20
SVCHOST.EXE =20
CCSETMGR.EXE "C:\Program Files\Common Files\Symantec =
Shared\ccSetMgr.exe"
CCEVTMGR.EXE "C:\Program Files\Common Files\Symantec =
Shared\ccEvtMgr.exe"
SPOOLSV.EXE C:\WINDOWS\system32\spoolsv.exe
EXPLORER.EXE C:\WINDOWS\Explorer.EXE
CDAC11BA.EXE C:\WINDOWS\System32\drivers\CDAC11BA.EXE
CTSVCCDA.EXE C:\WINDOWS\System32\CTsvcCDA.exe
type32.exe "C:\Program Files\Microsoft =
Hardware\Keyboard\type32.exe"=20
CCAPP.EXE "C:\Program Files\Common Files\Symantec =
Shared\ccApp.exe"=20
CTHELPER.EXE "C:\WINDOWS\System32\CTHELPER.EXE"=20
QTTASK.EXE "C:\program files\quicktime\qttask.exe" =
-atboottime
NVSVC32.EXE C:\WINDOWS\System32\nvsvc32.exe
DEVLDR32.EXE C:\WINDOWS\System32\devldr32.exe
RUNDLL32.EXE "C:\WINDOWS\System32\RUNDLL32.EXE" =
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
IEXPLORE.EXE "C:\WINDOWS\olefiles\iexplore.exe"=20
SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k imgsvc
SYMLCSVC.EXE "C:\Program Files\Common Files\Symantec =
Shared\CCPD-LC\symlcsvc.exe"
MSMSGS.EXE "C:\Program Files\Messenger\msmsgs.exe" -Embedding
StartupTracker3.exe "C:\download\StartupTracker3.exe"=20
wuauclt.exe "C:\WINDOWS\System32\wuauclt.exe"
wmiprvse.exe =20
=20
-- Running Services --
=20
Name: AudioSrv
Description: Manages audio devices for Windows-based programs. If this =
service is stopped, audio devices and effects will not function =
properly. If this service is disabled, any services that explicitly =
depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: C-DillaCdaC11BA
Description:=20
Startup Mode: Auto
Run from: C:\WINDOWS\System32\drivers\CDAC11BA.EXE
=20
Name: ccEvtMgr
Description: Symantec Event Manager
Startup Mode: Auto
Run from: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
=20
Name: ccSetMgr
Description: Symantec Settings Manager
Startup Mode: Auto
Run from: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
=20
Name: Creative Service for CDROM Access
Description:=20
Startup Mode: Auto
Run from: C:\WINDOWS\System32\CTsvcCDA.exe
=20
Name: CryptSvc
Description: Provides three management services: Catalog Database =
Service, which confirms the signatures of Windows files; Protected Root =
Service, which adds and removes Trusted Root Certification Authority =
certificates from this computer; and Key Service, which helps enroll =
this computer for certificates. If this service is stopped, these =
management services will not function properly. If this service is =
disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
=20
Name: Dhcp
Description: Manages network configuration by registering and updating =
IP addresses and DNS names.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: dmserver
Description: Detects and monitors new hard disk drives and sends disk =
volume information to Logical Disk Manager Administrative Service for =
configuration. If this service is stopped, dynamic disk status and =
configuration information may become out of date. If this service is =
disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: Dnscache
Description: Resolves and caches Domain Name System (DNS) names for =
this computer. If this service is stopped, this computer will not be =
able to resolve DNS names and locate Active Directory domain =
controllers. If this service is disabled, any services that explicitly =
depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k NetworkService
=20
Name: ERSvc
Description: Allows error reporting for services and applictions =
running in non-standard environments.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: Eventlog
Description: Enables event log messages issued by Windows-based =
programs and components to be viewed in Event Viewer. This service =
cannot be stopped.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe
=20
Name: EventSystem
Description: Supports System Event Notification Service (SENS), which =
provides automatic distribution of events to subscribing Component =
Object Model (COM) components. If the service is stopped, SENS will =
close and will not be able to provide logon and logoff notifications. If =
this service is disabled, any services that explicitly depend on it will =
fail to start.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: FastUserSwitchingCompatibility
Description: Provides management for applications that require =
assistance in a multiple user environment.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: helpsvc
Description: Enables Help and Support Center to run on this computer. =
If this service is stopped, Help and Support Center will be unavailable. =
If this service is disabled, any services that explicitly depend on it =
will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: lanmanserver
Description: Supports file, print, and named-pipe sharing over the =
network for this computer. If this service is stopped, these functions =
will be unavailable. If this service is disabled, any services that =
explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: lanmanworkstation
Description: Creates and maintains client network connections to =
remote servers. If this service is stopped, these connections will be =
unavailable. If this service is disabled, any services that explicitly =
depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: LmHosts
Description: Enables support for NetBIOS over TCP/IP (NetBT) service =
and NetBIOS name resolution.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
=20
Name: Messenger
Description: Transmits net send and Alerter service messages between =
clients and servers. This service is not related to Windows Messenger. =
If this service is stopped, Alerter messages will not be transmitted. If =
this service is disabled, any services that explicitly depend on it will =
fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: Netman
Description: Manages objects in the Network and Dial-Up Connections =
folder, in which you can view both local area network and remote =
connections.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: Nla
Description: Collects and stores network configuration and location =
information, and notifies applications when this information changes.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: NVSvc
Description: Provides system and desktop level support to the NVIDIA =
display driver
Startup Mode: Auto
Run from: C:\WINDOWS\System32\nvsvc32.exe
=20
Name: PlugPlay
Description: Enables a computer to recognize and adapt to hardware =
changes with little or no user input. Stopping or disabling this service =
will result in system instability.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe
=20
Name: PolicyAgent
Description: Manages IP security policy and starts the ISAKMP/Oakley =
(IKE) and the IP security driver.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\lsass.exe
=20
Name: ProtectedStorage
Description: Provides protected storage for sensitive data, such as =
private keys, to prevent access by unauthorized services, processes, or =
users.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe
=20
Name: RasMan
Description: Creates a network connection.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: RemoteRegistry
Description: Enables remote users to modify registry settings on this =
computer. If this service is stopped, the registry can be modified only =
by users on this computer. If this service is disabled, any services =
that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k LocalService
=20
Name: RpcSs
Description: Provides the endpoint mapper and other miscellaneous RPC =
services.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost -k rpcss
=20
Name: SamSs
Description: Stores security information for local user accounts.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe
=20
Name: Schedule
Description: Enables a user to configure and schedule automated tasks =
on this computer. If this service is stopped, these tasks will not be =
run at their scheduled times. If this service is disabled, any services =
that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: seclogon
Description: Enables starting processes under alternate credentials. =
If this service is stopped, this type of logon access will be =
unavailable. If this service is disabled, any services that explicitly =
depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: SENS
Description: Tracks system events such as Windows logon, network, and =
power events. Notifies COM+ Event System subscribers of these events.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
=20
Name: ShellHWDetection
Description:=20
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: Spooler
Description: Loads files to memory for later printing.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\spoolsv.exe
=20
Name: srservice
Description: Performs system restore functions. To stop service, turn =
off System Restore from the System Restore tab in My =
Computer-Properties
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: SSDPSRV
Description: Enables discovery of UPnP devices on your home network.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
=20
Name: stisvc
Description: Provides image acquisition services for scanners and =
cameras.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k imgsvc
=20
Name: Symantec Core LC
Description: Symantec Core LC
Startup Mode: Auto
Run from: C:\Program Files\Common Files\Symantec =
Shared\CCPD-LC\symlcsvc.exe
=20
Name: TapiSrv
Description: Provides Telephony API (TAPI) support for programs that =
control telephony devices and IP based voice connections on the local =
computer and, through the LAN, on servers that are also running the =
service.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: TermService
Description: Allows multiple users to be connected interactively to a =
machine as well as the display of desktops and applications to remote =
computers. The underpinning of Remote Desktop (including RD for =
Administrators), Fast User Switching, Remote Assistance, and Terminal =
Server.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: Themes
Description: Provides user experience theme management.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: TrkWks
Description: Maintains links between NTFS files within a computer or =
across computers in a network domain.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
=20
Name: uploadmgr
Description: Manages synchronous and asynchronous file transfers =
between clients and servers on the network. If this service is stopped, =
synchronous and asynchronous file transfers between clients and servers =
on the network will not occur. If this service is disabled, any services =
that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: W32Time
Description: Maintains date and time synchronization on all clients =
and servers in the network. If this service is stopped, date and time =
synchronization will be unavailable. If this service is disabled, any =
services that explicitly depend on it will fail to start.
=20
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
=20
Name: WebClient
Description: Enables Windows-based programs to create, access, and =
modify Internet-based files. If this service is stopped, these functions =
will not be available. If this service is disabled, any services that =
explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
=20
Name: winmgmt
Description: Provides a common interface and object model to access =
management information about operating system, devices, applications and =
services. If this service is stopped, most Windows-based software will =
not function properly. If this service is disabled, any services that =
explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
=20
Name: wuauserv
Description: Enables the download and installation of critical Windows =
updates. If the service is disabled, the operating system can be =
manually updated at the Windows Update Web site.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
=20
Name: WZCSVC
Description: Provides automatic configuration for the 802.11 adapters
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Ads