If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#31
|
|||
|
|||
Firewall won't stay enabled
The first entries I would look at a
SystemTray SysTray.Exe WINDVDPatch CTHELPER.EXE UpdReg C:\WINDOWS\UpdReg.EXE These are all launched from: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run Click Start, Run and enter REGEDIT Go to: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run Rght click on the Run subkey and select Export. This creates a backup = of this particular subkey. After this is completed, right click each = of the 3 values indicated, above and select Delete. Log off/logon or = reboot. Check the HKLM\........... Run key again to see if any "new" = values have been created. If not, rescan your system, ensuring that = you have the latest updates for your AV program. --=20 Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display Win 95/98/Me/XP Tweaks and Fixes http://www.dougknox.com -------------------------------- Per user Group Policy Restrictions for XP Home and XP Pro http://www.dougknox.com/xp/utils/xp_securityconsole.htm -------------------------------- Please reply only to the newsgroup so all may benefit. Unsolicited e-mail is not answered. =20 "jay" wrote in message = ... Here is the tracker log file: =20 =20 -- Registry -- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce =20 No Items Found =20 -- Registry -- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run =20 NvCplDaemon RUNDLL32.EXE = C:\WINDOWS\System32\NvCpl.dll,NvStartup SystemTray SysTray.Exe nwiz nwiz.exe /install IntelliType "C:\Program Files\Microsoft = Hardware\Keyboard\type32.exe" iexplore C:\WINDOWS\System32\iexplore.exe ccApp "C:\Program Files\Common Files\Symantec = Shared\ccApp.exe" WINDVDPatch CTHELPER.EXE UpdReg C:\WINDOWS\UpdReg.EXE RoxioEngineUtility "C:\Program Files\Common Files\Roxio = Shared\System\EngUtil.exe" QuickTime Task "C:\program files\quicktime\qttask.exe" = -atboottime NAV CfgWiz C:\Program Files\Common Files\Symantec = Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" Jet Detection "C:\Program = Files\Creative\SBLive\PROGRAM\ADGJDet.exe" Advanced Tools Check C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE =20 -- Registry -- HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce =20 No Items Found =20 -- Registry -- HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run =20 NvMediaCenter RUNDLL32.EXE = C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit =20 -- Registry -- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce =20 No Items Found =20 -- Start Menu - Current User -- No Items Found =20 -- Start Menu - All Users -- iexplore.exe =20 -- Disabled Items -- No Items Found =20 -- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows = NT\CurrentVersion\Winlogon -- explorer.exe =20 -- Running Processes -- System Idle Process=20 System =20 SMSS.EXE \SystemRoot\System32\smss.exe CSRSS.EXE =20 WINLOGON.EXE winlogon.exe SERVICES.EXE C:\WINDOWS\system32\services.exe LSASS.EXE C:\WINDOWS\system32\lsass.exe SVCHOST.EXE C:\WINDOWS\system32\svchost -k rpcss SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k netsvcs SVCHOST.EXE =20 SVCHOST.EXE =20 CCSETMGR.EXE "C:\Program Files\Common Files\Symantec = Shared\ccSetMgr.exe" CCEVTMGR.EXE "C:\Program Files\Common Files\Symantec = Shared\ccEvtMgr.exe" SPOOLSV.EXE C:\WINDOWS\system32\spoolsv.exe EXPLORER.EXE C:\WINDOWS\Explorer.EXE CDAC11BA.EXE C:\WINDOWS\System32\drivers\CDAC11BA.EXE CTSVCCDA.EXE C:\WINDOWS\System32\CTsvcCDA.exe type32.exe "C:\Program Files\Microsoft = Hardware\Keyboard\type32.exe"=20 CCAPP.EXE "C:\Program Files\Common Files\Symantec = Shared\ccApp.exe"=20 CTHELPER.EXE "C:\WINDOWS\System32\CTHELPER.EXE"=20 QTTASK.EXE "C:\program files\quicktime\qttask.exe" = -atboottime NVSVC32.EXE C:\WINDOWS\System32\nvsvc32.exe DEVLDR32.EXE C:\WINDOWS\System32\devldr32.exe RUNDLL32.EXE "C:\WINDOWS\System32\RUNDLL32.EXE" = C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit IEXPLORE.EXE "C:\WINDOWS\olefiles\iexplore.exe"=20 SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k imgsvc SYMLCSVC.EXE "C:\Program Files\Common Files\Symantec = Shared\CCPD-LC\symlcsvc.exe" MSMSGS.EXE "C:\Program Files\Messenger\msmsgs.exe" -Embedding StartupTracker3.exe "C:\download\StartupTracker3.exe"=20 wuauclt.exe "C:\WINDOWS\System32\wuauclt.exe" wmiprvse.exe =20 =20 -- Running Services -- =20 Name: AudioSrv Description: Manages audio devices for Windows-based programs. If this = service is stopped, audio devices and effects will not function = properly. If this service is disabled, any services that explicitly = depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: C-DillaCdaC11BA Description:=20 Startup Mode: Auto Run from: C:\WINDOWS\System32\drivers\CDAC11BA.EXE =20 Name: ccEvtMgr Description: Symantec Event Manager Startup Mode: Auto Run from: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" =20 Name: ccSetMgr Description: Symantec Settings Manager Startup Mode: Auto Run from: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" =20 Name: Creative Service for CDROM Access Description:=20 Startup Mode: Auto Run from: C:\WINDOWS\System32\CTsvcCDA.exe =20 Name: CryptSvc Description: Provides three management services: Catalog Database = Service, which confirms the signatures of Windows files; Protected Root = Service, which adds and removes Trusted Root Certification Authority = certificates from this computer; and Key Service, which helps enroll = this computer for certificates. If this service is stopped, these = management services will not function properly. If this service is = disabled, any services that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs =20 Name: Dhcp Description: Manages network configuration by registering and updating = IP addresses and DNS names. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: dmserver Description: Detects and monitors new hard disk drives and sends disk = volume information to Logical Disk Manager Administrative Service for = configuration. If this service is stopped, dynamic disk status and = configuration information may become out of date. If this service is = disabled, any services that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: Dnscache Description: Resolves and caches Domain Name System (DNS) names for = this computer. If this service is stopped, this computer will not be = able to resolve DNS names and locate Active Directory domain = controllers. If this service is disabled, any services that explicitly = depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k NetworkService =20 Name: ERSvc Description: Allows error reporting for services and applictions = running in non-standard environments. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: Eventlog Description: Enables event log messages issued by Windows-based = programs and components to be viewed in Event Viewer. This service = cannot be stopped. Startup Mode: Auto Run from: C:\WINDOWS\system32\services.exe =20 Name: EventSystem Description: Supports System Event Notification Service (SENS), which = provides automatic distribution of events to subscribing Component = Object Model (COM) components. If the service is stopped, SENS will = close and will not be able to provide logon and logoff notifications. If = this service is disabled, any services that explicitly depend on it will = fail to start. Startup Mode: Manual Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: FastUserSwitchingCompatibility Description: Provides management for applications that require = assistance in a multiple user environment. Startup Mode: Manual Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: helpsvc Description: Enables Help and Support Center to run on this computer. = If this service is stopped, Help and Support Center will be unavailable. = If this service is disabled, any services that explicitly depend on it = will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: lanmanserver Description: Supports file, print, and named-pipe sharing over the = network for this computer. If this service is stopped, these functions = will be unavailable. If this service is disabled, any services that = explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: lanmanworkstation Description: Creates and maintains client network connections to = remote servers. If this service is stopped, these connections will be = unavailable. If this service is disabled, any services that explicitly = depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: LmHosts Description: Enables support for NetBIOS over TCP/IP (NetBT) service = and NetBIOS name resolution. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k LocalService =20 Name: Messenger Description: Transmits net send and Alerter service messages between = clients and servers. This service is not related to Windows Messenger. = If this service is stopped, Alerter messages will not be transmitted. If = this service is disabled, any services that explicitly depend on it will = fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: Netman Description: Manages objects in the Network and Dial-Up Connections = folder, in which you can view both local area network and remote = connections. Startup Mode: Manual Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: Nla Description: Collects and stores network configuration and location = information, and notifies applications when this information changes. Startup Mode: Manual Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: NVSvc Description: Provides system and desktop level support to the NVIDIA = display driver Startup Mode: Auto Run from: C:\WINDOWS\System32\nvsvc32.exe =20 Name: PlugPlay Description: Enables a computer to recognize and adapt to hardware = changes with little or no user input. Stopping or disabling this service = will result in system instability. Startup Mode: Auto Run from: C:\WINDOWS\system32\services.exe =20 Name: PolicyAgent Description: Manages IP security policy and starts the ISAKMP/Oakley = (IKE) and the IP security driver. Startup Mode: Auto Run from: C:\WINDOWS\System32\lsass.exe =20 Name: ProtectedStorage Description: Provides protected storage for sensitive data, such as = private keys, to prevent access by unauthorized services, processes, or = users. Startup Mode: Auto Run from: C:\WINDOWS\system32\lsass.exe =20 Name: RasMan Description: Creates a network connection. Startup Mode: Manual Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: RemoteRegistry Description: Enables remote users to modify registry settings on this = computer. If this service is stopped, the registry can be modified only = by users on this computer. If this service is disabled, any services = that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\system32\svchost.exe -k LocalService =20 Name: RpcSs Description: Provides the endpoint mapper and other miscellaneous RPC = services. Startup Mode: Auto Run from: C:\WINDOWS\system32\svchost -k rpcss =20 Name: SamSs Description: Stores security information for local user accounts. Startup Mode: Auto Run from: C:\WINDOWS\system32\lsass.exe =20 Name: Schedule Description: Enables a user to configure and schedule automated tasks = on this computer. If this service is stopped, these tasks will not be = run at their scheduled times. If this service is disabled, any services = that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: seclogon Description: Enables starting processes under alternate credentials. = If this service is stopped, this type of logon access will be = unavailable. If this service is disabled, any services that explicitly = depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: SENS Description: Tracks system events such as Windows logon, network, and = power events. Notifies COM+ Event System subscribers of these events. Startup Mode: Auto Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs =20 Name: ShellHWDetection Description:=20 Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: Spooler Description: Loads files to memory for later printing. Startup Mode: Auto Run from: C:\WINDOWS\system32\spoolsv.exe =20 Name: srservice Description: Performs system restore functions. To stop service, turn = off System Restore from the System Restore tab in My = Computer-Properties Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: SSDPSRV Description: Enables discovery of UPnP devices on your home network. Startup Mode: Manual Run from: C:\WINDOWS\System32\svchost.exe -k LocalService =20 Name: stisvc Description: Provides image acquisition services for scanners and = cameras. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k imgsvc =20 Name: Symantec Core LC Description: Symantec Core LC Startup Mode: Auto Run from: C:\Program Files\Common Files\Symantec = Shared\CCPD-LC\symlcsvc.exe =20 Name: TapiSrv Description: Provides Telephony API (TAPI) support for programs that = control telephony devices and IP based voice connections on the local = computer and, through the LAN, on servers that are also running the = service. Startup Mode: Manual Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: TermService Description: Allows multiple users to be connected interactively to a = machine as well as the display of desktops and applications to remote = computers. The underpinning of Remote Desktop (including RD for = Administrators), Fast User Switching, Remote Assistance, and Terminal = Server. Startup Mode: Manual Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: Themes Description: Provides user experience theme management. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: TrkWks Description: Maintains links between NTFS files within a computer or = across computers in a network domain. Startup Mode: Auto Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs =20 Name: uploadmgr Description: Manages synchronous and asynchronous file transfers = between clients and servers on the network. If this service is stopped, = synchronous and asynchronous file transfers between clients and servers = on the network will not occur. If this service is disabled, any services = that explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: W32Time Description: Maintains date and time synchronization on all clients = and servers in the network. If this service is stopped, date and time = synchronization will be unavailable. If this service is disabled, any = services that explicitly depend on it will fail to start. =20 Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs =20 Name: WebClient Description: Enables Windows-based programs to create, access, and = modify Internet-based files. If this service is stopped, these functions = will not be available. If this service is disabled, any services that = explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k LocalService =20 Name: winmgmt Description: Provides a common interface and object model to access = management information about operating system, devices, applications and = services. If this service is stopped, most Windows-based software will = not function properly. If this service is disabled, any services that = explicitly depend on it will fail to start. Startup Mode: Auto Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs =20 Name: wuauserv Description: Enables the download and installation of critical Windows = updates. If the service is disabled, the operating system can be = manually updated at the Windows Update Web site. Startup Mode: Auto Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs =20 Name: WZCSVC Description: Provides automatic configuration for the 802.11 adapters Startup Mode: Auto Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs |
Ads |
Thread Tools | |
Display Modes | |
|
|