Severe Download Trojan - Help :(

Posted 8/10/2009 4:53 AM
#75888
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Hmmm... nope <br/> <br/>There don't appear to be any kaspersky files there... <br/> <br/>And it still doesn't work :/ <br/> <br/>What should I do?
Posted 8/10/2009 11:43 PM
#75916
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
I would like to check services again, using a slightly different method. <br/> <br/> <br/>[code]@echo off <br/>SWSC queryex type= service state= all options= config,descriptions > getservice.txt <br/>notepad getservice.txt[/code] <br/>Open Notepad (Start - Run, type notepad and press Enter). <br/> <br/>Copy/paste the above text (inside the Code box) into the open text box, then save this directly to the getservice[ folder as "getservice5.bat" <br/> <br/>Be sure to include the "" quotes in the name. Important - this needs to be in the same location as the original getservice.bat file you ran earlier. <br/> <br/>Then click getservice.bat. A window should open briefly, then Notepad will open. Please paste the contents of that notepad as a reply to this post. FYI - this will be larger than the last GetService log.
Posted 8/12/2009 2:33 PM
#75960
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Ok, here it is. :) <br/> <br/> <br/> <br/>SERVICE_NAME: ALG <br/>DISPLAY_NAME: Application Layer Gateway Service <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1172 <br/> FLAGS : <br/> DESCRIPTION : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Application Layer Gateway Service <br/> SERVICE_START_NAME : NT AUTHORITY\LocalService <br/> <br/>SERVICE_NAME: AOL ACS <br/>DISPLAY_NAME: AOL Connectivity Service <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1912 <br/> FLAGS : <br/> DESCRIPTION : <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : AOL Connectivity Service <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: Apple Mobile Device <br/>DISPLAY_NAME: Apple Mobile Device <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Provides the interface to Apple mobile devices. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Apple Mobile Device <br/> DEPENDENCIES : Tcpip <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: AppMgmt <br/>DISPLAY_NAME: Application Management <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Provides software installation services such as Assign, Publish, and Remove. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Application Management <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: aspnet_state <br/>DISPLAY_NAME: ASP.NET State Service <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : ASP.NET State Service <br/> SERVICE_START_NAME : NT AUTHORITY\NetworkService <br/> <br/>SERVICE_NAME: aswUpdSv <br/>DISPLAY_NAME: avast! iAVS4 Control Service <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1344 <br/> FLAGS : <br/> DESCRIPTION : Provides automatic updating for the avast! antivirus. <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" <br/> LOAD_ORDER_GROUP : ShellSvcGroup <br/> TAG : 0 <br/> DISPLAY_NAME : avast! iAVS4 Control Service <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: AudioSrv <br/>DISPLAY_NAME: Windows Audio <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : AudioGroup <br/> TAG : 0 <br/> DISPLAY_NAME : Windows Audio <br/> DEPENDENCIES : PlugPlay <br/> : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: avast! Antivirus <br/>DISPLAY_NAME: avast! Antivirus <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1472 <br/> FLAGS : <br/> DESCRIPTION : Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler. <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\ashServ.exe" <br/> LOAD_ORDER_GROUP : ShellSvcGroup <br/> TAG : 0 <br/> DISPLAY_NAME : avast! Antivirus <br/> DEPENDENCIES : aswMon2 <br/> : RpcSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: avast! Mail Scanner <br/>DISPLAY_NAME: avast! Mail Scanner <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 524 <br/> FLAGS : <br/> DESCRIPTION : Implements mail scanning for avast! antivirus. <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service <br/> LOAD_ORDER_GROUP : ShellSvcGroup <br/> TAG : 0 <br/> DISPLAY_NAME : avast! Mail Scanner <br/> DEPENDENCIES : avast! Antivirus <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: avast! Web Scanner <br/>DISPLAY_NAME: avast! Web Scanner <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 544 <br/> FLAGS : <br/> DESCRIPTION : Implements web (HTTP) scanning for avast! antivirus. <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service <br/> LOAD_ORDER_GROUP : ShellSvcGroup <br/> TAG : 0 <br/> DISPLAY_NAME : avast! Web Scanner <br/> DEPENDENCIES : avast! Antivirus <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: BITS <br/>DISPLAY_NAME: Background Intelligent Transfer Service <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Background Intelligent Transfer Service <br/> DEPENDENCIES : Rpcss <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: Bonjour Service <br/>DISPLAY_NAME: Bonjour Service <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence, so that users can discover and use those services without any unnecessary manual setup or administration. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Bonjour\mDNSResponder.exe" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Bonjour Service <br/> DEPENDENCIES : Tcpip <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: CiSvc <br/>DISPLAY_NAME: Indexing Service <br/> TYPE : 120 WIN32_SHARE_PROCESS (interactive) <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. <br/> <br/> TYPE : 120 WIN32_SHARE_PROCESS (interactive) <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\cisvc.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Indexing Service <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: ClipSrv <br/>DISPLAY_NAME: ClipBook <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : ClipBook <br/> DEPENDENCIES : NetDDE <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: clr_optimization_v2.0.50727_32 <br/>DISPLAY_NAME: .NET Runtime Optimization Service v2.0.50727_X86 <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Microsoft .NET Framework NGEN <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 0 IGNORE <br/> BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : .NET Runtime Optimization Service v2.0.50727_X86 <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: COMSysApp <br/>DISPLAY_NAME: COM+ System Application <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : COM+ System Application <br/> DEPENDENCIES : rpcss <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: Cryptsvc <br/>DISPLAY_NAME: Cryptsvc <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : CryptSvc <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: DcomLaunch <br/>DISPLAY_NAME: DCOM Server Process Launcher <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 896 <br/> FLAGS : <br/> DESCRIPTION : Provides launch functionality for DCOM services. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k DcomLaunch <br/> LOAD_ORDER_GROUP : Event Log <br/> TAG : 0 <br/> DISPLAY_NAME : DCOM Server Process Launcher <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: Dhcp <br/>DISPLAY_NAME: DHCP Client <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Manages network configuration by registering and updating IP addresses and DNS names. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : TDI <br/> TAG : 0 <br/> DISPLAY_NAME : DHCP Client <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: dmadmin <br/>DISPLAY_NAME: Logical Disk Manager Administrative Service <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Configures hard disk drives and volumes. The service only runs for configuration processes and then stops. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Logical Disk Manager Administrative Service <br/> DEPENDENCIES : RpcSs <br/> : PlugPlay <br/> : DmServer <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: dmserver <br/>DISPLAY_NAME: Logical Disk Manager <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Logical Disk Manager <br/> DEPENDENCIES : RpcSs <br/> : PlugPlay <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: Dnscache <br/>DISPLAY_NAME: DNS Client <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1120 <br/> FLAGS : <br/> DESCRIPTION : Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService <br/> LOAD_ORDER_GROUP : TDI <br/> TAG : 0 <br/> DISPLAY_NAME : DNS Client <br/> DEPENDENCIES : Tcpip <br/> SERVICE_START_NAME : NT AUTHORITY\NetworkService <br/> <br/>SERVICE_NAME: Dot3svc <br/>DISPLAY_NAME: Wired AutoConfig <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : This service performs IEEE 802.1X authentication on Ethernet interfaces <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k dot3svc <br/> LOAD_ORDER_GROUP : TDI <br/> TAG : 0 <br/> DISPLAY_NAME : Wired AutoConfig <br/> DEPENDENCIES : Ndisuio <br/> : eaphost <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: EapHost <br/>DISPLAY_NAME: Extensible Authentication Protocol Service <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Provides windows clients Extensible Authentication Protocol Service <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k eapsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Extensible Authentication Protocol Service <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : localSystem <br/> <br/>SERVICE_NAME: ERSvc <br/>DISPLAY_NAME: Error Reporting Service <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Allows error reporting for services and applictions running in non-standard environments. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 0 IGNORE <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Error Reporting Service <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: Eventlog <br/>DISPLAY_NAME: Event Log <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 700 <br/> FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS <br/> DESCRIPTION : Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe <br/> LOAD_ORDER_GROUP : Event log <br/> TAG : 0 <br/> DISPLAY_NAME : Event Log <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: EventSystem <br/>DISPLAY_NAME: COM+ Event System <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : Network <br/> TAG : 0 <br/> DISPLAY_NAME : COM+ Event System <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: FastUserSwitchingCompatibility <br/>DISPLAY_NAME: Fast User Switching Compatibility <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Provides management for applications that require assistance in a multiple user environment. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Fast User Switching Compatibility <br/> DEPENDENCIES : TermService <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: FontCache3.0.0.0 <br/>DISPLAY_NAME: Windows Presentation Foundation Font Cache 3.0.0.0 <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Windows Presentation Foundation Font Cache 3.0.0.0 <br/> SERVICE_START_NAME : NT AUTHORITY\LocalService <br/> <br/>SERVICE_NAME: gusvc <br/>DISPLAY_NAME: Google Updater Service <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 0 IGNORE <br/> BINARY_PATH_NAME : "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Google Updater Service <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: helpsvc <br/>DISPLAY_NAME: Help and Support <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Help and Support <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: HidServ <br/>DISPLAY_NAME: Human Interface Device Access <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Human Interface Device Access <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: hkmsvc <br/>DISPLAY_NAME: Health Key and Certificate Management Service <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Manages health certificates and keys (used by NAP) <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Health Key and Certificate Management Service <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : localSystem <br/> <br/>SERVICE_NAME: HTTPFilter <br/>DISPLAY_NAME: HTTP SSL <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 2828 <br/> FLAGS : <br/> DESCRIPTION : This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k HTTPFilter <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : HTTP SSL <br/> DEPENDENCIES : HTTP <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: idsvc <br/>DISPLAY_NAME: Windows CardSpace <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Securely enables the creation, management, and disclosure of digital identities. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Windows CardSpace <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: ImapiService <br/>DISPLAY_NAME: IMAPI CD-Burning COM Service <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\imapi.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : IMAPI CD-Burning COM Service <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: iPod Service <br/>DISPLAY_NAME: iPod Service <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : iPod hardware management services <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\iPod\bin\iPodService.exe" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : iPod Service <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: JavaQuickStarterService <br/>DISPLAY_NAME: Java Quick Starter <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Prefetches JRE files for faster startup of Java applets and applications <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Java Quick Starter <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: lanmanserver <br/>DISPLAY_NAME: Server <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Server <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: Lavasoft Ad-Aware Service <br/>DISPLAY_NAME: Lavasoft Ad-Aware Service <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1356 <br/> FLAGS : <br/> DESCRIPTION : Ad-Aware Service <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" <br/> LOAD_ORDER_GROUP : ShellSvcGroup <br/> TAG : 0 <br/> DISPLAY_NAME : Lavasoft Ad-Aware Service <br/> DEPENDENCIES : RpcSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: LightScribeService <br/>DISPLAY_NAME: LightScribeService Direct Disc Labeling Service <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 0 IGNORE <br/> BINARY_PATH_NAME : "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : LightScribeService Direct Disc Labeling Service <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: LmHosts <br/>DISPLAY_NAME: TCP/IP NetBIOS Helper <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1296 <br/> FLAGS : <br/> DESCRIPTION : Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService <br/> LOAD_ORDER_GROUP : TDI <br/> TAG : 0 <br/> DISPLAY_NAME : TCP/IP NetBIOS Helper <br/> DEPENDENCIES : NetBT <br/> : Afd <br/> SERVICE_START_NAME : NT AUTHORITY\LocalService <br/> <br/>SERVICE_NAME: mnmsrvc <br/>DISPLAY_NAME: NetMeeting Remote Desktop Sharing <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\mnmsrvc.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : NetMeeting Remote Desktop Sharing <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: MSDTC <br/>DISPLAY_NAME: Distributed Transaction Coordinator <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\msdtc.exe <br/> LOAD_ORDER_GROUP : MS Transactions <br/> TAG : 1 <br/> DISPLAY_NAME : Distributed Transaction Coordinator <br/> DEPENDENCIES : RPCSS <br/> : SamSS <br/> SERVICE_START_NAME : NT AUTHORITY\NetworkService <br/> <br/>SERVICE_NAME: MSIServer <br/>DISPLAY_NAME: Windows Installer <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\msiexec.exe /V <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Windows Installer <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: napagent <br/>DISPLAY_NAME: Network Access Protection Agent <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Allows windows clients to participate in Network Access Protection <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Network Access Protection Agent <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : localSystem <br/> <br/>SERVICE_NAME: NBService <br/>DISPLAY_NAME: NBService <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Nero BackItUp Service is responsible to control all jobs created using Nero BackItUp. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, CD/DVD or FTP. <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : NBService <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: NetDDE <br/>DISPLAY_NAME: Network DDE <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe <br/> LOAD_ORDER_GROUP : NetDDEGroup <br/> TAG : 0 <br/> DISPLAY_NAME : Network DDE <br/> DEPENDENCIES : NetDDEDSDM <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: NetDDEdsdm <br/>DISPLAY_NAME: Network DDE DSDM <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Network DDE DSDM <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: Netman <br/>DISPLAY_NAME: Network Connections <br/> TYPE : 120 WIN32_SHARE_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. <br/> <br/> TYPE : 120 WIN32_SHARE_PROCESS (interactive) <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Network Connections <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: NetTcpPortSharing <br/>DISPLAY_NAME: Net.Tcp Port Sharing Service <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Provides ability to share TCP ports over the net.tcp protocol. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 4 DISABLED <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Net.Tcp Port Sharing Service <br/> SERVICE_START_NAME : NT AUTHORITY\LocalService <br/> <br/>SERVICE_NAME: Nla <br/>DISPLAY_NAME: Network Location Awareness (NLA) <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Collects and stores network configuration and location information, and notifies applications when this information changes. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Network Location Awareness (NLA) <br/> DEPENDENCIES : Tcpip <br/> : Afd <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: NMIndexingService <br/>DISPLAY_NAME: NMIndexingService <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 480 <br/> FLAGS : <br/> DESCRIPTION : <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : NMIndexingService <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: NtmsSvc <br/>DISPLAY_NAME: Removable Storage <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Removable Storage <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: NVSvc <br/>DISPLAY_NAME: NVIDIA Display Driver Service <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1976 <br/> FLAGS : <br/> DESCRIPTION : Provides system and desktop level support to the NVIDIA display driver <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\nvsvc32.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : NVIDIA Display Driver Service <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: ose <br/>DISPLAY_NAME: Office Source Engine <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Office Source Engine <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: PlugPlay <br/>DISPLAY_NAME: Plug and Play <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 700 <br/> FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS <br/> DESCRIPTION : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe <br/> LOAD_ORDER_GROUP : PlugPlay <br/> TAG : 0 <br/> DISPLAY_NAME : Plug and Play <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: PolicyAgent <br/>DISPLAY_NAME: IPSEC Services <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1747 (0x6D3) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : IPSEC Services <br/> DEPENDENCIES : RPCSS <br/> : Tcpip <br/> : IPSec <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: ProtectedStorage <br/>DISPLAY_NAME: Protected Storage <br/> TYPE : 120 WIN32_SHARE_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 712 <br/> FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS <br/> DESCRIPTION : Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. <br/> <br/> TYPE : 120 WIN32_SHARE_PROCESS (interactive) <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Protected Storage <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: RasAuto <br/>DISPLAY_NAME: Remote Access Auto Connection Manager <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Remote Access Auto Connection Manager <br/> DEPENDENCIES : RasMan <br/> : Tapisrv <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: RasMan <br/>DISPLAY_NAME: Remote Access Connection Manager <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Creates a network connection. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Remote Access Connection Manager <br/> DEPENDENCIES : Tapisrv <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: RDSessMgr <br/>DISPLAY_NAME: Remote Desktop Help Session Manager <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Remote Desktop Help Session Manager <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: RemoteAccess <br/>DISPLAY_NAME: Routing and Remote Access <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Offers routing services to businesses in local area and wide area network environments. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 4 DISABLED <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Routing and Remote Access <br/> DEPENDENCIES : RpcSS <br/> : +NetBIOSGroup <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: RichVideo <br/>DISPLAY_NAME: Cyberlink RichVideo Service(CRVS) <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\CyberLink\Shared files\RichVideo.exe" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Cyberlink RichVideo Service(CRVS) <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: RpcSs <br/>DISPLAY_NAME: Remote Procedure Call (RPC) <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 4 RUNNING <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 940 <br/> FLAGS : <br/> DESCRIPTION : Provides the endpoint mapper and other miscellaneous RPC services. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss <br/> LOAD_ORDER_GROUP : COM Infrastructure <br/> TAG : 0 <br/> DISPLAY_NAME : Remote Procedure Call (RPC) <br/> SERVICE_START_NAME : NT Authority\NetworkService <br/> <br/>SERVICE_NAME: RSVP <br/>DISPLAY_NAME: QoS RSVP <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\rsvp.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : QoS RSVP <br/> DEPENDENCIES : TcpIp <br/> : Afd <br/> : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: SamSs <br/>DISPLAY_NAME: Security Accounts Manager <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 712 <br/> FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS <br/> DESCRIPTION : Stores security information for local user accounts. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe <br/> LOAD_ORDER_GROUP : LocalValidation <br/> TAG : 0 <br/> DISPLAY_NAME : Security Accounts Manager <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: SCardSvr <br/>DISPLAY_NAME: Smart Card <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 0 IGNORE <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe <br/> LOAD_ORDER_GROUP : SmartCardGroup <br/> TAG : 0 <br/> DISPLAY_NAME : Smart Card <br/> DEPENDENCIES : PlugPlay <br/> SERVICE_START_NAME : NT AUTHORITY\LocalService <br/> <br/>SERVICE_NAME: Schedule <br/>DISPLAY_NAME: Task Scheduler <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : SchedulerGroup <br/> TAG : 0 <br/> DISPLAY_NAME : Task Scheduler <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: seclogon <br/>DISPLAY_NAME: Secondary Logon <br/> TYPE : 120 WIN32_SHARE_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 120 WIN32_SHARE_PROCESS (interactive) <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 0 IGNORE <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Secondary Logon <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: SENS <br/>DISPLAY_NAME: System Event Notification <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : Network <br/> TAG : 0 <br/> DISPLAY_NAME : System Event Notification <br/> DEPENDENCIES : EventSystem <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: ServiceLayer <br/>DISPLAY_NAME: ServiceLayer <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : ServiceLayer <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: SharedAccess <br/>DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS) <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS) <br/> DEPENDENCIES : Netman <br/> : WinMgmt <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: ShellHWDetection <br/>DISPLAY_NAME: Shell Hardware Detection <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Provides notifications for AutoPlay hardware events. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 0 IGNORE <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : ShellSvcGroup <br/> TAG : 0 <br/> DISPLAY_NAME : Shell Hardware Detection <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: spooler <br/>DISPLAY_NAME: Print Spooler <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1772 <br/> FLAGS : <br/> DESCRIPTION : Loads files to memory for later printing. <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe <br/> LOAD_ORDER_GROUP : SpoolerGroup <br/> TAG : 0 <br/> DISPLAY_NAME : Print Spooler <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: srservice <br/>DISPLAY_NAME: System Restore Service <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : System Restore Service <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: SSDPSRV <br/>DISPLAY_NAME: SSDP Discovery Service <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1296 <br/> FLAGS : <br/> DESCRIPTION : Enables discovery of UPnP devices on your home network. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : SSDP Discovery Service <br/> DEPENDENCIES : HTTP <br/> SERVICE_START_NAME : NT AUTHORITY\LocalService <br/> <br/>SERVICE_NAME: stisvc <br/>DISPLAY_NAME: Windows Image Acquisition (WIA) <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 2024 <br/> FLAGS : <br/> DESCRIPTION : Provides image acquisition services for scanners and cameras. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k imgsvc <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Windows Image Acquisition (WIA) <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: SwPrv <br/>DISPLAY_NAME: MS Software Shadow Copy Provider <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 0 IGNORE <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\dllhost.exe /Processid:{E50F37F2-A6AB-4314-8D88-8706CC35844C} <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : MS Software Shadow Copy Provider <br/> DEPENDENCIES : rpcss <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: SysmonLog <br/>DISPLAY_NAME: Performance Logs and Alerts <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Performance Logs and Alerts <br/> SERVICE_START_NAME : NT Authority\NetworkService <br/> <br/>SERVICE_NAME: TapiSrv <br/>DISPLAY_NAME: Telephony <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Telephony <br/> DEPENDENCIES : PlugPlay <br/> : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: TermService <br/>DISPLAY_NAME: Terminal Services <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 896 <br/> FLAGS : <br/> DESCRIPTION : Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost -k DComLaunch <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Terminal Services <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: Themes <br/>DISPLAY_NAME: Themes <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Provides user experience theme management. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : UIGroup <br/> TAG : 0 <br/> DISPLAY_NAME : Themes <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: TrkWks <br/>DISPLAY_NAME: Distributed Link Tracking Client <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Maintains links between NTFS files within a computer or across computers in a network domain. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Distributed Link Tracking Client <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: UMWdf <br/>DISPLAY_NAME: Windows User Mode Driver Framework <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 140 <br/> FLAGS : <br/> DESCRIPTION : Enables Windows user mode drivers. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\wdfmgr.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Windows User Mode Driver Framework <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : NT AUTHORITY\LocalService <br/> <br/>SERVICE_NAME: upnphost <br/>DISPLAY_NAME: Universal Plug and Play Device Host <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Provides support to host Universal Plug and Play devices. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Universal Plug and Play Device Host <br/> DEPENDENCIES : SSDPSRV <br/> : HTTP <br/> SERVICE_START_NAME : NT AUTHORITY\LocalService <br/> <br/>SERVICE_NAME: UPS <br/>DISPLAY_NAME: Uninterruptible Power Supply <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Manages an uninterruptible power supply (UPS) connected to the computer. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Uninterruptible Power Supply <br/> SERVICE_START_NAME : NT AUTHORITY\LocalService <br/> <br/>SERVICE_NAME: usnjsvc <br/>DISPLAY_NAME: Messenger Sharing Folders USN Journal Reader service <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 2292 <br/> FLAGS : <br/> DESCRIPTION : Service installed by Messenger to enable sharing scenarios <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Windows Live\Messenger\usnsvc.exe" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Messenger Sharing Folders USN Journal Reader service <br/> DEPENDENCIES : rpcss <br/> : eventlog <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: VSS <br/>DISPLAY_NAME: Volume Shadow Copy <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Volume Shadow Copy <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: W32Time <br/>DISPLAY_NAME: Windows Time <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Windows Time <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: WebClient <br/>DISPLAY_NAME: WebClient <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1868 <br/> FLAGS : <br/> DESCRIPTION : Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService <br/> LOAD_ORDER_GROUP : NetworkProvider <br/> TAG : 0 <br/> DISPLAY_NAME : WebClient <br/> DEPENDENCIES : MRxDAV <br/> SERVICE_START_NAME : NT AUTHORITY\LocalService <br/> <br/>SERVICE_NAME: winmgmt <br/>DISPLAY_NAME: Windows Management Instrumentation <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 0 IGNORE <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Windows Management Instrumentation <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: WLSetupSvc <br/>DISPLAY_NAME: Windows Live Setup Service <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Windows Live Setup Service <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Windows Live Setup Service <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: WmdmPmSN <br/>DISPLAY_NAME: Portable Media Serial Number Service <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Portable Media Serial Number Service <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: WmiApSrv <br/>DISPLAY_NAME: WMI Performance Adapter <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Provides performance library information from WMI HiPerf providers. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\wbem\wmiapsrv.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : WMI Performance Adapter <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: WMPNetworkSvc <br/>DISPLAY_NAME: Windows Media Player Network Sharing Service <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Windows Media Player\WMPNetwk.exe" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Windows Media Player Network Sharing Service <br/> DEPENDENCIES : upnphost <br/> : http <br/> : HTTPFilter <br/> SERVICE_START_NAME : NT AUTHORITY\NetworkService <br/> <br/>SERVICE_NAME: wscsvc <br/>DISPLAY_NAME: Security Center <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Monitors system security settings and configurations. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Security Center <br/> DEPENDENCIES : RpcSs <br/> : winmgmt <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: wuauserv <br/>DISPLAY_NAME: Automatic Updates <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Automatic Updates <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: WudfSvc <br/>DISPLAY_NAME: Windows Driver Foundation - User-mode Driver Framework <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1076 <br/> FLAGS : <br/> DESCRIPTION : Manages user-mode driver host processes <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup <br/> LOAD_ORDER_GROUP : PlugPlay <br/> TAG : 0 <br/> DISPLAY_NAME : Windows Driver Foundation - User-mode Driver Framework <br/> DEPENDENCIES : PlugPlay <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: WZCSVC <br/>DISPLAY_NAME: Wireless Zero Configuration <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1036 <br/> FLAGS : <br/> DESCRIPTION : Provides automatic configuration for the 802.11 adapters <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : TDI <br/> TAG : 1 <br/> DISPLAY_NAME : Wireless Zero Configuration <br/> DEPENDENCIES : RpcSs <br/> : Ndisuio <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: xmlprov <br/>DISPLAY_NAME: Network Provisioning Service <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 1077 (0x435) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 0 <br/> FLAGS : <br/> DESCRIPTION : Manages XML configuration files on a domain basis for automatic network provisioning. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Network Provisioning Service <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem
Posted 8/12/2009 4:34 PM
#75961
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
very good, and all look correct. The earlier log had only shown the active services, and given the registry changes it was a good idea to check all of Win32 services. Let's go with a different follow-up scan for now. <br/> <br/> <br/>Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes: <br/> <br/>Remove found threats <br/>Scan unwanted applications <br/> <br/>Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please. <br/> <br/> <br/>If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.
Posted 8/12/2009 7:31 PM
#75967
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Here it is: <br/> <br/> <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP174\A0024258.exe probably a variant of Win32/Adware.Agent.NMA application deleted - quarantined <br/> <br/> <br/> <br/> <br/> <br/>:)
Posted 8/12/2009 10:48 PM
#75969
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Just one infected System Restore item, held harmless anyway unless a Restore had been done. We will be clearing that out shortly as part of some last steps here. On that note, post back how things are running there please. Any problems we still need to address before we do some last cleaning up steps? You have done very well, by the way.
Posted 8/12/2009 11:57 PM
#75972
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
I'm concerned that the windows update icon has appeared without my consent... <br/> <br/>When that's how the virus is supposed to download itself.. :/ <br/> <br/>Tom
Posted 8/13/2009 12:00 AM
#75973
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
I have two instances of wuauclt.exe <br/> <br/>What should I do?
Posted 8/13/2009 12:03 AM
#75974
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
And it keeps popping up again without my consent... HELP!
Posted 8/14/2009 12:05 AM
#75997
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Do you have Automatic Updating enable there? <br/> <br/>Go to Start - Run, type in wuaucpl.cpl and press OK. Is that set to do the updating automatically (which would keep creating instances of that file)?
Posted 8/14/2009 3:14 AM
#76007
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
And when you do post your reply here, instead of starting new threads, my response will be that your concerns were those files running, and disabling Automatic Updates stopped that. So try not to look for malicious activities if none are being picked up by scans or our reviews here. Any problems still there now before we do some last cleanup steps here?
Posted 8/14/2009 1:53 PM
#76017
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Ooh <br/> <br/>I hit the New Topic button instead of the Post Reply button... I apologize :) <br/> <br/>Thank you SO much for helping :) <br/> <br/>There don't seem to be any problems here... last clean up steps are go :P
Posted 8/15/2009 1:20 AM
#76031
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Very good - just some last steps now to finish things. <br/> <br/> <br/>Eset, if you don't plan to use it again, uninstalls through Add/Remove Programs. <br/> <br/> <br/>You can also at this time delete the files/folders of the tools we used. To assist with some of that you can use OTM one last time. <br/> <br/>Click OTM.exe to run it and click on Cleanup. You'll be asked if you want to begin cleanup process? Select Yes. <br/> <br/>OTM will search for and delete/uninstall many of the tools that we have used to fix your problems and all their backup folders and then delete itself when you next reboot. At the end of the run you will receive a prompt to reboot, but save that for the next step resetting Restore. <br/> <br/>--------- <br/> <br/>Then reset the System Restore. To do this, right-click My Computer and select Properties. Click the System Restore tab in the window that appears, and check the box that says "Turn off System Restore on all drives" and click Apply. <br/> <br/>You will be asked if you are sure, click Yes. This will delete the restore points. Then click OK in the Properties window and reboot your computer. <br/> <br/>When your desktop appears, right-click My Computer and select Properties once more. Uncheck the "Turn off System Restore..." box and click Apply. OK. <br/> <br/> <br/>In addition, I like to recommend reviewing the information Here to make sure you stay malware free.
Posted 8/16/2009 2:52 PM
#76076
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Thankyou :) <br/> <br/>Anything I can do in return?
Posted 8/16/2009 3:48 PM
#76083
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Feel free to follow the link under my posts and contribute to the worthy cause to eliminate tough types of cancer. But a thanks is A Okay as well. :smile:
Posted 8/16/2009 4:59 PM
#76085
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
I shall look into it :) <br/> <br/>And yes... thanks :P
Posted 9/4/2009 6:57 AM
#76913
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Crack post deleted

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Tuesday, December 6, 2016, 11:22 AM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 1 new threads and 2 reply posts.

Who's online

This forum has 37,965 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.