Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
Msg says that a network resource is unavailable. and something about Power Quest Drive Image.
And in the box says: Error is Use Source: "C:\DOCUME1\Owner\LOCALS1\Temp_isC\ "
1) How do I restore Rt click option / features ?
2) where can I find version 7 of PowerQuest Drive Image ?
I tried symantecs site and OldApps.com
3) I can not uninstall Drive Image:
here is the Highjack this log and thanks in advance (oh, I have Bit Defender as my A/V)
Logfile of HijackThis v1.99.1
Up To Date Version of HijackThis
You are using the latest version of HijackThis. Check www.merijn.org frequently for updates.
Scan saved at 5:07:28 PM, on 01/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
Smss.exe
What is it?
Session Manager SubSystem - smss.exe
What does it do?
smss.exe - This is the session manager subsystem, which is responsible for starting the user session. This process is initiated by the system thread and is responsible for various activities, including launching the Winlogon and Win32 (Csrss.exe) processes and setting system variables. After it has launched these processes, it waits for either Winlogon or Csrss to end. If this happens "normally," the system shuts down; if it happens unexpectedly, Smss.exe causes the system to stop responding (hang).
Additional Reading:
Smss.exe does not resolve forward references in environment
You will not be able to end this through task manager!
More info
Virus Precaution:
The smss.exe which is from Microsoft is located at c:windowsSystem32smss.exe . We've been able to find several viruses that run as smss to trick you.
Adware.Advision - Symantec Corporation
Adware.DreamAd - Symantec Corporation
Backdoor.IRC.Aladinz.O - Symantec Corporation
Backdoor.IRC.Flood.F - Symantec Corporation
W32.Dalbug.Worm - Symantec Corporation
W32.Resdoc - Symantec Corporation
C:\WINDOWS\system32\csrss.exe
csrss.exe
What is it?
csrss.exe - Client/Server Runtime Server Subsystem
What does it do?
This is the user-mode portion of the Win32 subsystem (with Win32.sys being the kernel-mode portion). Csrss stands for client/server run-time subsystem and is an essential subsystem that must be running at all times. Csrss is responsible for console windows, creating and/or deleting threads, and some parts of the 16-bit virtual MS-DOS environment.
You will not be able to end this through task manager!
More info
Virus Precaution:
The csrss.exe which is from Microsoft is located in the c:windowsSystem32 folder. We've been able to find one virus that runs as csrss.exe to fool you.
Nimda.E - Symantec Corporation
C:\WINDOWS\system32\winlogon.exe
Winlogon.exe
What is it?
Windows Logon Process - Winlogon.exe
What does it do?
Direct Quote from here:
This is the process responsible for managing user logon and logoff. Moreover, Winlogon is active only when the user presses CTRL+ALT+DEL, at which point it shows the security dialog box.
Search MS for more info: Link
Virus Precaution:
The original Winlogon.exe from Microsoft gets placed in the C:WINDOWSSystem32 directory. if you find it anywhere else then you should be suspicious for sure.
You'll want to keep an eye on this google search for any known viruses. We've been able to find only 1 report of a virus so far.
Troj/Madr-B @ Sophos
Netsky.D @ Trend Micro
C:\WINDOWS\system32\services.exe
services.exe
services.exe is a part of Windows that manages the processes. Anytime a service starts or stops it is through services.exe. During system startup and shutdown is when this process sees most of its action. You should never end this process unless it is running outside of your windows system folder.
C:\WINDOWS\system32\lsass.exe
lsass.exe
What is it?
Local Security Authentication Server - lsass.exe
What does it do?
lsass.exe - It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.
You will not be able to end this through task manager!
From MS
The lsass.exe which is from Microsoft is located at c:windowsSystem32lsass.exe . there's a few viruses that have been found to run as lsass.exe to hide from you.
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
incdsrv.exe
What is it?
incdsrv.exe is the primary executable for the Ahead INCD application.
What does it do?
Rewritable CDs and DVDs can be formatted to allow them to be written from any program, as if they were large disks or hard drives.
More info:
http://www.nero.com/...nCD_4_prev.html
C:\WINDOWS\system32\svchost.exe
Svchost.exe
What is it?
Service Host Process - svchost.exe
What does it do?
Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.
Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost
Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService
If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.
1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt
Here's an example of what I got when I issued this command if you'd like to take a look at an example.
A Description of Svchost.exe in Windows XP:
http://support.micro...om/?kbid=314056
More Info
More Info
Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.
You'll want to keep an eye on this google search for any known viruses.
C:\WINDOWS\system32\svchost.exe
Svchost.exe
What is it?
Service Host Process - svchost.exe
What does it do?
Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.
Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost
Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService
If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.
1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt
Here's an example of what I got when I issued this command if you'd like to take a look at an example.
A Description of Svchost.exe in Windows XP:
http://support.micro...om/?kbid=314056
More Info
More Info
Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.
You'll want to keep an eye on this google search for any known viruses.
C:\WINDOWS\System32\svchost.exe
Svchost.exe
What is it?
Service Host Process - svchost.exe
What does it do?
Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.
Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost
Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService
If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.
1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt
Here's an example of what I got when I issued this command if you'd like to take a look at an example.
A Description of Svchost.exe in Windows XP:
http://support.micro...om/?kbid=314056
More Info
More Info
Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.
You'll want to keep an eye on this google search for any known viruses.
C:\WINDOWS\system32\svchost.exe
Svchost.exe
What is it?
Service Host Process - svchost.exe
What does it do?
Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.
Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost
Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService
If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.
1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt
Here's an example of what I got when I issued this command if you'd like to take a look at an example.
A Description of Svchost.exe in Windows XP:
http://support.micro...om/?kbid=314056
More Info
More Info
Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.
You'll want to keep an eye on this google search for any known viruses.
C:\WINDOWS\system32\svchost.exe
Svchost.exe
What is it?
Service Host Process - svchost.exe
What does it do?
Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.
Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost
Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService
If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.
1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt
Here's an example of what I got when I issued this command if you'd like to take a look at an example.
A Description of Svchost.exe in Windows XP:
http://support.micro...om/?kbid=314056
More Info
More Info
Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.
You'll want to keep an eye on this google search for any known viruses.
C:\WINDOWS\system32\svchost.exe
Svchost.exe
What is it?
Service Host Process - svchost.exe
What does it do?
Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.
Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost
Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService
If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.
1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt
Here's an example of what I got when I issued this command if you'd like to take a look at an example.
A Description of Svchost.exe in Windows XP:
http://support.micro...om/?kbid=314056
More Info
More Info
Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.
You'll want to keep an eye on this google search for any known viruses.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
C:\WINDOWS\Explorer.EXE
explorer.exe
What is it?
Windows Explorer - explorer.exe
What does it do?
explorer.exe - Below is a direct quote from Microsoft found on THIS page:
This is the user shell, which we see as the familiar taskbar, desktop, and so on. This process isn't as vital to the running of Windows as you might expect, and can be stopped (and restarted) from Task Manager, usually with no negative side effects on the system.
I have found that stopping this process is needed sometimes to stop some other processes.
More Info
More Info
Virus Precaution:
The original file from Microsoft gets placed at C:WINDOWSSystem32explorer.exe . if you find it anywhere else then you should be suspicious for sure.
You'll want to keep an eye on this google search for any known viruses. There's only one unique virus found through this search. All of the results are the various names of this single virus.
Deloder-A @ Sophos
MyDoom.B @ Symantec
C:\WINDOWS\system32\spoolsv.exe
Spoolsv.exe
What is it?
SPOOLer SerVice - spoolsv.exe
What does it do?
spoolsv.exe - The spooler service is responsible for managing spooled print/fax jobs
You will be able to end this through task manager!
More info
Virus Precaution:
The spoolsv.exe which is from Microsoft is located at c:windowsSystem32spoolsv.exe . We've been able to find several viruses that run as spoolsv to trick you.
Backdoor.Ciadoor.B - Symantec Corporation
Hacktool.Privshell - Symantec Corporation
VBS.Masscal.Worm (vbs) - Symantec Corporation
Graybird-A @ Sophos
C:\Program Files\Tray Commander Lite\TC.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
C:\WINDOWS\system32\RUNDLL32.EXE
rundll32.exe
What is it?
Run a DLL as an App - rundll32.exe
What does it do?
Direct Quote from MS: (Source)
Microsoft Windows 95, Windows 98, and Windows Millennium Edition (Me) contains two command-line utility programs named Rundll.exe and Rundll32.exe that allow you to invoke a function exported from a DLL, either 16-bit or 32-bit. However, Rundll and Rundll32 programs do not allow you to call any exported function from any DLL. For example, you can not use these utility programs to call the Win32 API (Application Programming Interface) calls exported from the system DLLs. The programs only allow you to call functions from a DLL that are explicitly written to be called by them. This article provides more details on the use of Rundll and Rundll32 programs under the Windows operating systems listed above.
More Info
More Info
Virus Precaution:
The original file from Microsoft gets placed in the Located at C:WINDOWSSystem32 undll32.exe . If you find it anywhere else then you should be suspicious for sure.
You'll want to keep an eye on this google search for any known viruses.
.
W32.Miroot.Worm @ Symantec
Backdoor.Lastdoor @ Symantec
Trojan.StartPage @ Symantec
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
bdagent.exe
We Don't know! Please post a comment with information about this file
C:\Program Files\iTunes\iTunesHelper.exe
iTunesHelper.exe
iTunesHelper.exe belongs to Apples Itunes which is an online MP3 store. Ituneshelper.exe will play the music and it also monitors for when you plug your ipod in so it can transfer files over to it.
Ipod's rock... Even with the horrible U2... U2 sucks and Bono needs to keep his mouth shut and out of politics. Nobody cares what a musician thinks.
Oh wait, Bono isn't a musician....
C:\Program Files\SignupShield\bin\signupshield.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
C:\Program Files\Weather Watcher\ww.exe
ww.exe
ww.exe - This provides you with features to get weather reports, this is non essential.
C:\Program Files\POP Peeper\POPPeeper.exe
POPPeeper.exe
POPPeeper.exe - This lets you read your multi account hotmail and other server e-mails.
C:\Program Files\Iconoid\iconoid.exe
iconoid.exe
iconoid.exe - This is a desktop icon manager.
C:\WINDOWS\system32\DrvMon.exe
DrvMon.exe
We Don't know! Please post a comment with information about this file
C:\WINDOWS\system32\ctfmon.exe
ctfmon.exe
What is it?
Language bar AKA Alternative User Input Services - ctfmon.exe
What does it do?
ctfmon.exe - it's an ever annoying helper tool that comes rather unexpectedly at times and liked by nearly nobody.
Ctfmon.exe monitors the active windows and provides text input service support for speech recognition, handwriting recognition, keyboard, translation, and other alternative user input technologies.
Loads of information can be found on microsoft's site here.
Unless you're using anything in that list above you'll want to stop this file from loading!
How do I get rid of it?
There's been a number of threads in our forum as well as others about this. A typical thread can be found here.
control panel --> regional and language options --> languages tab --> details button --> language bar button
Virus Precaution:
Just like so many of the other files I've written about so far, ctfmon.exe is located in the c:windowsSystem32ctfmon.exe. At the time of this writing there isn't any spyware, viruses or anything like that masking itself as this file. If you find any info on one then please let me know!
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
C:\WINDOWS\System32\aniServ.exe
aniServ.exe
We Don't know! Please post a comment with information about this file
C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
FirefoxPreloader.exe
FirefoxPreloader.exe - This is used by firefox to load portions of the program into memory so it's launched quicker.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
hpqtra08.exe
What is it?
hpqtra08.exe is a file associated with HP imaging software
What does it do?
provies a system?tray icon to quickly?monitor scans,?faxes and for?quick access to HP?diagnotic applications.
More info:
www.hp.com
C:\WINDOWS\system32\svchost.exe
Svchost.exe
What is it?
Service Host Process - svchost.exe
What does it do?
Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.
Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost
Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService
If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.
1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt
Here's an example of what I got when I issued this command if you'd like to take a look at an example.
A Description of Svchost.exe in Windows XP:
http://support.micro...om/?kbid=314056
More Info
More Info
Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.
You'll want to keep an eye on this google search for any known viruses.
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
dtsrvc.exe
We Don't know! Please post a comment with information about this file
C:\WINDOWS\System32\GEARSec.exe
gearsec.exe
What is it?
Gear Software's Recording Engine - Gearsec.exe
What does it do?
gearsec.exe - DVD x COPY , itunes and Power Quest's Drive Image are the most popular programs that utilize this software. You can find more information about Gear Software here. I do not believe that there is any form of spyware, adware or call home functions in this file. It should be harmless. Basically it gives a number of third part applications the ability to burn CDs and DVDs.
Virus Precautions:
You'll want to keep an eye on this google search for any known viruses. The normal location of gearsec.exe is your dystem% directory which is normally C:WINDOWSSystem32gearsec.exe. At this time my search shows nothing.
C:\Program Files\Logitech\SetPoint\SetPoint.exe
SetPoint.exe
SetPoint.exe - This is with logitech setpoint event manager, this is non essential.
C:\Program Files\CDBurnerXP\NMSAccessU.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
C:\Program Files\shortkey\SHORTKEY.EXE
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
C:\WINDOWS\system32\nvsvc32.exe
nvsvc32.exe
What is it?
NVIDIA Driver Helper Service - nvsvc32.exe
What does it do?
nvsvc32.exe - For all of you that have video cards that utilize one of the Nvidia chipsets running under Windows NT4/2k/XP/2k3 they install a driver help service. We have emailed Nvidia asking them about this but haven't been able to get a response. I was able to to end this task without any issues.
There have been a number of reports that say this service is the root of some nasty shutdown slowdowns! Even though I haven't experienced this personally, Black Viper is a source that I trust and he has stated this service has caused extreme slowdowns during shutdown.
There's been a number of rumors posted that state that this is some form of spyware. I have not found it to transmit any form of data while I've been using it. I also don't believe Nvidia is stupid enough to package spyware and send it to their massive installation base.
You'll want to visit nvidia.com for more information about them and their products. You may also want to download the latest drivers from them.
Virus Precaution:
nvsvc32.exe is located at c:windowsSystem32 vsvc32.exe . We've been unable to find any threats that run as nvsvc32.exe to trick you.
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PDAgent.exe
We Don't know! Please post a comment with information about this file
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
KHALMNPR.EXE
KHALMNPR.EXE - For a Logitech Bluetooth wireless mouse. Part of SetPoint that sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint
C:\WINDOWS\system32\svchost.exe
Svchost.exe
What is it?
Service Host Process - svchost.exe
What does it do?
Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.
Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost
Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService
If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.
1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt
Here's an example of what I got when I issued this command if you'd like to take a look at an example.
A Description of Svchost.exe in Windows XP:
http://support.micro...om/?kbid=314056
More Info
More Info
Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.
You'll want to keep an eye on this google search for any known viruses.
C:\Program Files\ThreatFire\TFService.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
C:\Program Files\UPHClean\uphclean.exe
uphclean.exe
What is it?
uphclean.exe is associated with Windows User profile cleanup utility.
What does it do?
Quote from MS
"A service to help with slow log off and unreconciled profile problems."
More info:
Read more about uphclean.exe @ Microsoft.com
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
PQV2iSvc.exe
What is it?
PQV2iSvc.exe is part of Power Quest drive image and norton Ghost drive backup software.
What does it do?
Create complete drive backups, restore files, schedual automatic backup and restore tasks
More info:
May cause resources to be gobbled up?resulting in?heavy page file swapping. This?might be a problem durring drive imaging. Try restarting without virtual memory then perform drive images and backups with this software.
http://www.symantec....ghost_personal/
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
hpqimzone.exe
Yet another HP configuration tool. Its rediculous how many different processes HP installs. This one is not needed.
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
xcommsvr.exe
What is it?
xcommsvr.exe is part of an antivirus?application called bit defender.
What does it do?
Bit defender helps protect?the PC?against virus infections
More info:
Read more?at www.bitdefender.com
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
livesrv.exe
livesrv.exe is a part of BitDefender Security update service. There are some reports of a trojan using this file name so you will want to double check this.
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
vsserv.exe
What is it?
vsserv.exe is part of the bit defender antivirus application.
What does it do?
Bit defender helps protect the PC from virus infections.
More info:
Read more at www.bitdefender.com
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
HPQSTE08.EXE
HPQSTE08.EXE is yet another HP process related to your camera or printer which is used for extra configuration options.
C:\Program Files\iPod\bin\iPodService.exe
iPodService.exe
iPodService.exe monitors for when you connect your ipod. see also ituneshelper.exe. Ipods are great and if you own one you are slightly cooler than me.
C:\WINDOWS\System32\svchost.exe
Svchost.exe
What is it?
Service Host Process - svchost.exe
What does it do?
Here's a direct quote from MS about this: (source)
Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.
Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost
Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService
If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.
1.) Start --> Run --> cmd
2.) Tasklist /svc >C:ianaginfo.txt
Here's an example of what I got when I issued this command if you'd like to take a look at an example.
A Description of Svchost.exe in Windows XP:
http://support.micro...om/?kbid=314056
More Info
More Info
Virus Precaution:
The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.
You'll want to keep an eye on this google search for any known viruses.
C:\WINDOWS\System32\alg.exe
alg.exe
What is it?
Application Layer Gateway - alg.exe
What does it do?
This program provides optional utilities like the Windows Firewall and ICS. If you're not using either one of them then you should not be seeing this program run.
You CAN end this process through task manager. ICS and the Windows firewall will quit working though.
More Reading
Virus Precaution:
The alg.exe which is from Microsoft is located at c:windowsSystem32alg.exe .
C:\WINDOWS\system32\HPZinw12.exe
HPZINW12.EXE
We Don't know! Please post a comment with information about this file
C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
What is it?
Mozilla Firefox - firefox.exe
What does it do?
firefox.exe - This is Mozilla Firefox my personal favorite browser. It is the slimmed down browser only project based upon Mozilla code.
Virus Precautions:
You'll want to keep an eye on this google search for any known viruses. The normal location of this file is C:Program FilesMozilla Firefoxfirefox.exe
C:\WINDOWS\system32\HPZipm12.exe
HPZipm12.exe
HPZipm12.exe is a part of the HP driver package. It helps keep your printer functioning properly. Leave this process alone. Ending it may cause your printer to to quit functioning properly.
C:\WINDOWS\system32\msiexec.exe
MsiExec.exe
MsiExec.exe is the executable for the windows installer. This should only be running while you are running an installer. If this is still running after the installer has completed it should be safe to end this process.
C:\Program Files\Outlook Express\msimn.exe
msimn.exe
msimn.exe is Microsoft's free email reader Outlook Express. Everybody has it. Everybody uses it. Everybody hates it.
Typical MS product.
Complain all you want... You're using it aren't you?
C:\WINDOWS\system32\wbem\wmiprvse.exe
wmiprvse.exe
What is it?
Windows Management Instrumentation Provider Host program - wmiprvse.exe
What does it do?
Here's a direct quote from MS about this: (source)
Effective management of PC and server systems in an enterprise network benefits from well-instrumented computer software and hardware, which allow system components to be monitored and controlled, both locally and remotely. Microsoft is committed to simplifying instrumentation of hardware and software under Microsoft? Windows? operating systems. Microsoft is also committed to providing consistent access to this instrumentation for both Windows-based management systems and legacy management systems that are hosted in other environments.
In Win98/NT/2000 this is a seperate process whereas in XP it is a part of svchost
More Info
More Info
See Also wmiexe.exe
Virus Precaution:
The original file from Microsoft gets placed in the Located at C:WINDOWSSystem32wbemwmiprvse.exe . If you find it anywhere else then you should be suspicious for sure.
You'll want to keep an eye on this google search for any known viruses.
.
W32/Sonebot-B @ Sophos.com
C:\Documents and Settings\Owner\Desktop\Utilities\Hi-Jack This\HijackThis.exe
HijackThis.exe
This is our favorite application for fighting against malware and other trashy application that bog systems down. Our guide to using this software can be found here. We have also taken the time to write a system to process the log files created from this application here.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
Internet Start Page
This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
File Missing
When a file is missing, you should always have HijackThis fix the item.
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
Unnamed BHO
ssv.dll - Related to Sun_Java_software http://java.com/en/download/index.jsp
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
Tweak UI
tweakmeup"
O4 - HKLM\..\Run: [Tray Commander Lite] C:\Program Files\Tray Commander Lite\TC.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NvMediaCenter
NvTaskbarInit"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvCplDaemon
NvCplDaemon"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
iTunesHelper
Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
O4 - HKLM\..\Run: [signupshield] C:\Program Files\SignupShield\bin\signupshield.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
WeatherWatcher
"WeatherWatcher - weather reporting in the System Tray"
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - HKCU\..\Run: [Iconoid] "C:\Program Files\Iconoid\iconoid.exe"
Iconoid
"Iconoid is a desktop icon manager"
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
DrvMon.exe
"Alcor drive monitor software"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
Ctfmon.exe
"CoolWebSearch Ctfmon32 parasite variant"
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O4 - Startup: Shortcut to SysRestorePoint.lnk = C:\Documents and Settings\Owner\Desktop\Utilities\SysRestorePoint.exe
O4 - Global Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: ShortKeys Lite.lnk = C:\Program Files\shortkey\SHORTKEY.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Internet Explorer Restrictions
Spybot uses this to lock your homepage. Otherwise ask your administrator. If you're the administrator and you don't know what this is go ahead and clear it.
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Documents and Settings\Owner\Application Data\RssBandit\iecontext_subscribebandit.htm
Internet Right Click Menu
Most of the time this is garbage leave it only if you actually use this function. Otherwise for the sake of cleanliness get rid of this sucker. A wise man once said Cleanliness is next to godliness
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
Sun Java Console
Related to Sun Java
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
Sun Java Console
Related to Sun Java
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.
O11 - Options group: [INTERNATIONAL] International*
IE Advanced Options
This is rarely modified by programs.
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
Unnamed BHO
mcinsctl.cab - Mcaffee AV Related
O17 - HKLM\System\CCS\Services\Tcpip\..\{31AC0BC6-2B34-41B4-A2ED-17C04476A358}: NameServer = 192.168.2.1
Internet Settings
These may not be bad if your internet connection is set manually
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs Registry value autorun
Very few known *good* purposes of this. Norton Cleansweep being the headliner of good items
Loads a .dll into memory when a user logs in. Frequently used by VERY bad hijackers.
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
AppInit_DLLs Registry value autorun
Very few known *good* purposes of this. Norton Cleansweep being the headliner of good items
Loads a .dll into memory when a user logs in. Frequently used by VERY bad hijackers.
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
ShellServiceObjectDelayLoad Registry key autorun
HJT automatically weeds out the good ones here so we'll flag this as bad. Consult a HJT expert before cleaning anything.
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
GEARSecurity
Related to GEAR software.
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
HP Port Resolver
Related to Hewlett-Packard Company
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
HP Status Server
Related to Hewlett-Packard Company
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
InstallDriver Table Manager
Related to Macrovision Corporation.
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
InCD Helper
InCD Packet Writer service from Nero Burning ROM (Ahead Software)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
iPod Service
Related to Apple iPod.
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
NBService
Related to Nero Backup service. Note: Located in C:Program FilesNeroNero 7Nero BackItUp
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
NVIDIA Display Driver Service
NVidia
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
PDEngine
Raxco PerfectDisk
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Pml Driver HPZ12
Related to HP printers.
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
Unknown Item
Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
Attached Files
-
hijackthis__1_23_08_.txt 10.24KB
114 downloads
