Results 1 to 10 of 10

Thread: Windows Vista Firewall Basic Question

  1. #1
    Junior Member
    Join Date
    Dec 2011
    Posts
    6

    Default Windows Vista Firewall Basic Question

    hi folks:
    first time poster here, apologies in advance if this is really basic.

    i have used both Spybot SD and MalwareBytes products to eliminate virus and malware periodically. i had a recent episode, but after my successful clearing of the problem with the help of those two apps, it appears that the Windows Firewall and/or Defender is/are disabled and cannot be turned back on. i do see Spyboth SD resident in my system tray, but i have understood that [perhaps incorrectly] not to be a true firewall.

    should i turn back on the Windows Firewall, and if so how? if there is something else other than Spybot interfering, how do i find out what it is? if i try to get an alternative firewall [i have seen references to Agnitum?], will i have the same interference problem?

    thanks in advance for any guidance.

    eric.

  2. #2
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,173

    Default

    Hello.
    You are correct,SD resident(teatimer) is not a firewall.

    This link shows how to turn on and turn off the Windows Firewall:
    http://www.computerhope.com/issues/ch000551.htm#1

    This link shows how to turn on Windows Defender:
    http://windows.microsoft.com/en-CA/w...nder-on-or-off
    You've tried turning both applications on as listed in the links above,and they are disabled?

    May I ask what antivirus you are currently using?

    I believe Spybot still detects if the Windows Firewall has been disabled.When running a scan with Spybot,does it find anything that looks similar to this?:
    Microsoft.WindowsSecurityCenter.FirewallDisabled

  3. #3
    Junior Member
    Join Date
    Dec 2011
    Posts
    6

    Default

    thanks, but i had already tried to turn the firewall and defender back on in those usual fashions.

    with defender, i get a "handle is invalid--cannot initiate" error message.

    with the firewall, i get a "due to unidentified problem, Windows cannot display Windows Firewall settings".

    eric.

  4. #4
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,173

    Default

    Which version of Vista do you have installed?(Vista Home Basic,Vista Home Premium,etc.)

    Click Start,type Services in the search box,then doubleclick Services.Scroll down the list,is Windows Firewall listed as a service,and is Windows Defender listed as a service?

    Could you please do this?
    • Produce a short log (showing items flagged)
    • Open SpyBot.
    • Check for problems.
    • When the scan completes, right click on the results list, select "Copy results to clipboard".
    • Paste (Ctrl+V) those results here.


    And could you also follow this link to show me a startup list from Spybot?
    http://www.safer-networking.org/en/howto/startup.html

    If you need any help doing any of the above,just post back here,and I'll do my best to walk you through it.

  5. #5
    Junior Member
    Join Date
    Dec 2011
    Posts
    6

    Default

    Vista Home Basic
    Firewall and Defender are not listed under services

    Spybot output below:

    --------------------------------------------------------------------------

    IWinGames: [SBI $3424BEDC] Settings (Registry key, nothing done)
    HKEY_CLASSES_ROOT\Installer\Features\4301AEBD288588A40833184CFEC0AF92

    IWinGames: [SBI $4209145D] Settings (Registry key, nothing done)
    HKEY_CLASSES_ROOT\Installer\Products\4301AEBD288588A40833184CFEC0AF92

    IWinGames: [SBI $15CB95A3] Settings (Registry key, nothing done)
    HKEY_CLASSES_ROOT\Installer\UpgradeCodes\80F08842F9EA1BE4BA4922DA74CDB698

    DoubleClick: Tracking cookie (Internet Explorer: eric) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-03-24 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-03-18 Includes\Adware.sbi (*)
    2011-12-27 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-11-29 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2011-03-29 Includes\Hijackers.sbi (*)
    2011-10-04 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-09-27 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2011-12-07 Includes\Malware.sbi (*)
    2011-12-20 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-12-27 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2011-02-24 Includes\Security.sbi (*)
    2011-12-13 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-10-18 Includes\Spyware.sbi (*)
    2011-10-18 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2011-09-28 Includes\Trojans.sbi (*)
    2011-12-12 Includes\TrojansC-02.sbi (*)
    2011-12-27 Includes\TrojansC-03.sbi (*)
    2011-12-27 Includes\TrojansC-04.sbi (*)
    2011-12-20 Includes\TrojansC-05.sbi (*)
    2011-12-12 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

    -------------------------------------------------------------------------

    i don't have a Tools list on the left side of Spybot SD (is my Spybot out of date?), but i did pull out the following from the Services Listing which appears to include startup status

    Name Description Status Startup Type Log On As
    Apple Mobile Device Provides the interface to Apple mobile devices. Started Automatic Local System
    Application Experience Processes application compatibility cache requests for applications as they are launched Started Automatic Local System
    Application Information Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks. Started Manual Local System
    Application Layer Gateway Service Provides support for 3rd party protocol plug-ins for Internet Connection Sharing Manual Local Service
    Automatic LiveUpdate Scheduler Manages the scheduling of Automatic LiveUpdate sessions Started Automatic Local System
    Background Intelligent Transfer Service Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information. Started Automatic (Delayed Start) Local System
    Bonjour Service Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence. Started Automatic Local System
    BrYNSvc Started Manual Local System
    Certificate Propagation Propagates certificates from smart cards. Manual Local System
    CNG Key Isolation The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements. Started Manual Local System
    COM Host COM aggregation host service Manual Local System
    COM+ Event System Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local Service
    COM+ System Application Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local System
    Computer Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Automatic Local System
    Cryptographic Services Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Network Service
    DCOM Server Process Launcher Provides launch functionality for DCOM services. Started Automatic Local System
    Desktop Window Manager Session Manager Provides Desktop Window Manager startup and maintenance services Started Automatic Local System
    DFS Replication Enables you to synchronize folders on multiple servers across local or wide area network (WAN) network connections. This service uses the Remote Differential Compression (RDC) protocol to update only the portions of files that have changed since the last replication. Manual Local System
    DHCP Client Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local Service
    Diagnostic Policy Service The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local Service
    Diagnostic Service Host The Diagnostic Service Host service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, some diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local Service
    Diagnostic System Host The Diagnostic System Host service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, some diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Started Manual Local System
    Distributed Link Tracking Client Maintains links between NTFS files within a computer or across computers in a network. Started Automatic Local System
    Distributed Transaction Coordinator Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Network Service
    dlbk_device Started Automatic Local System
    DNS Client The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Network Service
    DSBrokerService Started Automatic Local System
    Extensible Authentication Protocol The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication. Started Manual Local System
    Function Discovery Provider Host Host process for Function Discovery providers. Manual Local Service
    Function Discovery Resource Publication Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network. Started Automatic Local Service
    Google Desktop Manager 5.9.1005.12335 Updates Google Desktop with the latest security fixes, enhancements and features. This service only runs occasionally and thus does not affect your computer's performance. If this service is stopped or disabled, Google Desktop may not function correctly. Manual Local System
    Google Update Service (gupdate1caaa3f89f17c17) Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it. Automatic (Delayed Start) Local System
    Google Update Service (gupdatem) Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it. Manual Local System
    GoToAssist Citrix GoToAssist provides remote help to this PC. Manual Local System
    Group Policy Client The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled. Started Automatic Local System
    Health Key and Certificate Management Provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). Enforcement technologies that use X.509 certificates may not function properly without this service Manual Local System
    Human Interface Device Access Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
    IKE and AuthIP IPsec Keying Modules The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running. Automatic Local System
    InstallDriver Table Manager Provides support for the Running Object Table for InstallShield Drivers Manual Local System
    Interactive Services Detection Enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. If this service is stopped, notifications of new interactive service dialogs will no longer function and there may no longer be access to interactive service dialogs. If this service is disabled, both notifications of and access to new interactive service dialogs will no longer function. Manual Local System
    Internet Connection Sharing (ICS) Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Automatic Local System
    iPod Service iPod hardware management services Started Manual Local System
    IPsec Policy Agent Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped. Automatic Network Service
    KtmRm for Distributed Transaction Coordinator Coordinates transactions between MSDTC and the Kernel Transaction Manager (KTM). Started Automatic (Delayed Start) Network Service
    Link-Layer Topology Discovery Mapper Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly. Manual Local Service
    LiveUpdate LiveUpdate Core Engine Manual Local System
    Logitech Bluetooth Service Manual Local System
    Microsoft .NET Framework NGEN v2.0.50727_X86 Microsoft .NET Framework NGEN Disabled Local System
    Microsoft .NET Framework NGEN v4.0.30319_X86 Microsoft .NET Framework NGEN Automatic (Delayed Start) Local System
    Microsoft iSCSI Initiator Service Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local System
    Microsoft Office Diagnostics Service Run portions of Microsoft Office Diagnostics. Manual Local System
    Microsoft Software Shadow Copy Provider Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local System
    Multimedia Class Scheduler Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority. Started Automatic Local System
    Net.Tcp Port Sharing Service Provides ability to share TCP ports over the net.tcp protocol. Disabled Local Service
    Netlogon Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local System
    Network Access Protection Agent Enables Network Access Protection (NAP) functionality on client computers Manual Network Service
    Network Connections Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. Started Manual Local System
    Network List Service Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change. Started Automatic Local Service
    Network Location Awareness Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Network Service
    Network Store Interface Service This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start. Started Automatic Local Service
    NVIDIA Display Driver Service Provides system and desktop level support to the NVIDIA display driver Started Automatic Local System
    NVIDIA Stereoscopic 3D Driver Service Provides system support for NVIDIA Stereoscopic 3D driver Started Automatic Local System
    Office Source Engine Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports. Manual Local System
    Parental Controls This service enables Windows Parental Controls on the system. If this service is not running, Parental controls will not work. Manual Local Service
    PDFProFiltSrvPP Started Automatic Local System
    Peer Name Resolution Protocol Enables Serverless Peer Name Resolution over the Internet. If disabled, some Peer to Peer and Collaborative applications, such as Windows Meetings, may not function Manual Local Service
    Peer Networking Grouping Provides Peer Networking Grouping services Manual Local Service
    Peer Networking Identity Manager Provides Identity service for Peer Networking Manual Local Service
    Performance Logs & Alerts Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local Service
    Plug and Play Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Started Automatic Local System
    PnP-X IP Bus Enumerator The PnP-X bus enumerator service manages the virtual network bus. It discovers network connected devices using the SSDP/WS discovery protocols and gives them presence in PnP. If this service is stopped or disabled, presence of NCD devices will not be maintained in PnP. All pnpx based scenarios will stop functioning. Manual Local System
    PNRP Machine Name Publication Service This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context 'p2p pnrp peer' Manual Local Service
    Portable Device Enumerator Service Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices. Started Automatic Local System
    Print Spooler Loads files to memory for later printing Started Automatic Local System
    Problem Reports and Solutions Control Panel Support This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel. Manual Local System
    Program Compatibility Assistant Service Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start. Started Automatic Local System
    Protected Storage Provides protected storage for sensitive data, such as passwords, to prevent access by unauthorized services, processes, or users. Started Manual Local System
    Quality Windows Audio Video Experience Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization. Manual Local Service
    ReadyBoost Provides support for improving system performance using ReadyBoost. Started Automatic Local System
    Remote Access Auto Connection Manager Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address. Manual Local System
    Remote Access Connection Manager Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start. Started Manual Local System
    Remote Procedure Call (RPC) Serves as the endpoint mapper and COM Service Control Manager. If this service is stopped or disabled, programs using COM or Remote Procedure Call (RPC) services will not function properly. Started Automatic Network Service
    Remote Procedure Call (RPC) Locator Manages the RPC name service database. Started Automatic Network Service
    Remote Registry Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local Service
    Routing and Remote Access Offers routing services to businesses in local area and wide area network environments. Disabled Local System
    Roxio Hard Drive Watcher 9 Started Automatic Local System
    RoxMediaDB9 Roxio RoxMediaDB9 Service Manual Local System
    SBSD Security Center Service Automatic Local System
    Secondary Logon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
    Secure Socket Tunneling Protocol Service Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers. Started Manual Local Service
    Security Accounts Manager The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. Started Automatic Local System
    Server Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
    Shell Hardware Detection Provides notifications for AutoPlay hardware events. Started Automatic Local System
    SL UI Notification Service Provides Software Licensing activation and notification Manual Local Service
    Smart Card Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local Service
    Smart Card Removal Policy Allows the system to be configured to lock the user desktop upon smart card removal. Manual Local System
    SNMP Trap Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local Service
    Software Licensing Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. Started Automatic Network Service
    SSDP Discovery Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start. Started Manual Local Service
    stllssvr Manual Local System
    Superfetch Maintains and improves system performance over time. Started Automatic Local System
    SupportSoft Sprocket Service (dellsupportcenter) SupportSoft Sprocket Service Started Automatic Local System
    Symantec AppCore Service Symantec Application Service Started Automatic Local System
    Symantec Core LC Symantec Core LC Started Manual Local System
    Symantec Event Manager Event propagation and logging service Started Automatic Local System
    Symantec IS Password Validation User account management service Manual Local System
    Symantec Lic NetConnect service Symantec Lic NetConnect Service Started Automatic Local System
    Symantec Settings Manager Settings storage and management service Started Automatic Local System
    System Event Notification Service Monitors system events and notifies subscribers to COM+ Event System of these events. Started Automatic Local System
    Tablet PC Input Service Enables Tablet PC pen and ink functionality Started Automatic Local System
    Task Scheduler Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
    TCP/IP NetBIOS Helper Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local Service
    Telephony Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service. Started Manual Network Service
    Terminal Services Allows users to connect interactively to a remote computer. Remote Desktop and Terminal Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item. Started Automatic Network Service
    Terminal Services Configuration Terminal Services Configuration service (TSCS) is responsible for all Terminal Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, TS themes, and TS certificates. Manual Local System
    Themes Provides user experience theme management. Started Automatic Local System
    Thread Ordering Server Provides ordered execution for a group of threads within a specific period of time. Manual Local Service
    TPM Base Services Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications. If this service is stopped or disabled, applications will be unable to use keys protected by the TPM. Automatic (Delayed Start) Local Service
    UPnP Device Host Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local Service
    User Profile Service This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them. Started Automatic Local System
    Virtual Disk Provides management services for disks, volumes, file systems, and storage arrays. Manual Local System
    Volume Shadow Copy Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local System
    WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local Service
    Windows Audio Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start Started Automatic Local Service
    Windows Audio Endpoint Builder Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start Started Automatic Local System
    Windows Backup Provides Windows Backup and Restore capabilities. Manual Local System
    Windows CardSpace Securely enables the creation, management, and disclosure of digital identities. Manual Local System
    Windows Color System The WcsPlugInService service hosts third-party Windows Color System color device model and gamut map model plug-in modules. These plug-in modules are vendor-specific extensions to the Windows Color System baseline color device and gamut map models. Stopping or disabling the WcsPlugInService service will disable this extensibility feature, and the Windows Color System will use its baseline model processing rather than the vendor's desired processing. This might result in inaccurate color rendering. Manual Local Service
    Windows Connect Now - Config Registrar Act as a Registrar, issues network credential to Enrollee. If this service is disabled, the Windows Connect Now - Config Registrar will not function properly. Manual Local Service
    Windows Driver Foundation - User-mode Driver Framework Manages user-mode driver host processes Started Automatic Local System
    Windows Error Reporting Service Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed. Started Automatic Local System
    Windows Event Collector This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. Manual Network Service
    Windows Event Log This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system. Started Automatic Local Service
    Windows Font Cache Service Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance. Started Automatic (Delayed Start) Local Service
    Windows Image Acquisition (WIA) Provides image acquisition services for scanners and cameras Started Automatic Local Service
    Windows Installer Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start. Manual Local System
    Windows Management Instrumentation Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local System
    Windows Media Player Network Sharing Service Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play Manual Network Service
    Windows Modules Installer Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer. Manual Local System
    Windows Presentation Foundation Font Cache 3.0.0.0 Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications. Manual Local Service
    Windows Presentation Foundation Font Cache 4.0.0.0 Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications. Manual Local Service
    Windows Remote Management (WS-Management) Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix. Manual Network Service
    Windows Search Provides content indexing and property caching for file, email and other content (via extensibility APIs). The service responds to file and email notifications to index modified content. If the service is stopped or disabled, the Explorer will not be able to display virtual folder views of items, and search in the Explorer will fall back to item-by-item slow search. Started Automatic Local System
    Windows Time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local Service
    Windows Update Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API. Started Automatic (Delayed Start) Local System
    WinHTTP Web Proxy Auto-Discovery Service WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol. Started Manual Local Service
    Wired AutoConfig This service performs IEEE 802.1X authentication on Ethernet interfaces Manual Local System
    WLAN AutoConfig This service enumerates WLAN adapters, manages WLAN connections and profiles. Started Automatic Local System
    WMI Performance Adapter Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated. Manual Local System
    Workstation Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Started Automatic Local Service

  6. #6
    Junior Member
    Join Date
    Dec 2011
    Posts
    6

    Default

    sorry, i see the Tools now under Advanced mode. startup list attached. eric.

  7. #7
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,173

    Default

    Thank you for posting the logs.
    I believe you may be having these problems with Windows Defender and Windows Firewall due to your recent episode with malware.

    Unfortunately,I haven't been able to find an easy solution.
    A system restore isn't a good idea,since it might restore you back to when you were infected.
    I don't believe a startup repair will fix the problems you're having,either.

    I see you have a Dell computer.Did it come with a Vista installation DVD?
    There is a tutorial here:
    http://www.vistax64.com/tutorials/88...all-vista.html
    Please read through it and see if you think it might be worth a try for you,if you do have the Vista installation DVD.(Note what it says about service pack 1 and service pack 2.)Also,please only attempt the repair install/upgrade if you're pretty certain the malware was removed sucessfully by Spybot and Malware Bytes.

    Or,if the above doesn't work for you,you could try installing a third-party firewall instead if you wish.If you prefer that,I can post a couple options for you.

    I see some services listed related to Symantec/Norton,but didn't notice anything in startup related to an antivirus.Did you previously have Norton antivirus installed?
    If you no longer have an antivirus currently installed,I can list a couple free antiviruses for you to choose from,if you like,too.

  8. #8
    Junior Member
    Join Date
    Dec 2011
    Posts
    6

    Default

    thanks for trying.
    i do have the vista installation disk, but that sounds like a rather drastic action. would i not have to reinstall all applications as well after a full OS reinstall?
    the system did come with a 'free' trial to Norton, but i did not continue with that. i've not been happy with that product from previous systems, so i opted to focus on Spybot and Malwarebytes solutions.

    if i do go down the route of avoiding the OS reinstall but rather a firewal/antivirus package route, i see Agnitum and Comodo as popular free 3rd party solutions. anything else you recommend along those lines?

    from the start up list, it looks like i have both Spybot and Malwarebytes in the list, could the problem be some kind of conflict between the two?

    sincerely, eric.

  9. #9
    Junior Member
    Join Date
    Dec 2011
    Posts
    6

    Default

    also, i was thinking of doing the upgrade to Windows 7 from Vista. would that be the equivalent for these purposes to a Vista reinstall?
    thanks, eric.

  10. #10
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,173

    Default

    Yes,if you did a full OS reinstall,you would have to reinstall all applications.
    The tutorial I linked to is not a full reinstall.It is geared more to being a repair install,the way you used to be able to do a repair install of Windows XP,though Microsoft since decided to do things differently.
    Some things would be returned to default if you tried the repair(upgrade) install.They're listed in the red/pink box.
    It is a bit drastic,though,so you ought to avoid trying it if you feel uncomfortable with it.

    Spybot and MalwareBytes are both very good to have,but neither one is an antivirus,and an antivirus is needed.There are some free ones available.
    AVG:
    http://download.cnet.com/AVG-Anti-Vi...=dl&tag=button
    Avast:
    http://download.cnet.com/Avast-Free-...=dl&tag=button
    Avira:
    http://www.avira.com/en/avira-free-antivirus
    If you decide to download an antivirus,please only choose one.It's possible more than one antivirus installed at a time can conflict with one another if they both have real-time protection running.

    Agnitum and Comodo are both good firewalls.Another good one is Zone Alarm:
    http://www.zonealarm.com/security/en...-za-signup.htm
    The free one is over to the left.The button appears to be greyed out,but if you click it,it will take you to a download page,with instructions.

    No,I don't believe the problem is from any conflict with Malwarebytes and Teatimer.The startup entry in your startup list is Malwarebytes Anti-Malware Reboot,and is listed on this page as being used by Malwarebytes's Anti-malware to perform an action on reboot.
    http://www.bleepingcomputer.com/star...exe-22288.html
    I believe that startup entry is for some cleanup action it will perform after you reboot.
    I don't see any entries in your startup list for MBAM's Real-Time Active Malware Prevention Engine.If you don't have the Pro version of Malwarebytes,then the Real-Time Active Malware Prevention Engine isn't included with the program,so there should be no conflicts with Malwarebytes and Teatimer,as Malwarebytes free is basically a spyware scanner only.

    I'm not 100% certain,but I believe the upgrade to Windows 7 might be equivalent to the Vista reinstall I listed above,if you decide on that.
    There's an upgrade advisor available here:
    http://windows.microsoft.com/upgradeadvisor
    And some more info here:
    http://windows.microsoft.com/upgrade

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •