Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] please help

Started by Joecastle , Oct 05 2007 12:21 PM

  • This topic is locked This topic is locked
124 replies to this topic

#91 Joecastle

Joecastle

    Authentic Member

  • Authentic Member
  • PipPip
  • 215 posts

Posted 23 October 2007 - 08:16 PM

No.. I was in normal mode when I performed the hardcastle.exe. Here is the fix.bat in normal mode..

catchme 0.3.1169.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 22:11:39
Windows 5.1.2600

scanning processes ...

System [4]
C:\WINDOWS\SYSTEM32\SMSS.EXE [404] 0xFFBBDCB0
C:\WINDOWS\SYSTEM32\CSRSS.EXE [468] 0x812194B0
C:\WINDOWS\SYSTEM32\WINLOGON.EXE [492] 0x8111CAA8
C:\WINDOWS\SYSTEM32\SERVICES.EXE [536] 0xFFB14020
C:\WINDOWS\SYSTEM32\LSASS.EXE [548] 0x81142DA8
C:\WINDOWS\SYSTEM32\SVCHOST.EXE [708] 0xFFB36118
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [840] 0xFFB68DA8
C:\WINDOWS\SYSTEM32\SVCHOST.EXE [948] 0xFFB159D0
C:\WINDOWS\System32\alg.exe [1012] 0xFFAAE020
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE [1132] 0xFFB94BF8
C:\WINDOWS\EXPLORER.EXE [1140] 0x8121F2D8
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE [1164] 0xFFB09460
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE [1280] 0xFFBA61D0
C:\WINDOWS\SYSTEM32\SVCHOST.EXE [1336] 0xFFA95BF8
C:\PROGRAM FILES\COMPACT WIRELESS-G USB NETWORK ADAPTER WITH SPEEDBOOSTER\WLSERVICE.EXE [1372] 0xFFB77020
C:\PROGRAM FILES\COMPACT WIRELESS-G USB NETWORK ADAPTER WITH SPEEDBOOSTER\WUSB54GSC.EXE [1400] 0xFFB66020
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE [1480] 0xFFAFDA58
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE [1496] 0xFFBAB7E8
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE [1508] 0xFF5099A0
C:\Program Files\TrojanHunter 5.0\THGuard.exe [1520] 0xFF507020
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE [1548] 0xFF4F2020
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE [1556] 0xFF4ED7E0
C:\WINDOWS\System32\cmd.exe [1844] 0x811CD6F8
C:\WINDOWS\catchme.exe [1860] 0x8118AB30


SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
netsvcs REG_MULTI_SZ helpsvcgpejsjbqhelpsvc\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
HTTPFilter REG_MULTI_SZ HTTPFilter\

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch
CoInitializeSecurityParam REG_DWORD 1 (0x1)
DefaultRpcStackSize REG_DWORD 8 (0x8)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter
CoInitializeSecurityParam REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService
CoInitializeSecurityParam REG_DWORD 1 (0x1)
AuthenticationCapabilities REG_DWORD 8192 (0x2000)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs
CoInitializeSecurityParam REG_DWORD 1 (0x1)
AuthenticationCapabilities REG_DWORD 12320 (0x3020)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth
CoInitializeSecurityParam REG_DWORD 2 (0x2)
AuthenticationCapabilities REG_DWORD 64 (0x40)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs
CoInitializeSecurityParam REG_DWORD 1 (0x1)
DefaultRpcStackSize REG_DWORD 8 (0x8)


------ Services [Running]

SERVICE_NAME: ALG
SERVICE_NAME: AOL ACS
SERVICE_NAME: AOL TopSpeedMonitor
SERVICE_NAME: AVG Anti-Spyware Guard
SERVICE_NAME: Eventlog
SERVICE_NAME: helpsvc
SERVICE_NAME: PlugPlay
SERVICE_NAME: ProtectedStorage
SERVICE_NAME: RemoteRegistry
SERVICE_NAME: RpcSs
SERVICE_NAME: SamSs
SERVICE_NAME: Spooler
SERVICE_NAME: WebClient
SERVICE_NAME: WUSB54GSCSVC

------ Services [Stopped]

SERVICE_NAME: Alerter
SERVICE_NAME: AOLService
SERVICE_NAME: AppMgmt
SERVICE_NAME: AudioSrv
SERVICE_NAME: BITS
SERVICE_NAME: Browser
SERVICE_NAME: cisvc
SERVICE_NAME: ClipSrv
SERVICE_NAME: COMSysApp
SERVICE_NAME: CryptSvc
SERVICE_NAME: Dhcp
SERVICE_NAME: dmadmin
SERVICE_NAME: dmserver
SERVICE_NAME: Dnscache
SERVICE_NAME: ERSvc
SERVICE_NAME: EventSystem
SERVICE_NAME: FastUserSwitchingCompatibility
SERVICE_NAME: GoogleDesktopManager
SERVICE_NAME: gpejsjbq
SERVICE_NAME: gusvc
SERVICE_NAME: HidServ
SERVICE_NAME: HTTPFilter
SERVICE_NAME: ImapiService
SERVICE_NAME: Irmon
SERVICE_NAME: lanmanserver
SERVICE_NAME: lanmanworkstation
SERVICE_NAME: LmHosts
SERVICE_NAME: Messenger
SERVICE_NAME: mnmsrvc
SERVICE_NAME: MSDTC
SERVICE_NAME: MSIServer
SERVICE_NAME: NetDDE
SERVICE_NAME: NetDDEdsdm
SERVICE_NAME: Netlogon
SERVICE_NAME: Netman
SERVICE_NAME: Nla
SERVICE_NAME: NtLmSsp
SERVICE_NAME: NtmsSvc
SERVICE_NAME: ose
SERVICE_NAME: PolicyAgent
SERVICE_NAME: RasAuto
SERVICE_NAME: RasMan
SERVICE_NAME: RDSessMgr
SERVICE_NAME: RemoteAccess
SERVICE_NAME: RpcLocator
SERVICE_NAME: RSVP
SERVICE_NAME: SCardSvr
SERVICE_NAME: Schedule
SERVICE_NAME: seclogon
SERVICE_NAME: SENS
SERVICE_NAME: SharedAccess
SERVICE_NAME: ShellHWDetection
SERVICE_NAME: srservice
SERVICE_NAME: SSDPSRV
SERVICE_NAME: stisvc
SERVICE_NAME: SwPrv
SERVICE_NAME: SysmonLog
SERVICE_NAME: TapiSrv
SERVICE_NAME: TermService
SERVICE_NAME: Themes
SERVICE_NAME: TlntSvr
SERVICE_NAME: TrkWks
SERVICE_NAME: uploadmgr
SERVICE_NAME: upnphost
SERVICE_NAME: UPS
SERVICE_NAME: VSS
SERVICE_NAME: W32Time
SERVICE_NAME: winmgmt
SERVICE_NAME: WmdmPmSN
SERVICE_NAME: WmdmPmSp
SERVICE_NAME: Wmi
SERVICE_NAME: WmiApSrv
SERVICE_NAME: wuauserv
SERVICE_NAME: WZCSVC

------ Drivers [Running]

SERVICE_NAME: ACPI
SERVICE_NAME: AegisP
SERVICE_NAME: AFD
SERVICE_NAME: ALiADWDM
SERVICE_NAME: AliIde
SERVICE_NAME: alim1541
SERVICE_NAME: ASCTRM
SERVICE_NAME: atapi
SERVICE_NAME: audstub
SERVICE_NAME: AVG Anti-Spyware Driver
SERVICE_NAME: AvgAsCln
SERVICE_NAME: Beep
SERVICE_NAME: catchme
SERVICE_NAME: Cdfs
SERVICE_NAME: Cdrom
SERVICE_NAME: CmBatt
SERVICE_NAME: Compbatt
SERVICE_NAME: Disk
SERVICE_NAME: dmio
SERVICE_NAME: dmload
SERVICE_NAME: E100B
SERVICE_NAME: Fastfat
SERVICE_NAME: Fdc
SERVICE_NAME: Fips
SERVICE_NAME: Flpydisk
SERVICE_NAME: Ftdisk
SERVICE_NAME: Gpc
SERVICE_NAME: i8042prt
SERVICE_NAME: IPSec
SERVICE_NAME: irda
SERVICE_NAME: IRENUM
SERVICE_NAME: isapnp
SERVICE_NAME: Kbdclass
SERVICE_NAME: KSecDD
SERVICE_NAME: mnmdd
SERVICE_NAME: Modem
SERVICE_NAME: Mouclass
SERVICE_NAME: MountMgr
SERVICE_NAME: MRxDAV
SERVICE_NAME: MRxSmb
SERVICE_NAME: Msfs
SERVICE_NAME: Mup
SERVICE_NAME: NDIS
SERVICE_NAME: NdisTapi
SERVICE_NAME: Ndisuio
SERVICE_NAME: NdisWan
SERVICE_NAME: NDProxy
SERVICE_NAME: NetBIOS
SERVICE_NAME: Npfs
SERVICE_NAME: Null
SERVICE_NAME: P3
SERVICE_NAME: Parport
SERVICE_NAME: PartMgr
SERVICE_NAME: ParVdm
SERVICE_NAME: PCI
SERVICE_NAME: Pcmcia
SERVICE_NAME: PptpMiniport
SERVICE_NAME: PSched
SERVICE_NAME: Ptilink
SERVICE_NAME: RasAcd
SERVICE_NAME: Rasirda
SERVICE_NAME: Rasl2tp
SERVICE_NAME: RasPppoe
SERVICE_NAME: Raspti
SERVICE_NAME: Rdbss
SERVICE_NAME: RDPCDD
SERVICE_NAME: rdpdr
SERVICE_NAME: redbook
SERVICE_NAME: ROOTMODEM
SERVICE_NAME: serenum
SERVICE_NAME: Serial
SERVICE_NAME: SMCIRDA
SERVICE_NAME: sr
SERVICE_NAME: swenum
SERVICE_NAME: TermDD
SERVICE_NAME: TOSHIBASoftModem
SERVICE_NAME: trid3d
SERVICE_NAME: Update
SERVICE_NAME: usbhub
SERVICE_NAME: usbohci
SERVICE_NAME: USBSTOR
SERVICE_NAME: VgaSave
SERVICE_NAME: VolSnap
SERVICE_NAME: wanatw
SERVICE_NAME: GTNDIS5

------ Drivers [Stopped]

SERVICE_NAME: Abiosdsk
SERVICE_NAME: abp480n5
SERVICE_NAME: ACPIEC
SERVICE_NAME: adpu160m
SERVICE_NAME: aec
SERVICE_NAME: Aha154x
SERVICE_NAME: aic78u2
SERVICE_NAME: aic78xx
SERVICE_NAME: amsint
SERVICE_NAME: asc
SERVICE_NAME: asc3350p
SERVICE_NAME: asc3550
SERVICE_NAME: AsyncMac
SERVICE_NAME: Atdisk
SERVICE_NAME: Atmarpc
SERVICE_NAME: Auq68
SERVICE_NAME: BCM42RLY
SERVICE_NAME: cbidf2k
SERVICE_NAME: cd20xrnt
SERVICE_NAME: Cdaudio
SERVICE_NAME: Changer
SERVICE_NAME: CmdIde
SERVICE_NAME: Cpqarray
SERVICE_NAME: dac960nt
SERVICE_NAME: dmboot
SERVICE_NAME: DMusic
SERVICE_NAME: dpti2o
SERVICE_NAME: drmkaud
SERVICE_NAME: gmer
SERVICE_NAME: hpn
SERVICE_NAME: hpt3xx
SERVICE_NAME: HTTP
SERVICE_NAME: i2omgmt
SERVICE_NAME: i2omp
SERVICE_NAME: Imapi
SERVICE_NAME: ini910u
SERVICE_NAME: IntelIde
SERVICE_NAME: ip6fw
SERVICE_NAME: IpFilterDriver
SERVICE_NAME: IpInIp
SERVICE_NAME: IpNat
SERVICE_NAME: kmixer
SERVICE_NAME: lbrtfdc
SERVICE_NAME: mraid35x
SERVICE_NAME: MSKSSRV
SERVICE_NAME: MSPCLOCK
SERVICE_NAME: MSPQM
SERVICE_NAME: mssmbios
SERVICE_NAME: NetBT
SERVICE_NAME: Ntfs
SERVICE_NAME: NwlnkFlt
SERVICE_NAME: NwlnkFwd
SERVICE_NAME: PCIDump
SERVICE_NAME: PCIIde
SERVICE_NAME: PDCOMP
SERVICE_NAME: PDFRAME
SERVICE_NAME: PDRELI
SERVICE_NAME: PDRFRAME
SERVICE_NAME: perc2
SERVICE_NAME: perc2hib
SERVICE_NAME: ql1080
SERVICE_NAME: Ql10wnt
SERVICE_NAME: ql12160
SERVICE_NAME: ql1240
SERVICE_NAME: ql1280
SERVICE_NAME: RDPWD
SERVICE_NAME: Secdrv
SERVICE_NAME: Sfloppy
SERVICE_NAME: Simbad
SERVICE_NAME: Sparrow
SERVICE_NAME: splitter
SERVICE_NAME: Srv
SERVICE_NAME: swmidi
SERVICE_NAME: symc810
SERVICE_NAME: symc8xx
SERVICE_NAME: sym_hi
SERVICE_NAME: sym_u3
SERVICE_NAME: sysaudio
SERVICE_NAME: Tcpip
SERVICE_NAME: TDPIPE
SERVICE_NAME: TDTCP
SERVICE_NAME: TosIde
SERVICE_NAME: Udfs
SERVICE_NAME: ultra
SERVICE_NAME: USB_RNDIS
SERVICE_NAME: ViaIde
SERVICE_NAME: Wanarp
SERVICE_NAME: WDICA
SERVICE_NAME: wdmaud

    Advertisements

Register to Remove

#92 sUΒs

sUΒs

    Authentic Member

  • Malware Expert
  • 189 posts

Posted 23 October 2007 - 08:36 PM

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
netsvcs REG_MULTI_SZ helpsvcgpejsjbqhelpsvc\

This part I cannot see clearly. The forum software has stripped bits from it.

Please check if it looks exactly like this ...

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
netsvcs REG_MULTI_SZ helpsvc\0gpejsjbqhelpsvc\0\0


#93 sUΒs

sUΒs

    Authentic Member

  • Malware Expert
  • 189 posts

Posted 23 October 2007 - 08:58 PM

There's another thing which I need you to verify again. Is this machine SP1 or SP2? You told me it was SP1 but some of the entries you just posted are SP2 entries.

Please go to Start > Run - type in WinVer & click OK
Then tell me what it says

#94 Joecastle

Joecastle

    Authentic Member

  • Authentic Member
  • PipPip
  • 215 posts

Posted 23 October 2007 - 09:08 PM

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
netsvcs REG_MULTI_SZ helpsvcgpejsjbqhelpsvc\

This part I cannot see clearly. The forum software has stripped bits from it.

Please check if it looks exactly like this ...

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
netsvcs REG_MULTI_SZ helpsvc\0gpejsjbqhelpsvc\0\0



Here is what I see..

HKEY_LOCAL_MACHINE\software\windows nt\currentversion\svchost
LocalService REG_MULTI_SZ Alerter\0WebClient\)LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTISZ DnsCache\0\0
netsvcs REG_MULTI_SZ helpsvcgpejsjbq\0helpsvc\0\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

Edited by Joecastle, 23 October 2007 - 09:25 PM.

#95 sUΒs

sUΒs

    Authentic Member

  • Malware Expert
  • 189 posts

Posted 23 October 2007 - 09:11 PM

Joe, how about post #93 ?

#96 Joecastle

Joecastle

    Authentic Member

  • Authentic Member
  • PipPip
  • 215 posts

Posted 23 October 2007 - 09:30 PM

Joe, how about post #93 ?


Sorry about the edits.. Refer to post #4


Version 5.1 (Build 2600.xpclient.010817-1148)

Edited by Joecastle, 23 October 2007 - 09:37 PM.

#97 sUΒs

sUΒs

    Authentic Member

  • Malware Expert
  • 189 posts

Posted 23 October 2007 - 09:36 PM

When I first started it up windows update was trying to update to SP2 but could not at time due to viruses..

At this juncture, I'm not sure if I should give you a fix for SP1 or SP2.

Let's try SP1 first. Hopefully we don't break anything. Please download & run the attached file.

Then reboot & show me another fix.bat report.

#98 Joecastle

Joecastle

    Authentic Member

  • Authentic Member
  • PipPip
  • 215 posts

Posted 23 October 2007 - 10:03 PM

Here it is sUBs,

catchme 0.3.1169.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 23:55:55
Windows 5.1.2600

scanning processes ...

System [4]
C:\WINDOWS\SYSTEM32\SMSS.EXE [404] 0x811F5728
C:\WINDOWS\SYSTEM32\CSRSS.EXE [476] 0x811F9960
C:\WINDOWS\SYSTEM32\WINLOGON.EXE [504] 0xFFAAD020
C:\WINDOWS\SYSTEM32\SERVICES.EXE [548] 0xFFB942C8
C:\WINDOWS\SYSTEM32\LSASS.EXE [560] 0xFFAA7DA8
C:\WINDOWS\SYSTEM32\SVCHOST.EXE [720] 0xFFAFADA8
C:\WINDOWS\SYSTEM32\SVCHOST.EXE [736] 0x811EF020
C:\WINDOWS\EXPLORER.EXE [1132] 0x8120EDA8
C:\WINDOWS\System32\SPOOLSV.EXE [1140] 0xFFAE6960
C:\WINDOWS\SYSTEM32\SVCHOST.EXE [1216] 0xFFBD26F0
C:\WINDOWS\System32\alg.exe [1328] 0xFFB6F020
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE [1348] 0xFFAA5360
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE [1380] 0xFFB86418
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE [1388] 0xFFAAC020
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE [1400] 0x8113E5E8
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE [1408] 0xFFBB1508
C:\PROGRAM FILES\TROJANHUNTER 5.0\THGUARD.EXE [1416] 0xFFBBA508
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE [1472] 0xFFB14970
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [1500] 0xFFB8E460
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE [1508] 0x81150300
C:\PROGRAM FILES\COMPACT WIRELESS-G USB NETWORK ADAPTER WITH SPEEDBOOSTER\WLSERVICE.EXE [1604] 0xFF924378
C:\PROGRAM FILES\COMPACT WIRELESS-G USB NETWORK ADAPTER WITH SPEEDBOOSTER\WUSB54GSC.EXE [1624] 0xFFBB6770
C:\WINDOWS\System32\cmd.exe [1528] 0x811208B8
C:\WINDOWS\catchme.exe [1336] 0xFFA7ADA8


SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
netsvcs REG_MULTI_SZ 6to4AudioSrvBrowserCryptSvcDMServerDHCPERSvcEventSystemFastUserSwitchingCompatib
lityHidServIasIpripIrmonLanmanServerLanmanWorkstationMessengerNetmanNlaNtmssvcNW
WorkstationNwsapagentRasautoRasmanRemoteaccessScheduleSeclogonSENSSharedaccessSR
erviceTapisrvThemesTrkWksW32TimeWZCSVCWmiWmdmPmSpwinmgmtTermServiceShellHWDetect
onhelpsvcuploadmgr\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService
CoInitializeSecurityParam REG_DWORD 1 (0x1)
AuthenticationCapabilities REG_DWORD 8192 (0x2000)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs
CoInitializeSecurityParam REG_DWORD 1 (0x1)
AuthenticationCapabilities REG_DWORD 12320 (0x3020)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth
CoInitializeSecurityParam REG_DWORD 2 (0x2)
AuthenticationCapabilities REG_DWORD 64 (0x40)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs
CoInitializeSecurityParam REG_DWORD 1 (0x1)
DefaultRpcStackSize REG_DWORD 8 (0x8)


------ Services [Running]

SERVICE_NAME: ALG
SERVICE_NAME: AOL ACS
SERVICE_NAME: AOL TopSpeedMonitor
SERVICE_NAME: AudioSrv
SERVICE_NAME: AVG Anti-Spyware Guard
SERVICE_NAME: Browser
SERVICE_NAME: CryptSvc
SERVICE_NAME: dmserver
SERVICE_NAME: ERSvc
SERVICE_NAME: Eventlog
SERVICE_NAME: EventSystem
SERVICE_NAME: FastUserSwitchingCompatibility
SERVICE_NAME: helpsvc
SERVICE_NAME: Irmon
SERVICE_NAME: lanmanserver
SERVICE_NAME: lanmanworkstation
SERVICE_NAME: Netman
SERVICE_NAME: PlugPlay
SERVICE_NAME: ProtectedStorage
SERVICE_NAME: RasAuto
SERVICE_NAME: RasMan
SERVICE_NAME: RemoteRegistry
SERVICE_NAME: RpcSs
SERVICE_NAME: SamSs
SERVICE_NAME: seclogon
SERVICE_NAME: SENS
SERVICE_NAME: ShellHWDetection
SERVICE_NAME: Spooler
SERVICE_NAME: srservice
SERVICE_NAME: TapiSrv
SERVICE_NAME: TermService
SERVICE_NAME: Themes
SERVICE_NAME: TrkWks
SERVICE_NAME: uploadmgr
SERVICE_NAME: W32Time
SERVICE_NAME: WebClient
SERVICE_NAME: winmgmt
SERVICE_NAME: WmdmPmSp
SERVICE_NAME: WUSB54GSCSVC

------ Services [Stopped]

SERVICE_NAME: Alerter
SERVICE_NAME: AOLService
SERVICE_NAME: AppMgmt
SERVICE_NAME: BITS
SERVICE_NAME: cisvc
SERVICE_NAME: ClipSrv
SERVICE_NAME: COMSysApp
SERVICE_NAME: Dhcp
SERVICE_NAME: dmadmin
SERVICE_NAME: Dnscache
SERVICE_NAME: GoogleDesktopManager
SERVICE_NAME: gpejsjbq
SERVICE_NAME: gusvc
SERVICE_NAME: HidServ
SERVICE_NAME: HTTPFilter
SERVICE_NAME: ImapiService
SERVICE_NAME: LmHosts
SERVICE_NAME: Messenger
SERVICE_NAME: mnmsrvc
SERVICE_NAME: MSDTC
SERVICE_NAME: MSIServer
SERVICE_NAME: NetDDE
SERVICE_NAME: NetDDEdsdm
SERVICE_NAME: Netlogon
SERVICE_NAME: Nla
SERVICE_NAME: NtLmSsp
SERVICE_NAME: NtmsSvc
SERVICE_NAME: ose
SERVICE_NAME: PolicyAgent
SERVICE_NAME: RDSessMgr
SERVICE_NAME: RemoteAccess
SERVICE_NAME: RpcLocator
SERVICE_NAME: RSVP
SERVICE_NAME: SCardSvr
SERVICE_NAME: Schedule
SERVICE_NAME: SharedAccess
SERVICE_NAME: SSDPSRV
SERVICE_NAME: stisvc
SERVICE_NAME: SwPrv
SERVICE_NAME: SysmonLog
SERVICE_NAME: TlntSvr
SERVICE_NAME: upnphost
SERVICE_NAME: UPS
SERVICE_NAME: VSS
SERVICE_NAME: WmdmPmSN
SERVICE_NAME: Wmi
SERVICE_NAME: WmiApSrv
SERVICE_NAME: wuauserv
SERVICE_NAME: WZCSVC

------ Drivers [Running]

SERVICE_NAME: ACPI
SERVICE_NAME: AegisP
SERVICE_NAME: AFD
SERVICE_NAME: ALiADWDM
SERVICE_NAME: AliIde
SERVICE_NAME: alim1541
SERVICE_NAME: ASCTRM
SERVICE_NAME: atapi
SERVICE_NAME: audstub
SERVICE_NAME: AVG Anti-Spyware Driver
SERVICE_NAME: AvgAsCln
SERVICE_NAME: Beep
SERVICE_NAME: catchme
SERVICE_NAME: Cdfs
SERVICE_NAME: Cdrom
SERVICE_NAME: CmBatt
SERVICE_NAME: Compbatt
SERVICE_NAME: Disk
SERVICE_NAME: dmio
SERVICE_NAME: dmload
SERVICE_NAME: E100B
SERVICE_NAME: Fastfat
SERVICE_NAME: Fdc
SERVICE_NAME: Fips
SERVICE_NAME: Flpydisk
SERVICE_NAME: Ftdisk
SERVICE_NAME: Gpc
SERVICE_NAME: i8042prt
SERVICE_NAME: IPSec
SERVICE_NAME: irda
SERVICE_NAME: IRENUM
SERVICE_NAME: isapnp
SERVICE_NAME: Kbdclass
SERVICE_NAME: KSecDD
SERVICE_NAME: mnmdd
SERVICE_NAME: Modem
SERVICE_NAME: Mouclass
SERVICE_NAME: MountMgr
SERVICE_NAME: MRxDAV
SERVICE_NAME: MRxSmb
SERVICE_NAME: Msfs
SERVICE_NAME: Mup
SERVICE_NAME: NDIS
SERVICE_NAME: NdisTapi
SERVICE_NAME: Ndisuio
SERVICE_NAME: NdisWan
SERVICE_NAME: NDProxy
SERVICE_NAME: NetBIOS
SERVICE_NAME: Npfs
SERVICE_NAME: Null
SERVICE_NAME: P3
SERVICE_NAME: Parport
SERVICE_NAME: PartMgr
SERVICE_NAME: ParVdm
SERVICE_NAME: PCI
SERVICE_NAME: Pcmcia
SERVICE_NAME: PptpMiniport
SERVICE_NAME: PSched
SERVICE_NAME: Ptilink
SERVICE_NAME: RasAcd
SERVICE_NAME: Rasirda
SERVICE_NAME: Rasl2tp
SERVICE_NAME: RasPppoe
SERVICE_NAME: Raspti
SERVICE_NAME: Rdbss
SERVICE_NAME: RDPCDD
SERVICE_NAME: rdpdr
SERVICE_NAME: redbook
SERVICE_NAME: ROOTMODEM
SERVICE_NAME: serenum
SERVICE_NAME: Serial
SERVICE_NAME: SMCIRDA
SERVICE_NAME: sr
SERVICE_NAME: Srv
SERVICE_NAME: swenum
SERVICE_NAME: sysaudio
SERVICE_NAME: TermDD
SERVICE_NAME: TOSHIBASoftModem
SERVICE_NAME: trid3d
SERVICE_NAME: Update
SERVICE_NAME: usbhub
SERVICE_NAME: usbohci
SERVICE_NAME: USBSTOR
SERVICE_NAME: VgaSave
SERVICE_NAME: VolSnap
SERVICE_NAME: wanatw
SERVICE_NAME: wdmaud
SERVICE_NAME: GTNDIS5

------ Drivers [Stopped]

SERVICE_NAME: Abiosdsk
SERVICE_NAME: abp480n5
SERVICE_NAME: ACPIEC
SERVICE_NAME: adpu160m
SERVICE_NAME: aec
SERVICE_NAME: Aha154x
SERVICE_NAME: aic78u2
SERVICE_NAME: aic78xx
SERVICE_NAME: amsint
SERVICE_NAME: asc
SERVICE_NAME: asc3350p
SERVICE_NAME: asc3550
SERVICE_NAME: AsyncMac
SERVICE_NAME: Atdisk
SERVICE_NAME: Atmarpc
SERVICE_NAME: Auq68
SERVICE_NAME: BCM42RLY
SERVICE_NAME: cbidf2k
SERVICE_NAME: cd20xrnt
SERVICE_NAME: Cdaudio
SERVICE_NAME: Changer
SERVICE_NAME: CmdIde
SERVICE_NAME: Cpqarray
SERVICE_NAME: dac960nt
SERVICE_NAME: dmboot
SERVICE_NAME: DMusic
SERVICE_NAME: dpti2o
SERVICE_NAME: drmkaud
SERVICE_NAME: gmer
SERVICE_NAME: hpn
SERVICE_NAME: hpt3xx
SERVICE_NAME: HTTP
SERVICE_NAME: i2omgmt
SERVICE_NAME: i2omp
SERVICE_NAME: Imapi
SERVICE_NAME: ini910u
SERVICE_NAME: IntelIde
SERVICE_NAME: ip6fw
SERVICE_NAME: IpFilterDriver
SERVICE_NAME: IpInIp
SERVICE_NAME: IpNat
SERVICE_NAME: kmixer
SERVICE_NAME: lbrtfdc
SERVICE_NAME: mraid35x
SERVICE_NAME: MSKSSRV
SERVICE_NAME: MSPCLOCK
SERVICE_NAME: MSPQM
SERVICE_NAME: mssmbios
SERVICE_NAME: NetBT
SERVICE_NAME: Ntfs
SERVICE_NAME: NwlnkFlt
SERVICE_NAME: NwlnkFwd
SERVICE_NAME: PCIDump
SERVICE_NAME: PCIIde
SERVICE_NAME: PDCOMP
SERVICE_NAME: PDFRAME
SERVICE_NAME: PDRELI
SERVICE_NAME: PDRFRAME
SERVICE_NAME: perc2
SERVICE_NAME: perc2hib
SERVICE_NAME: ql1080
SERVICE_NAME: Ql10wnt
SERVICE_NAME: ql12160
SERVICE_NAME: ql1240
SERVICE_NAME: ql1280
SERVICE_NAME: RDPWD
SERVICE_NAME: Secdrv
SERVICE_NAME: Sfloppy
SERVICE_NAME: Simbad
SERVICE_NAME: Sparrow
SERVICE_NAME: splitter
SERVICE_NAME: swmidi
SERVICE_NAME: symc810
SERVICE_NAME: symc8xx
SERVICE_NAME: sym_hi
SERVICE_NAME: sym_u3
SERVICE_NAME: Tcpip
SERVICE_NAME: TDPIPE
SERVICE_NAME: TDTCP
SERVICE_NAME: TosIde
SERVICE_NAME: Udfs
SERVICE_NAME: ultra
SERVICE_NAME: USB_RNDIS
SERVICE_NAME: ViaIde
SERVICE_NAME: Wanarp
SERVICE_NAME: WDICA

#99 Joecastle

Joecastle

    Authentic Member

  • Authentic Member
  • PipPip
  • 215 posts

Posted 23 October 2007 - 10:06 PM

Hey sUBs, In network connections there is a Local Area Connection 3 Icon says it is Enabled under it. But I still cannot connect. I will reboot my modem & router to see if it helps...

#100 sUΒs

sUΒs

    Authentic Member

  • Malware Expert
  • 189 posts

Posted 23 October 2007 - 10:21 PM

Have you rebooted the modem? How was it? Btw, System Restore should be functional now

    Advertisements

Register to Remove

#101 Joecastle

Joecastle

    Authentic Member

  • Authentic Member
  • PipPip
  • 215 posts

Posted 23 October 2007 - 10:31 PM

[quote name='Joecastle' date='Oct 24 2007, 12:03 AM' post='410586']

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
netsvcs REG_MULTI_SZ 6to4AudioSrvBrowserCryptSvcDMServerDHCPERSvcEventSystemFastUserSwitchingCompatib
lityHidServIasIpripIrmonLanmanServerLanmanWorkstationMessengerNetmanNlaNtmssvcNW
WorkstationNwsapagentRasautoRasmanRemoteaccessScheduleSeclogonSENSSharedaccessSR
erviceTapisrvThemesTrkWksW32TimeWZCSVCWmiWmdmPmSpwinmgmtTermServiceShellHWDetect
onhelpsvcuploadmgr\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\

This is the part that is cut out...

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
netsvcs REG_MULTI_SZ 6to4\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0TermService\0ShellHWDetection\0helpsvc\0uploadmgr\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

#102 Joecastle

Joecastle

    Authentic Member

  • Authentic Member
  • PipPip
  • 215 posts

Posted 23 October 2007 - 10:33 PM

Have you rebooted the modem? How was it?

Btw, System Restore should be functional now


Still no connection. Do you still want me to try a system restore?

#103 sUΒs

sUΒs

    Authentic Member

  • Malware Expert
  • 189 posts

Posted 23 October 2007 - 10:34 PM

If possible try restoring to a time before that failed SP2 update. If successful, please let me know the date

#104 Joecastle

Joecastle

    Authentic Member

  • Authentic Member
  • PipPip
  • 215 posts

Posted 24 October 2007 - 05:39 PM

Sysyem Restore x Restoration Incomplete It won't restore...

#105 sUΒs

sUΒs

    Authentic Member

  • Malware Expert
  • 189 posts

Posted 24 October 2007 - 05:49 PM

Go to Settings > Control Panel > Add/Remove Programs Check if there's an entry for "Windows XP Service Pack 2" If it's not there, please check if you have this file > c:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·