eldo
-
Posts
73 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by eldo
-
-
Updated Java. No threats listed from Eset online scan. Everything appears normal at this point.
-
Using http://www.oracle.co...ad-1501626.html to get down load
-
Please check Java Runtime Environment (JRE) Version 7u3, (http://java.sun.com/...loads/index.jsp). I get a cannot connect error.
-
Malwarebytes full scan revealed infections (3 detected/removed). Log fill attached
-
Didn't see attached Combofix log file so I reposted.
-
Combofix log file attached.
-
No infection is indicated with the Malwarebytes scan as I said before. I was concerned that I was still infected when I got an occasional advertisement out of nowhere! ( Note: I got rid of my last infections by running a Malwarebytes scan in the safe mode. Also system restore had stop working.) All this happen on 04/26/2012. To date everything appears normal but I wanted your expert opinion.
-
TDSSKILLER scan completed with nothing found. I'm going to attach the a first log file cleared up with malwarebytes scan(infection.log) that told me I had a problem...thanks
-
Malwarebytes scan show no infection after removal but still getting popups from hidden virus files installed by adware.gameplaylabs.
-
My pc has slowed down. It takes at least twice as long to scan with malwarebytes. System restore can not restore and before I removed my anti virus Avira, I could not do a complete scan because of a memory error.
-
Outstanding!...Incidently I received my first update this morning.
-
1. Microsoft Signature Verification: What do I have to do to change the status of the files from unsigned to signed or will this change be automatic since cryptsvc is working.
2.I have over 30 files on desktop: What didn't we have to do to fix this problem? Is there something we should undo? What about cleanup(Combofix,drweb,dial-a-fix,etc)?
3.Explain to the world the fix!
-
The Microsoft Default Manager Icon appeared...no downloads yet.
-
I guess the problem was I didn't have my fingers crossed last time. You're done what no one else has done and you should be promoted to expert. CHECKMATE! It Started
-
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs
Description REG_SZ Provides the endpoint mapper and other miscellaneous RPC services.
DisplayName REG_SZ Remote Procedure Call (RPC)
ErrorControl REG_DWORD 0x1
Group REG_SZ COM Infrastructure
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost -k rpcss
ObjectName REG_SZ NT Authority\NetworkService
Start REG_DWORD 0x2
Type REG_DWORD 0x10
FailureActions REG_BINARY 00000000000000000000000001000000000000000200000060EA0000
ServiceSidType REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\rpcss.dll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F0001010000
00000001000000000200600004000000000014008D00020001010000000000050B00000000001800
F
F010F0001020000000000052000000020020000000014009D0000000101000000000005040000000
0
0018009D000000010200000000000520000000210200000101000000000005120000000101000000
0
0000512000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum
0 REG_SZ Root\LEGACY_RPCSS\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1
-
By reg fix do you mean FixServices zip file ?
-
Rebooted and tried to start manually...same error.
-
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc
DependOnService REG_MULTI_SZ RpcSs\0\0
Description REG_SZ Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
DisplayName REG_SZ Cryptographic Services
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x20
ServiceSidType REG_DWORD 0x1
RequiredPrivileges REG_MULTI_SZ SeChangeNotifyPrivilege\0SeCreateGlobalPrivilege\0SeImpersonatePrivilege\0\0
FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA0000000000000000000000000000
00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\cryptsvc.dll
ServiceMain REG_SZ CryptServiceMain
ServiceDllUnloadOnStop REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security
Security REG_BINARY 00000E0001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Enum
0 REG_SZ Root\LEGACY_CRYPTSVC\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon
Description REG_SZ Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
DisplayName REG_SZ Secondary Logon
ErrorControl REG_DWORD 0x0
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
Objectname REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x120
RequiredPrivileges REG_MULTI_SZ SeTcbPrivilege\0SeRestorePrivilege\0SeBackupPrivilege\0SeAssignPrimaryTokenPrivilege\0SeIncreaseQuotaPrivilege\0SeImpersonatePrivilege\0\0
FailureActions REG_BINARY 805101000000000000000000030000001400000001000000C0D4010001000000E093040000000000
00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\seclogon.dll
ServiceMain REG_SZ SvcEntry_Seclogon
ServiceDllUnloadOnStop REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Security
Security REG_BINARY 010014807800000084000000140000003000000002001C000100000002801400FF010F0001010000
00000001000000000200480003000000000014008D01020001010000000000050B00000000001800
F
F010F000102000000000005200000002002000000001400FD0102000101000000000005120000000
1
0100000000000512000000010100000000000512000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Enum
0 REG_SZ Root\LEGACY_SECLOGON\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler
DependOnService REG_MULTI_SZ RPCSS\0\0
Description REG_SZ Loads files to memory for later printing.
DisplayName REG_SZ Print Spooler
ErrorControl REG_DWORD 0x1
FailureActions REG_BINARY 80510100000000000000000003000000E8470C000100000060EA00000100000060EA000000000000
00000000
Group REG_SZ SpoolerGroup
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\spoolsv.exe
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x110
ServiceSidType REG_DWORD 0x1
RequiredPrivileges REG_MULTI_SZ SeTcbPrivilege\0SeImpersonatePrivilege\0SeAuditPrivilege\0SeChangeNotifyPrivilege\0SeLoadDriverPrivilege\0SeAssignPrimaryTokenPrivilege\0\0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Performance
Close REG_SZ PerfClose
Collect REG_SZ PerfCollect
Collect Timeout REG_DWORD 0x7d0
Library REG_SZ winspool.drv
Object List REG_SZ 1450
Open REG_SZ PerfOpen
Open Timeout REG_DWORD 0xfa0
WbemAdapFileSignature REG_BINARY BD83ABA61E8ACCC8D9FFB869F29418CE
WbemAdapFileTime REG_BINARY 0020849F5D7AC401
WbemAdapFileSize REG_DWORD 0x23c00
WbemAdapStatus REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Security
Security REG_BINARY 010014807800000084000000140000003000000002001C000100000002801400FF010F0001010000
00000001000000000200480003000000000014008D01020001010000000000050B00000000001800
F
F010F000102000000000005200000002002000000001400FD0102000101000000000005120000000
1
0100000000000512000000010100000000000512000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Enum
0 REG_SZ Root\LEGACY_SPOOLER\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1
-
No errors but it didn't work.
-
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc
DependOnService REG_MULTI_SZ RpcSs\0\0
Description REG_SZ @%SystemRoot%\system32\cryptsvc.dll,-1002
DisplayName REG_SZ CryptSvc
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x20
ServiceSidType REG_DWORD 0x1
RequiredPrivileges REG_MULTI_SZ SeChangeNotifyPrivilege\0SeCreateGlobalPrivilege\0SeImpersonatePrivilege\0\0
FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA0000000000000000000000000000
00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\cryptsvc.dll
ServiceMain REG_SZ CryptServiceMain
ServiceDllUnloadOnStop REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security
Security REG_BINARY 00000E0001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Enum
0 REG_SZ Root\LEGACY_CRYPTSVC\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon
Description REG_SZ @%SystemRoot%\system32\seclogon.dll,-7000
DisplayName REG_SZ Secondary Logon
ErrorControl REG_DWORD 0x0
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
Objectname REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x120
RequiredPrivileges REG_MULTI_SZ SeTcbPrivilege\0SeRestorePrivilege\0SeBackupPrivilege\0SeAssignPrimaryTokenPrivilege\0SeIncreaseQuotaPrivilege\0SeImpersonatePrivilege\0\0
FailureActions REG_BINARY 805101000000000000000000030000001400000001000000C0D4010001000000E093040000000000
00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\seclogon.dll
ServiceMain REG_SZ SvcEntry_Seclogon
ServiceDllUnloadOnStop REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Security
Security REG_BINARY 010014807800000084000000140000003000000002001C000100000002801400FF010F0001010000
00000001000000000200480003000000000014008D01020001010000000000050B00000000001800
F
F010F000102000000000005200000002002000000001400FD0102000101000000000005120000000
1
0100000000000512000000010100000000000512000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Enum
0 REG_SZ Root\LEGACY_SECLOGON\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler
DependOnService REG_MULTI_SZ RPCSS\0\0
Description REG_SZ @%systemroot%\system32\spoolsv.exe,-2
DisplayName REG_SZ @%systemroot%\system32\spoolsv.exe,-1
ErrorControl REG_DWORD 0x1
FailureActions REG_BINARY 80510100000000000000000003000000E8470C000100000060EA00000100000060EA000000000000
00000000
Group REG_SZ SpoolerGroup
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\spoolsv.exe
ObjectName REG_SZ LocalSystem
Start REG_DWORD 0x2
Type REG_DWORD 0x110
ServiceSidType REG_DWORD 0x1
RequiredPrivileges REG_MULTI_SZ SeTcbPrivilege\0SeImpersonatePrivilege\0SeAuditPrivilege\0SeChangeNotifyPrivilege\0SeLoadDriverPrivilege\0SeAssignPrimaryTokenPrivilege\0\0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Performance
Close REG_SZ PerfClose
Collect REG_SZ PerfCollect
Collect Timeout REG_DWORD 0x7d0
Library REG_SZ winspool.drv
Object List REG_SZ 1450
Open REG_SZ PerfOpen
Open Timeout REG_DWORD 0xfa0
WbemAdapFileSignature REG_BINARY BD83ABA61E8ACCC8D9FFB869F29418CE
WbemAdapFileTime REG_BINARY 00789C2F127AC401
WbemAdapFileSize REG_DWORD 0x23c00
WbemAdapStatus REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Security
Security REG_BINARY 010014807800000084000000140000003000000002001C000100000002801400FF010F0001010000
00000001000000000200480003000000000014008D01020001010000000000050B00000000001800
F
F010F000102000000000005200000002002000000001400FD0102000101000000000005120000000
1
0100000000000512000000010100000000000512000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Enum
0 REG_SZ Root\LEGACY_SPOOLER\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1
-
Thanks..The problem with the full name was I didn't put a space between the first and last name.
The problem with the mouse was a really a problem with firefox updating themes ...( checkout mozilla troubleshooting extensions and themes).
I don't know why the cryptographic service doesn't work. Maybe this helps but before we even started the crypto service was and is still running(started) in the safe mode. Your move.
-
I guess i should have told you I tried that and full name and received a can't find message.
An object named "fishy" cannot be found. Check the selected object types and location for accuracy and ensure that you typed the object name correctly, or remove this object from the selection.
-
I don't have a login name(just turn pc on). Can we just highlight eveyone and allow full control and change it back later.
-
Cannot import fix.reg error accessing the registry.
Infected with adware.gameplaylabs
in Resolved Malware Removal Logs
Posted
All done...thank you Elise for your service.