Jump to content

eldo

Honorary Members
  • Content Count

    73
  • Joined

  • Last visited

Posts posted by eldo


  1. No infection is indicated with the Malwarebytes scan as I said before. I was concerned that I was still infected when I got an occasional advertisement out of nowhere! ( Note: I got rid of my last infections by running a Malwarebytes scan in the safe mode. Also system restore had stop working.) All this happen on 04/26/2012. To date everything appears normal but I wanted your expert opinion. :)

    mbam-log-2012-04-28 (13-38-13).txt


  2. 1. Microsoft Signature Verification: What do I have to do to change the status of the files from unsigned to signed or will this change be automatic since cryptsvc is working.

    2.I have over 30 files on desktop: What didn't we have to do to fix this problem? Is there something we should undo? What about cleanup(Combofix,drweb,dial-a-fix,etc)?

    3.Explain to the world the fix!


  3. ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs

    Description REG_SZ Provides the endpoint mapper and other miscellaneous RPC services.

    DisplayName REG_SZ Remote Procedure Call (RPC)

    ErrorControl REG_DWORD 0x1

    Group REG_SZ COM Infrastructure

    ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost -k rpcss

    ObjectName REG_SZ NT Authority\NetworkService

    Start REG_DWORD 0x2

    Type REG_DWORD 0x10

    FailureActions REG_BINARY 00000000000000000000000001000000000000000200000060EA0000

    ServiceSidType REG_DWORD 0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters

    ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\rpcss.dll

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security

    Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F0001010000

    00000001000000000200600004000000000014008D00020001010000000000050B00000000001800

    F

    F010F0001020000000000052000000020020000000014009D0000000101000000000005040000000

    0

    0018009D000000010200000000000520000000210200000101000000000005120000000101000000

    0

    0000512000000

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum

    0 REG_SZ Root\LEGACY_RPCSS\0000

    Count REG_DWORD 0x1

    NextInstance REG_DWORD 0x1


  4. ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc

    DependOnService REG_MULTI_SZ RpcSs\0\0

    Description REG_SZ Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

    DisplayName REG_SZ Cryptographic Services

    ErrorControl REG_DWORD 0x1

    ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

    ObjectName REG_SZ LocalSystem

    Start REG_DWORD 0x2

    Type REG_DWORD 0x20

    ServiceSidType REG_DWORD 0x1

    RequiredPrivileges REG_MULTI_SZ SeChangeNotifyPrivilege\0SeCreateGlobalPrivilege\0SeImpersonatePrivilege\0\0

    FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA0000000000000000000000000000

    00000000

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters

    ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\cryptsvc.dll

    ServiceMain REG_SZ CryptServiceMain

    ServiceDllUnloadOnStop REG_DWORD 0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security

    Security REG_BINARY 00000E0001

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Enum

    0 REG_SZ Root\LEGACY_CRYPTSVC\0000

    Count REG_DWORD 0x1

    NextInstance REG_DWORD 0x1

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon

    Description REG_SZ Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

    DisplayName REG_SZ Secondary Logon

    ErrorControl REG_DWORD 0x0

    ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

    Objectname REG_SZ LocalSystem

    Start REG_DWORD 0x2

    Type REG_DWORD 0x120

    RequiredPrivileges REG_MULTI_SZ SeTcbPrivilege\0SeRestorePrivilege\0SeBackupPrivilege\0SeAssignPrimaryTokenPrivilege\0SeIncreaseQuotaPrivilege\0SeImpersonatePrivilege\0\0

    FailureActions REG_BINARY 805101000000000000000000030000001400000001000000C0D4010001000000E093040000000000

    00000000

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Parameters

    ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\seclogon.dll

    ServiceMain REG_SZ SvcEntry_Seclogon

    ServiceDllUnloadOnStop REG_DWORD 0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Security

    Security REG_BINARY 010014807800000084000000140000003000000002001C000100000002801400FF010F0001010000

    00000001000000000200480003000000000014008D01020001010000000000050B00000000001800

    F

    F010F000102000000000005200000002002000000001400FD0102000101000000000005120000000

    1

    0100000000000512000000010100000000000512000000

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Enum

    0 REG_SZ Root\LEGACY_SECLOGON\0000

    Count REG_DWORD 0x1

    NextInstance REG_DWORD 0x1

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler

    DependOnService REG_MULTI_SZ RPCSS\0\0

    Description REG_SZ Loads files to memory for later printing.

    DisplayName REG_SZ Print Spooler

    ErrorControl REG_DWORD 0x1

    FailureActions REG_BINARY 80510100000000000000000003000000E8470C000100000060EA00000100000060EA000000000000

    00000000

    Group REG_SZ SpoolerGroup

    ImagePath REG_EXPAND_SZ %SystemRoot%\system32\spoolsv.exe

    ObjectName REG_SZ LocalSystem

    Start REG_DWORD 0x2

    Type REG_DWORD 0x110

    ServiceSidType REG_DWORD 0x1

    RequiredPrivileges REG_MULTI_SZ SeTcbPrivilege\0SeImpersonatePrivilege\0SeAuditPrivilege\0SeChangeNotifyPrivilege\0SeLoadDriverPrivilege\0SeAssignPrimaryTokenPrivilege\0\0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Parameters

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Performance

    Close REG_SZ PerfClose

    Collect REG_SZ PerfCollect

    Collect Timeout REG_DWORD 0x7d0

    Library REG_SZ winspool.drv

    Object List REG_SZ 1450

    Open REG_SZ PerfOpen

    Open Timeout REG_DWORD 0xfa0

    WbemAdapFileSignature REG_BINARY BD83ABA61E8ACCC8D9FFB869F29418CE

    WbemAdapFileTime REG_BINARY 0020849F5D7AC401

    WbemAdapFileSize REG_DWORD 0x23c00

    WbemAdapStatus REG_DWORD 0x0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Security

    Security REG_BINARY 010014807800000084000000140000003000000002001C000100000002801400FF010F0001010000

    00000001000000000200480003000000000014008D01020001010000000000050B00000000001800

    F

    F010F000102000000000005200000002002000000001400FD0102000101000000000005120000000

    1

    0100000000000512000000010100000000000512000000

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Enum

    0 REG_SZ Root\LEGACY_SPOOLER\0000

    Count REG_DWORD 0x1

    NextInstance REG_DWORD 0x1


  5. ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc

    DependOnService REG_MULTI_SZ RpcSs\0\0

    Description REG_SZ @%SystemRoot%\system32\cryptsvc.dll,-1002

    DisplayName REG_SZ CryptSvc

    ErrorControl REG_DWORD 0x1

    ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

    ObjectName REG_SZ LocalSystem

    Start REG_DWORD 0x2

    Type REG_DWORD 0x20

    ServiceSidType REG_DWORD 0x1

    RequiredPrivileges REG_MULTI_SZ SeChangeNotifyPrivilege\0SeCreateGlobalPrivilege\0SeImpersonatePrivilege\0\0

    FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA0000000000000000000000000000

    00000000

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters

    ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\cryptsvc.dll

    ServiceMain REG_SZ CryptServiceMain

    ServiceDllUnloadOnStop REG_DWORD 0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security

    Security REG_BINARY 00000E0001

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Enum

    0 REG_SZ Root\LEGACY_CRYPTSVC\0000

    Count REG_DWORD 0x1

    NextInstance REG_DWORD 0x1

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon

    Description REG_SZ @%SystemRoot%\system32\seclogon.dll,-7000

    DisplayName REG_SZ Secondary Logon

    ErrorControl REG_DWORD 0x0

    ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

    Objectname REG_SZ LocalSystem

    Start REG_DWORD 0x2

    Type REG_DWORD 0x120

    RequiredPrivileges REG_MULTI_SZ SeTcbPrivilege\0SeRestorePrivilege\0SeBackupPrivilege\0SeAssignPrimaryTokenPrivilege\0SeIncreaseQuotaPrivilege\0SeImpersonatePrivilege\0\0

    FailureActions REG_BINARY 805101000000000000000000030000001400000001000000C0D4010001000000E093040000000000

    00000000

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Parameters

    ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\seclogon.dll

    ServiceMain REG_SZ SvcEntry_Seclogon

    ServiceDllUnloadOnStop REG_DWORD 0x1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Security

    Security REG_BINARY 010014807800000084000000140000003000000002001C000100000002801400FF010F0001010000

    00000001000000000200480003000000000014008D01020001010000000000050B00000000001800

    F

    F010F000102000000000005200000002002000000001400FD0102000101000000000005120000000

    1

    0100000000000512000000010100000000000512000000

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Enum

    0 REG_SZ Root\LEGACY_SECLOGON\0000

    Count REG_DWORD 0x1

    NextInstance REG_DWORD 0x1

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler

    DependOnService REG_MULTI_SZ RPCSS\0\0

    Description REG_SZ @%systemroot%\system32\spoolsv.exe,-2

    DisplayName REG_SZ @%systemroot%\system32\spoolsv.exe,-1

    ErrorControl REG_DWORD 0x1

    FailureActions REG_BINARY 80510100000000000000000003000000E8470C000100000060EA00000100000060EA000000000000

    00000000

    Group REG_SZ SpoolerGroup

    ImagePath REG_EXPAND_SZ %SystemRoot%\system32\spoolsv.exe

    ObjectName REG_SZ LocalSystem

    Start REG_DWORD 0x2

    Type REG_DWORD 0x110

    ServiceSidType REG_DWORD 0x1

    RequiredPrivileges REG_MULTI_SZ SeTcbPrivilege\0SeImpersonatePrivilege\0SeAuditPrivilege\0SeChangeNotifyPrivilege\0SeLoadDriverPrivilege\0SeAssignPrimaryTokenPrivilege\0\0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Parameters

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Performance

    Close REG_SZ PerfClose

    Collect REG_SZ PerfCollect

    Collect Timeout REG_DWORD 0x7d0

    Library REG_SZ winspool.drv

    Object List REG_SZ 1450

    Open REG_SZ PerfOpen

    Open Timeout REG_DWORD 0xfa0

    WbemAdapFileSignature REG_BINARY BD83ABA61E8ACCC8D9FFB869F29418CE

    WbemAdapFileTime REG_BINARY 00789C2F127AC401

    WbemAdapFileSize REG_DWORD 0x23c00

    WbemAdapStatus REG_DWORD 0x0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Security

    Security REG_BINARY 010014807800000084000000140000003000000002001C000100000002801400FF010F0001010000

    00000001000000000200480003000000000014008D01020001010000000000050B00000000001800

    F

    F010F000102000000000005200000002002000000001400FD0102000101000000000005120000000

    1

    0100000000000512000000010100000000000512000000

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Enum

    0 REG_SZ Root\LEGACY_SPOOLER\0000

    Count REG_DWORD 0x1

    NextInstance REG_DWORD 0x1


  6. Thanks..The problem with the full name was I didn't put a space between the first and last name.

    The problem with the mouse was a really a problem with firefox updating themes ...( checkout mozilla troubleshooting extensions and themes).

    I don't know why the cryptographic service doesn't work. Maybe this helps but before we even started the crypto service was and is still running(started) in the safe mode. Your move.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.