Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan:DOS/Alureon


  • Please log in to reply

#16
williampeyrot

williampeyrot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Its almost like i lost administrative.

--------------------------------------------------------------
Service Display Name: Application Experience
Service: AeLookupSvc
PID: 1116
Path: C:\Windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Application Information
Service: Appinfo
PID: 1116
Path: C:\Windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Background Intelligent Transfer Service
Service: BITS
PID: 1116
Path: C:\Windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Base Filtering Engine
Service: BFE
PID: 1916
Path: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Certificate Propagation
Service: CertPropSvc
PID: 1116
Path: C:\Windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: COM+ Event System
Service: EventSystem
PID: 1292
Path: C:\Windows\system32\svchost.exe -k LocalService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Computer Browser
Service: Browser
PID: 1116
Path: C:\Windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Cryptographic Services
Service: CryptSvc
PID: 1436
Path: C:\Windows\system32\svchost.exe -k NetworkService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: DCOM Server Process Launcher
Service: DcomLaunch
PID: 820
Path: C:\Windows\system32\svchost.exe -k DcomLaunch
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Desktop Window Manager Session Manager
Service: UxSms
PID: 1084
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: DHCP Client
Service: Dhcp
PID: 1020
Path: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Diagnostic Policy Service
Service: DPS
PID: 1916
Path: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Diagnostic System Host
Service: WdiSystemHost
PID: 1084
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Distributed Link Tracking Client
Service: TrkWks
PID: 1084
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: DNS Client
Service: Dnscache
PID: 1436
Path: C:\Windows\system32\svchost.exe -k NetworkService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Function Discovery Provider Host
Service: fdPHost
PID: 1292
Path: C:\Windows\system32\svchost.exe -k LocalService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Function Discovery Resource Publication
Service: FDResPub
PID: 1292
Path: C:\Windows\system32\svchost.exe -k LocalService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Group Policy Client
Service: gpsvc
PID: 1220
Path: C:\Windows\system32\svchost.exe -k GPSvcGroup
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: HP CUE DeviceDiscovery Service
Service: hpqddsvc
PID: 3052
Path: C:\Windows\system32\svchost.exe -k hpdevmgmt
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: HP Network Devices Support
Service: HPSLPSVC
PID: 3424
Path: C:\Windows\system32\svchost.exe -k HPService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: hpqcxs08
Service: hpqcxs08
PID: 3052
Path: C:\Windows\system32\svchost.exe -k hpdevmgmt
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Human Interface Device Access
Service: hidserv
PID: 1084
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: IKE and AuthIP IPsec Keying Modules
Service: IKEEXT
PID: 1116
Path: C:\Windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: IP Helper
Service: iphlpsvc
PID: 1116
Path: C:\Windows\System32\svchost.exe -k NetSvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: IPsec Policy Agent
Service: PolicyAgent
PID: 3508
Path: C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: KtmRm for Distributed Transaction Coordinator
Service: KtmRm
PID: 1436
Path: C:\Windows\System32\svchost.exe -k NetworkService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Multimedia Class Scheduler
Service: MMCSS
PID: 1116
Path: C:\Windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Net Driver HPZ12
Service: Net Driver HPZ12
PID: 3300
Path: C:\Windows\System32\svchost.exe -k HPZ12
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Network Connections
Service: Netman
PID: 1084
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Network List Service
Service: netprofm
PID: 1292
Path: C:\Windows\System32\svchost.exe -k LocalService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Network Location Awareness
Service: NlaSvc
PID: 1436
Path: C:\Windows\System32\svchost.exe -k NetworkService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Network Store Interface Service
Service: nsi
PID: 1292
Path: C:\Windows\system32\svchost.exe -k LocalService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Plug and Play
Service: PlugPlay
PID: 820
Path: C:\Windows\system32\svchost.exe -k DcomLaunch
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Pml Driver HPZ12
Service: Pml Driver HPZ12
PID: 3452
Path: C:\Windows\System32\svchost.exe -k HPZ12
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Portable Device Enumerator Service
Service: WPDBusEnum
PID: 1084
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Program Compatibility Assistant Service
Service: PcaSvc
PID: 1084
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: ReadyBoost
Service: EMDMgmt
PID: 1084
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Remote Access Connection Manager
Service: RasMan
PID: 1116
Path: C:\Windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Remote Procedure Call (RPC)
Service: RpcSs
PID: 880
Path: C:\Windows\system32\svchost.exe -k rpcss
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Secondary Logon
Service: seclogon
PID: 1116
Path: C:\Windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Secure Socket Tunneling Protocol Service
Service: SstpSvc
PID: 1292
Path: C:\Windows\system32\svchost.exe -k LocalService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Security Center
Service: wscsvc
PID: 1020
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Server
Service: LanmanServer
PID: 1116
Path: C:\Windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Shell Hardware Detection
Service: ShellHWDetection
PID: 1116
Path: C:\Windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Smart Card
Service: SCardSvr
PID: 1292
Path: C:\Windows\system32\svchost.exe -k LocalService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: SSDP Discovery
Service: SSDPSRV
PID: 1292
Path: C:\Windows\system32\svchost.exe -k LocalService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Superfetch
Service: SysMain
PID: 1084
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: System Event Notification Service
Service: SENS
PID: 1116
Path: C:\Windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Tablet PC Input Service
Service: TabletInputService
PID: 1084
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Task Scheduler
Service: Schedule
PID: 1116
Path: C:\Windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: TCP/IP NetBIOS Helper
Service: lmhosts
PID: 1020
Path: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Telephony
Service: TapiSrv
PID: 1436
Path: C:\Windows\System32\svchost.exe -k NetworkService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Terminal Services
Service: TermService
PID: 1436
Path: C:\Windows\System32\svchost.exe -k NetworkService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Themes
Service: Themes
PID: 1116
Path: C:\Windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: UPnP Device Host
Service: upnphost
PID: 1292
Path: C:\Windows\system32\svchost.exe -k LocalService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: User Profile Service
Service: ProfSvc
PID: 1116
Path: C:\Windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: WebClient
Service: WebClient
PID: 1292
Path: C:\Windows\system32\svchost.exe -k LocalService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Windows Audio
Service: Audiosrv
PID: 1020
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Windows Audio Endpoint Builder
Service: AudioEndpointBuilder
PID: 1084
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Windows Driver Foundation - User-mode Driver Framework
Service: wudfsvc
PID: 1084
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Windows Error Reporting Service
Service: WerSvc
PID: 3796
Path: C:\Windows\System32\svchost.exe -k WerSvcGroup
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Windows Event Log
Service: Eventlog
PID: 1020
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Windows Firewall
Service: MpsSvc
PID: 1916
Path: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Windows Font Cache Service
Service: FontCache
PID: 2392
Path: C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Windows Image Acquisition (WIA)
Service: stisvc
PID: 3540
Path: C:\Windows\system32\svchost.exe -k imgsvc
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Windows Management Instrumentation
Service: Winmgmt
PID: 1116
Path: C:\Windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Windows Time
Service: W32Time
PID: 1292
Path: C:\Windows\system32\svchost.exe -k LocalService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Windows Update
Service: wuauserv
PID: 1116
Path: C:\Windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Workstation
Service: LanmanWorkstation
PID: 1292
Path: C:\Windows\System32\svchost.exe -k LocalService
--------------------------------------------------------------
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Interesting that the svchost file that is causing all of the trouble is not shown in the last post.

svchost.exe 48.98 1,189,192 K 1,232,632 K 4316 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows

PID should be 4316 but there is no 4316 now. Can you run Process Explorer again and let's see if it's really gone. It might have been a windows update that has now completed. If the top user is still svchost.exe then hover over it. I think Process Explorer will tell you more about it.
  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
In addition to the previous post it might help to turn off UAC:

http://windows.micro...ntrol-on-or-off
  • 0

#19
williampeyrot

williampeyrot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here you go

Attached Files


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
OK must have just been a Windows Update. Looks like it should be fairly quick now. Is it?
  • 0

#21
williampeyrot

williampeyrot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Its quicker, but i still don't have access to those folders.
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Which folders are you trying to access?
  • 0

#23
williampeyrot

williampeyrot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
One in particular is Documents and Settings.
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Documents and Settings is supposed to be locked. It is on mine too. Could be you are seeing files that you normally wouldn't see.

Try:

Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button
  • 0

#25
williampeyrot

williampeyrot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Fixed that problem and just took this. It still seems sporadic.

Attached Files


  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Run Process Explorer and right click on then svchosts file when it is at the top of the list and select Properties. (If you hit the Space bar it will stop updating and that will make it easier). Under Image should be an entry for Command Line that says something like:

C:\Windows\system32\svchost.exe -k Something

What is Something?
  • 0

#27
williampeyrot

williampeyrot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
i took a picture of what norton showed me as well.

LocalSystemNetworkRestricted

Attached Thumbnails

  • svchost error Norton 360 info.jpg

  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Since you can do screen shots. Go in to Process Explorer and hover over the top svchost.exe file and it should show you some info about it. Take a screen shot of that.
  • 0

#29
williampeyrot

williampeyrot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here is the pic

Attached Thumbnails

  • ProcXp.jpg

  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Copy the next line:

net stop WdiSystemHost

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Do you get an error?

Run Process Explorer again. Does svchost.exe still show up at the top?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP