TERRIBLE TROUBLE -- HELP !!!!!

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

When I started up the pc this morning, as programs were loading, I received
ALERTS of systems leading to a total crash.
They read as follows:

usbwin32.exe

registry.pif

default.scr

CriticalUpdate.exe

Is there ANY way to salvage this by using any of the CD-ROMs for the pc to
locate these sites and repairing them without losing EVERYTHING ???
The pc is running and seems functional, but I don't know what to do ...
continue or quit ???
Can anyone help me with this ... what are these and what can I do to correct
them.
--
Thanks for any assistance or suggestions.
Amber
4 answers Last reply
More about terrible trouble
  1. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Hi Amber,

    > usbwin32.exe

    Virus.

    > registry.pif

    Virus

    > default.scs

    Virus

    > CriticalUpdate.exe

    And, low and behold, another virus. Sounds like your antivirus software did
    half the job. It removed the infecting files but not the startup entries
    that loaded them. Click start/run, type regedit and click ok. Expand the
    plus (+) signs to reach these keys, one at a time:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

    Click on the key, then look in the right pane for a string that loads each
    of the files you listed. Click on the string and then delete it. Close the
    registry editor when they are all removed and restart the system to see if
    the problem is resolved.


    --
    Best of Luck,

    Rick Rogers, aka "Nutcase" - Microsoft MVP
    http://mvp.support.microsoft.com/
    Associate Expert - WindowsXP Expert Zone
    www.microsoft.com/windowsxp/expertzone
    Windows help - www.rickrogers.org

    "Amber" <Amber@discussions.microsoft.com> wrote in message
    news:3D78B036-01FB-48F5-B868-03D3AFA29D3C@microsoft.com...
    > When I started up the pc this morning, as programs were loading, I
    > received
    > ALERTS of systems leading to a total crash.
    > They read as follows:
    >
    > usbwin32.exe
    >
    > registry.pif
    >
    > default.scr
    >
    > CriticalUpdate.exe
    >
    > Is there ANY way to salvage this by using any of the CD-ROMs for the pc to
    > locate these sites and repairing them without losing EVERYTHING ???
    > The pc is running and seems functional, but I don't know what to do ...
    > continue or quit ???
    > Can anyone help me with this ... what are these and what can I do to
    > correct
    > them.
    > --
    > Thanks for any assistance or suggestions.
    > Amber
  2. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Hi Rick

    Thanks for responding and researching my situation.

    I ran a virus scan under the program from Trend Micro, and it showed
    approx. 12 viruses, mostly Trojans, 2 Backdoors, and showed them as "Not
    Cleanable".
    I went through the registry and followed your directions, and some of the
    changes you indicated were not "word for word" on my registry, but I deleted
    the ones closest to the list, and I just hope I didn't make things worse.
    There was one that couldn't be changed at all.

    After this, I tried to restart, and got the same results.

    I ran the ever-so-slow Norton Virus Scan (NSW Antivirus is the one I have
    been using all along), and it didn't show any hits or viruses.

    I tried to do a Restart, crossed my fingers, and hit the go button, and I
    still get the "default.scr" , "CriticalUpdate.exe" , and the "usbwin32.exe"

    I'm ready to pull my hair out. Is there ANYTHING I can try to get rid of
    these glitches?

    I'm ready to shoot the darn thing out its misery, or else myself :D

    "Rick "Nutcase" Rogers" wrote:

    > Hi Amber,
    >
    > > usbwin32.exe
    >
    > Virus.
    >
    > > registry.pif
    >
    > Virus
    >
    > > default.scs
    >
    > Virus
    >
    > > CriticalUpdate.exe
    >
    > And, low and behold, another virus. Sounds like your antivirus software did
    > half the job. It removed the infecting files but not the startup entries
    > that loaded them. Click start/run, type regedit and click ok. Expand the
    > plus (+) signs to reach these keys, one at a time:
    >
    > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
    >
    > Click on the key, then look in the right pane for a string that loads each
    > of the files you listed. Click on the string and then delete it. Close the
    > registry editor when they are all removed and restart the system to see if
    > the problem is resolved.
    >
    >
    > --
    > Best of Luck,
    >
    > Rick Rogers, aka "Nutcase" - Microsoft MVP
    > http://mvp.support.microsoft.com/
    > Associate Expert - WindowsXP Expert Zone
    > www.microsoft.com/windowsxp/expertzone
    > Windows help - www.rickrogers.org
    >
    > "Amber" <Amber@discussions.microsoft.com> wrote in message
    > news:3D78B036-01FB-48F5-B868-03D3AFA29D3C@microsoft.com...
    > > When I started up the pc this morning, as programs were loading, I
    > > received
    > > ALERTS of systems leading to a total crash.
    > > They read as follows:
    > >
    > > usbwin32.exe
    > >
    > > registry.pif
    > >
    > > default.scr
    > >
    > > CriticalUpdate.exe
    > >
    > > Is there ANY way to salvage this by using any of the CD-ROMs for the pc to
    > > locate these sites and repairing them without losing EVERYTHING ???
    > > The pc is running and seems functional, but I don't know what to do ...
    > > continue or quit ???
    > > Can anyone help me with this ... what are these and what can I do to
    > > correct
    > > them.
    > > --
    > > Thanks for any assistance or suggestions.
    > > Amber
    >
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Hi Amber,

    You need to know exactly where they are loading from. Download the startup
    programs tracker under WinXP Utilities at www.dougknox.com, and unzip it,
    then run it. Copy/paste the results into a reply.

    --
    Best of Luck,

    Rick Rogers, aka "Nutcase" - Microsoft MVP
    http://mvp.support.microsoft.com/
    Associate Expert - WindowsXP Expert Zone
    www.microsoft.com/windowsxp/expertzone
    Windows help - www.rickrogers.org

    "Amber" <Amber@discussions.microsoft.com> wrote in message
    news:1B92B5BA-4FD8-4129-9A1B-243982E03BD1@microsoft.com...
    > Hi Rick
    >
    > Thanks for responding and researching my situation.
    >
    > I ran a virus scan under the program from Trend Micro, and it showed
    > approx. 12 viruses, mostly Trojans, 2 Backdoors, and showed them as "Not
    > Cleanable".
    > I went through the registry and followed your directions, and some of the
    > changes you indicated were not "word for word" on my registry, but I
    > deleted
    > the ones closest to the list, and I just hope I didn't make things worse.
    > There was one that couldn't be changed at all.
    >
    > After this, I tried to restart, and got the same results.
    >
    > I ran the ever-so-slow Norton Virus Scan (NSW Antivirus is the one I have
    > been using all along), and it didn't show any hits or viruses.
    >
    > I tried to do a Restart, crossed my fingers, and hit the go button, and I
    > still get the "default.scr" , "CriticalUpdate.exe" , and the
    > "usbwin32.exe"
    >
    > I'm ready to pull my hair out. Is there ANYTHING I can try to get rid of
    > these glitches?
    >
    > I'm ready to shoot the darn thing out its misery, or else myself :D
    >
    > "Rick "Nutcase" Rogers" wrote:
    >
    >> Hi Amber,
    >>
    >> > usbwin32.exe
    >>
    >> Virus.
    >>
    >> > registry.pif
    >>
    >> Virus
    >>
    >> > default.scs
    >>
    >> Virus
    >>
    >> > CriticalUpdate.exe
    >>
    >> And, low and behold, another virus. Sounds like your antivirus software
    >> did
    >> half the job. It removed the infecting files but not the startup entries
    >> that loaded them. Click start/run, type regedit and click ok. Expand the
    >> plus (+) signs to reach these keys, one at a time:
    >>
    >> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    >> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    >> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
    >>
    >> Click on the key, then look in the right pane for a string that loads
    >> each
    >> of the files you listed. Click on the string and then delete it. Close
    >> the
    >> registry editor when they are all removed and restart the system to see
    >> if
    >> the problem is resolved.
    >>
    >>
    >> --
    >> Best of Luck,
    >>
    >> Rick Rogers, aka "Nutcase" - Microsoft MVP
    >> http://mvp.support.microsoft.com/
    >> Associate Expert - WindowsXP Expert Zone
    >> www.microsoft.com/windowsxp/expertzone
    >> Windows help - www.rickrogers.org
    >>
    >> "Amber" <Amber@discussions.microsoft.com> wrote in message
    >> news:3D78B036-01FB-48F5-B868-03D3AFA29D3C@microsoft.com...
    >> > When I started up the pc this morning, as programs were loading, I
    >> > received
    >> > ALERTS of systems leading to a total crash.
    >> > They read as follows:
    >> >
    >> > usbwin32.exe
    >> >
    >> > registry.pif
    >> >
    >> > default.scr
    >> >
    >> > CriticalUpdate.exe
    >> >
    >> > Is there ANY way to salvage this by using any of the CD-ROMs for the pc
    >> > to
    >> > locate these sites and repairing them without losing EVERYTHING ???
    >> > The pc is running and seems functional, but I don't know what to do ...
    >> > continue or quit ???
    >> > Can anyone help me with this ... what are these and what can I do to
    >> > correct
    >> > them.
    >> > --
    >> > Thanks for any assistance or suggestions.
    >> > Amber
    >>
    >>
    >>
  4. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Hello Rick

    Thanks for not "leaving me hanging". I appreciate your time and research.

    I have been desperately trying to backup and save as much as I can before
    the viruses hits them. I have ALL of my financial information from Quicken
    2004 that I need to get ready for tax time, all of my banking
    records,documents, etc., but I'm wondering now if they may possibly already
    be infected.
    I am about ready to take this pc that someone gave me and torch it on the
    BBQ grill.
    I have the information for you ...
    I have RESTORED the HKEY deletions so you can see exactly what they are.
    The only major change I have made lately is adding the program "STOP SPAM",
    and I have uninstalled it in case it has caused the problem.-- Registry --
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

    No Items Found

    -- Registry --
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    Zone Labs Client "C:\Program Files\Zone
    Labs\ZoneAlarm\zlclient.exe"
    ccApp "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    ccRegVfy "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    MSUpdate c:\CriticalUpdate.exe
    Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe
    Digital Patrol Update 5 C:\Program Files\Proantivirus Lab\Digital
    Patrol Scanner 5.0\update.exe /autoupdate

    -- Registry --
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

    No Items Found

    -- Registry --
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

    PopUpStopperFreeEdition C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    FreeRAM XP "C:\Program Files\framxpro\FreeRAM XP Pro
    1.40.exe" -win
    msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe"
    /background

    -- Registry --
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce

    No Items Found

    -- Start Menu - Current User --
    No Items Found

    -- Start Menu - All Users --
    default.scr
    usbwin32.exe

    -- Disabled Items --
    No Items Found

    -- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows
    NT\CurrentVersion\Winlogon --
    Explorer.exe

    -- Running Processes --
    System Idle Process
    System
    smss.exe \SystemRoot\System32\smss.exe
    csrss.exe
    winlogon.exe winlogon.exe
    services.exe C:\WINDOWS\system32\services.exe
    lsass.exe C:\WINDOWS\system32\lsass.exe
    svchost.exe C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs
    incdsrv.exe "C:\Program Files\Ahead\InCD\InCDsrv.exe"
    svchost.exe
    svchost.exe
    spoolsv.exe C:\WINDOWS\system32\spoolsv.exe
    CCEVTMGR.EXE "C:\Program Files\Common Files\Symantec
    Shared\ccEvtMgr.exe"
    NAVAPSVC.EXE "C:\Program Files\Norton SystemWorks\Norton
    AntiVirus\navapsvc.exe"
    NMSAccess.exe "C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe"
    NPROTECT.EXE "C:\Program Files\Norton SystemWorks\Norton
    Utilities\NPROTECT.EXE"
    PRISMXL.SYS "C:\Program Files\Common
    Files\Lanovation\PrismXL\PRISMXL.SYS"
    NOPDB.EXE C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    svchost.exe C:\WINDOWS\System32\svchost.exe -k imgsvc
    explorer.exe C:\WINDOWS\Explorer.EXE
    wdfmgr.exe
    ccApp.exe "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    update.exe "C:\Program Files\Proantivirus Lab\Digital Patrol
    Scanner 5.0\update.exe" /autoupdate
    PSFree.exe "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    FreeRAM XP Pro 1.40."C:\Program Files\framxpro\FreeRAM XP Pro 1.40.exe" -win
    SymWSC.exe "C:\Program Files\Common Files\Symantec Shared\Security
    Center\SymWSC.exe"
    alg.exe
    zlclient.exe "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    Vsmon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
    iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
    FAST2.EXE "C:\Program Files\FAST Defrag\FAST2.EXE"
    avant.exe "C:\Program Files\Avant Browser\avant.exe"
    helpctr.exe "C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"
    -FromStartHelp
    helpsvc.exe "C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe"
    /Embedding
    HelpHost.exe "C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe"
    -guid {4C971553-B09D-4275-9F95-217E851644CF}
    wordpad.exe "C:\Program Files\Windows NT\Accessories\wordpad.exe"
    StartupTracker3.exe "C:\Documents and Settings\Bob\My
    Documents\Unzipped\StartupTracker3[1]\StartupTracker3.exe"
    msmsgs.exe "C:\Program Files\Messenger\msmsgs.exe" -Embedding
    StartupTracker3.exe "C:\Documents and Settings\Bob\My
    Documents\Unzipped\StartupTracker3[1]\StartupTracker3.exe"
    wmiprvse.exe

    -- Running Services --

    Name: 6to4
    Description: Provides DDNS name registration and automatic IPv6 connectivity
    over an IPv4 network. If this service is stopped, other computers may not be
    able to reach it by name and the machine will only have IPv6 connectivity if
    it is connected to a native IPv6 network. If this service is disabled, any
    other services that explicitly depend on this service will fail to start.
    Startup Mode: Auto
    Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

    Name: ALG
    Description: Provides support for 3rd party protocol plug-ins for Internet
    Connection Sharing and the Windows Firewall.
    Startup Mode: Manual
    Run from: C:\WINDOWS\System32\alg.exe

    Name: AudioSrv
    Description: Manages audio devices for Windows-based programs. If this
    service is stopped, audio devices and effects will not function properly. If
    this service is disabled, any services that explicitly depend on it will fail
    to start.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: Browser
    Description: Maintains an updated list of computers on the network and
    supplies this list to computers designated as browsers. If this service is
    stopped, this list will not be updated or maintained. If this service is
    disabled, any services that explicitly depend on it will fail to start.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: ccEvtMgr
    Description: Symantec Event Manager
    Startup Mode: Auto
    Run from: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

    Name: CryptSvc
    Description: Provides three management services: Catalog Database Service,
    which confirms the signatures of Windows files; Protected Root Service, which
    adds and removes Trusted Root Certification Authority certificates from this
    computer; and Key Service, which helps enroll this computer for certificates.
    If this service is stopped, these management services will not function
    properly. If this service is disabled, any services that explicitly depend on
    it will fail to start.
    Startup Mode: Auto
    Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

    Name: DcomLaunch
    Description: Provides launch functionality for DCOM services.
    Startup Mode: Auto
    Run from: C:\WINDOWS\system32\svchost -k DcomLaunch

    Name: Dhcp
    Description: Manages network configuration by registering and updating IP
    addresses and DNS names.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: Dnscache
    Description: Resolves and caches Domain Name System (DNS) names for this
    computer. If this service is stopped, this computer will not be able to
    resolve DNS names and locate Active Directory domain controllers. If this
    service is disabled, any services that explicitly depend on it will fail to
    start.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k NetworkService

    Name: ERSvc
    Description: Allows error reporting for services and applictions running in
    non-standard environments.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: Eventlog
    Description: Enables event log messages issued by Windows-based programs and
    components to be viewed in Event Viewer. This service cannot be stopped.
    Startup Mode: Auto
    Run from: C:\WINDOWS\system32\services.exe

    Name: EventSystem
    Description: Supports System Event Notification Service (SENS), which
    provides automatic distribution of events to subscribing Component Object
    Model (COM) components. If the service is stopped, SENS will close and will
    not be able to provide logon and logoff notifications. If this service is
    disabled, any services that explicitly depend on it will fail to start.
    Startup Mode: Manual
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: FastUserSwitchingCompatibility
    Description: Provides management for applications that require assistance in
    a multiple user environment.
    Startup Mode: Manual
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: helpsvc
    Description: Enables Help and Support Center to run on this computer. If
    this service is stopped, Help and Support Center will be unavailable. If this
    service is disabled, any services that explicitly depend on it will fail to
    start.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: InCDsrv
    Description: Helper service for the InCD filesystem driver
    Startup Mode: Auto
    Run from: C:\Program Files\Ahead\InCD\InCDsrv.exe

    Name: lanmanserver
    Description: Supports file, print, and named-pipe sharing over the network
    for this computer. If this service is stopped, these functions will be
    unavailable. If this service is disabled, any services that explicitly depend
    on it will fail to start.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: lanmanworkstation
    Description: Creates and maintains client network connections to remote
    servers. If this service is stopped, these connections will be unavailable.
    If this service is disabled, any services that explicitly depend on it will
    fail to start.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: LmHosts
    Description: Enables support for NetBIOS over TCP/IP (NetBT) service and
    NetBIOS name resolution.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k LocalService

    Name: navapsvc
    Description: Handles Norton AntiVirus Auto-Protect events.
    Startup Mode: Auto
    Run from: "C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe"

    Name: Netman
    Description: Manages objects in the Network and Dial-Up Connections folder,
    in which you can view both local area network and remote connections.
    Startup Mode: Manual
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: Nla
    Description: Collects and stores network configuration and location
    information, and notifies applications when this information changes.
    Startup Mode: Manual
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: NMSAccess
    Description:
    Startup Mode: Auto
    Run from: C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe

    Name: NProtectService
    Description:
    Startup Mode: Auto
    Run from: "C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE"

    Name: PlugPlay
    Description: Enables a computer to recognize and adapt to hardware changes
    with little or no user input. Stopping or disabling this service will result
    in system instability.
    Startup Mode: Auto
    Run from: C:\WINDOWS\system32\services.exe

    Name: PolicyAgent
    Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE)
    and the IP security driver.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\lsass.exe

    Name: PrismXL
    Description:
    Startup Mode: Auto
    Run from: C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

    Name: ProtectedStorage
    Description: Provides protected storage for sensitive data, such as private
    keys, to prevent access by unauthorized services, processes, or users.
    Startup Mode: Auto
    Run from: C:\WINDOWS\system32\lsass.exe

    Name: RasMan
    Description: Creates a network connection.
    Startup Mode: Manual
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: RpcSs
    Description: Provides the endpoint mapper and other miscellaneous RPC
    services.
    Startup Mode: Auto
    Run from: C:\WINDOWS\system32\svchost -k rpcss

    Name: SamSs
    Description: Stores security information for local user accounts.
    Startup Mode: Auto
    Run from: C:\WINDOWS\system32\lsass.exe

    Name: Schedule
    Description: Enables a user to configure and schedule automated tasks on
    this computer. If this service is stopped, these tasks will not be run at
    their scheduled times. If this service is disabled, any services that
    explicitly depend on it will fail to start.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: seclogon
    Description: Enables starting processes under alternate credentials. If this
    service is stopped, this type of logon access will be unavailable. If this
    service is disabled, any services that explicitly depend on it will fail to
    start.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: SENS
    Description: Tracks system events such as Windows logon, network, and power
    events. Notifies COM+ Event System subscribers of these events.
    Startup Mode: Auto
    Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

    Name: SharedAccess
    Description: Provides network address translation, addressing, name
    resolution and/or intrusion prevention services for a home or small office
    network.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: ShellHWDetection
    Description: Provides notifications for AutoPlay hardware events.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: Speed Disk service
    Description:
    Startup Mode: Auto
    Run from: C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe

    Name: Spooler
    Description: Loads files to memory for later printing.
    Startup Mode: Auto
    Run from: C:\WINDOWS\system32\spoolsv.exe

    Name: srservice
    Description: Performs system restore functions. To stop service, turn off
    System Restore from the System Restore tab in My Computer->Properties
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: stisvc
    Description: Provides image acquisition services for scanners and cameras.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k imgsvc

    Name: SymWSC
    Description: Symantec WMI Service
    Startup Mode: Auto
    Run from: "C:\Program Files\Common Files\Symantec Shared\Security
    Center\SymWSC.exe"

    Name: TapiSrv
    Description: Provides Telephony API (TAPI) support for programs that control
    telephony devices and IP based voice connections on the local computer and,
    through the LAN, on servers that are also running the service.
    Startup Mode: Manual
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: TermService
    Description: Allows multiple users to be connected interactively to a
    machine as well as the display of desktops and applications to remote
    computers. The underpinning of Remote Desktop (including RD for
    Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
    Startup Mode: Manual
    Run from: C:\WINDOWS\System32\svchost -k DComLaunch

    Name: Themes
    Description: Provides user experience theme management.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: TrkWks
    Description: Maintains links between NTFS files within a computer or across
    computers in a network domain.
    Startup Mode: Auto
    Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

    Name: UMWdf
    Description: Enables Windows user mode drivers.
    Startup Mode: Auto
    Run from: C:\WINDOWS\system32\wdfmgr.exe

    Name: vsmon
    Description: Monitors internet traffic and generates alerts for disallowed
    access.
    Startup Mode: Auto
    Run from: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

    Name: W32Time
    Description: Maintains date and time synchronization on all clients and
    servers in the network. If this service is stopped, date and time
    synchronization will be unavailable. If this service is disabled, any
    services that explicitly depend on it will fail to start.

    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: WebClient
    Description: Enables Windows-based programs to create, access, and modify
    Internet-based files. If this service is stopped, these functions will not be
    available. If this service is disabled, any services that explicitly depend
    on it will fail to start.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k LocalService

    Name: winmgmt
    Description: Provides a common interface and object model to access
    management information about operating system, devices, applications and
    services. If this service is stopped, most Windows-based software will not
    function properly. If this service is disabled, any services that explicitly
    depend on it will fail to start.
    Startup Mode: Auto
    Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

    Name: wscsvc
    Description: Monitors system security settings and configurations.
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs

    Name: wuauserv
    Description: Enables the download and installation of critical Windows
    updates. If the service is disabled, the operating system can be manually
    updated at the Windows Update Web site.
    Startup Mode: Auto
    Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs

    Name: WZCSVC
    Description: Provides automatic configuration for the 802.11 adapters
    Startup Mode: Auto
    Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs


    I really appreciate your help with this because


    "Rick "Nutcase" Rogers" wrote:

    > Hi Amber,
    >
    > You need to know exactly where they are loading from. Download the startup
    > programs tracker under WinXP Utilities at www.dougknox.com, and unzip it,
    > then run it. Copy/paste the results into a reply.
    >
    > --
    > Best of Luck,
    >
    > Rick Rogers, aka "Nutcase" - Microsoft MVP
    > http://mvp.support.microsoft.com/
    > Associate Expert - WindowsXP Expert Zone
    > www.microsoft.com/windowsxp/expertzone
    > Windows help - www.rickrogers.org
    >
    > "Amber" <Amber@discussions.microsoft.com> wrote in message
    > news:1B92B5BA-4FD8-4129-9A1B-243982E03BD1@microsoft.com...
    > > Hi Rick
    > >
    > > Thanks for responding and researching my situation.
    > >
    > > I ran a virus scan under the program from Trend Micro, and it showed
    > > approx. 12 viruses, mostly Trojans, 2 Backdoors, and showed them as "Not
    > > Cleanable".
    > > I went through the registry and followed your directions, and some of the
    > > changes you indicated were not "word for word" on my registry, but I
    > > deleted
    > > the ones closest to the list, and I just hope I didn't make things worse.
    > > There was one that couldn't be changed at all.
    > >
    > > After this, I tried to restart, and got the same results.
    > >
    > > I ran the ever-so-slow Norton Virus Scan (NSW Antivirus is the one I have
    > > been using all along), and it didn't show any hits or viruses.
    > >
    > > I tried to do a Restart, crossed my fingers, and hit the go button, and I
    > > still get the "default.scr" , "CriticalUpdate.exe" , and the
    > > "usbwin32.exe"
    > >
    > > I'm ready to pull my hair out. Is there ANYTHING I can try to get rid of
    > > these glitches?
    > >
    > > I'm ready to shoot the darn thing out its misery, or else myself :D
    > >
    > > "Rick "Nutcase" Rogers" wrote:
    > >
    > >> Hi Amber,
    > >>
    > >> > usbwin32.exe
    > >>
    > >> Virus.
    > >>
    > >> > registry.pif
    > >>
    > >> Virus
    > >>
    > >> > default.scs
    > >>
    > >> Virus
    > >>
    > >> > CriticalUpdate.exe
    > >>
    > >> And, low and behold, another virus. Sounds like your antivirus software
    > >> did
    > >> half the job. It removed the infecting files but not the startup entries
    > >> that loaded them. Click start/run, type regedit and click ok. Expand the
    > >> plus (+) signs to reach these keys, one at a time:
    > >>
    > >> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    > >> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    > >> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
    > >>
    > >> Click on the key, then look in the right pane for a string that loads
    > >> each
    > >> of the files you listed. Click on the string and then delete it. Close
    > >> the
    > >> registry editor when they are all removed and restart the system to see
    > >> if
    > >> the problem is resolved.
    > >>
    > >>
    > >> --
    > >> Best of Luck,
    > >>
    > >> Rick Rogers, aka "Nutcase" - Microsoft MVP
    > >> http://mvp.support.microsoft.com/
    > >> Associate Expert - WindowsXP Expert Zone
    > >> www.microsoft.com/windowsxp/expertzone
    > >> Windows help - www.rickrogers.org
    > >>
    > >> "Amber" <Amber@discussions.microsoft.com> wrote in message
    > >> news:3D78B036-01FB-48F5-B868-03D3AFA29D3C@microsoft.com...
    > >> > When I started up the pc this morning, as programs were loading, I
    > >> > received
    > >> > ALERTS of systems leading to a total crash.
    > >> > They read as follows:
    > >> >
    > >> > usbwin32.exe
    > >> >
    > >> > registry.pif
    > >> >
    > >> > default.scr
    > >> >
    > >> > CriticalUpdate.exe
    > >> >
    > >> > Is there ANY way to salvage this by using any of the CD-ROMs for the pc
    > >> > to
    > >> > locate these sites and repairing them without losing EVERYTHING ???
    > >> > The pc is running and seems functional, but I don't know what to do ...
    > >> > continue or quit ???
    > >> > Can anyone help me with this ... what are these and what can I do to
    > >> > correct
    > >> > them.
    > >> > --
    > >> > Thanks for any assistance or suggestions.
    > >> > Amber
    > >>
    > >>
    > >>
    >
    >
    >
Ask a new question

Read More

Windows XP