1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Virus Win32 Window and Lost Restore Point

Discussion in 'Malware and Virus Removal Archive' started by mechanic, 2012/06/08.

Page 2 of 2
  1. 2012/06/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That looks better.
    Registry keys are all in but some services are still not running.

    It may be permissions issue.

    Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
    Registry Editor will open.
    Navigate to : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache
    Right click on Dnscache, click "Permissions" then "Add" button, type "Everyone ", click OK, tick "Full control" in "Allow" box, click OK, close registry editor.

    Repeat same process with following keys in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services folder:
    EventSystem
    netman
    sharedaccess
    Srservice

    Go to Start=>Run (alternatively use Windows key+R), type cmd and click OK.
    Type:
    net start Dnscache
    Press Enter.

    Repeat very same "net start" command replacing "Dnscache" word with the following words:
    EventSystem
    netman
    sharedaccess
    Srservice

    Post new FSS log.
     
    Last edited: 2012/06/09
    broni,
    #21
  2. 2012/06/09
    mechanic

    mechanic Well-Known Member Thread Starter

    Joined:
    2002/02/17
    Messages:
    54
    Likes Received:
    0
    Regediting

    I am in the registry, and am seeing: HKEY_LOCAL_MACHINE\SYTEM\currentcontrolset\services\DNScache
    Under DNScache are three folders only:
    Enum
    Parameter
    Security

    Also the same three down at EventSystem.

    I do not see SharedAccess.
    Hopefully I am in the right location?
     
    mechanic,
    #22


  3. to hide this advert.

  4. 2012/06/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    My fault. It was a typo.
    I edited my instructions.
     
    broni,
    #23
  5. 2012/06/09
    mechanic

    mechanic Well-Known Member Thread Starter

    Joined:
    2002/02/17
    Messages:
    54
    Likes Received:
    0
    FFS after Regedit/Run

    Farbar Service Scanner Version: 09-06-2012
    Ran by h (administrator) on 09-06-2012 at 21:17:16
    Running from "C:\Documents and Settings\h\Desktop "
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is OK.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.


    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Attempt to access Google.com returned error: Google.com is offline
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is OK.
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.

    netman Service is not running. Checking service configuration:
    The start type of netman service is OK.
    The ImagePath of netman service is OK.
    The ServiceDll of netman service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    Srservice Service is not running. Checking service configuration:
    The start type of Srservice service is OK.
    The ImagePath of Srservice service is OK.
    The ServiceDll of Srservice service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    The start type of BITS service is set to Demand. The default start type is Auto.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll ".

    EventSystem Service is not running. Checking service configuration:
    The start type of EventSystem service is OK.
    The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs ".
    The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll ".


    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit


    **** End of log ****
     
    mechanic,
    #24
  6. 2012/06/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Not much of a improvement.

    Download Windows Repair (all in one) from this site

    Install the program then run

    Go to step 2 and allow it to run Disc check

    [​IMG]



    Once that is done then go to step 3 and allow it to run SFC

    [​IMG]


    On the the Start Repairs tab. Click the Advanced Mode and click Start

    [​IMG]


    Please ensure that items seen in the image below are ticked as well as the Repair MSI (Windows Installer) & Set Windows Services to Default Setup.

    Click on box next to the Restart System when Finished. Then click on Start

    [​IMG]

    Post new FSS log.
     
    broni,
    #25
  7. 2012/06/09
    mechanic

    mechanic Well-Known Member Thread Starter

    Joined:
    2002/02/17
    Messages:
    54
    Likes Received:
    0
    Windows Repair/ Tweeking

    I started to try the Windows Repair, but it requires an XP SP3 disk. Mine is only
    a SP2. If using this utility is the best solution, I will have to see if I can
    borrow a disc from someone. It will take a couple/few days.

    Is there another approach I could use? If not, I can wing it for a while until I
    can find a disk. Not a problem.
     
    mechanic,
    #26
  8. 2012/06/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Did "sfc" find some issues?
    That's why you need Windows XP SP3 CD?

    If so you can create your own: http://www.theeldergeek.com/slipstreamed_xpsp3_cd.htm

    The above our best shot.
    If that doesn't fix your issues we may try Windows repair installation but it'll need very same CD.
     
    broni,
    #27
  9. 2012/06/10
    mechanic

    mechanic Well-Known Member Thread Starter

    Joined:
    2002/02/17
    Messages:
    54
    Likes Received:
    0
    Repair Install / Issue Resolution

    It looks like the slipstream site you sent me to is pretty comprehensive, so I will be trying the repair install approach when I get the disk ready to go. It looks to me like the system is probably 99%+ fixed, and actually is running better than it has for some time. It boots faster and the IE opens faster than
    when it was new.

    As it will take me a while to assemble the repair disk, I think you can close out this issue at this point. I think I can take it from here with the website info.

    I have greatly appreciated all your assistance!
     
    mechanic,
    #28
  10. 2012/06/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    We don't close topics, so let me know how it went.

    For now I'll mark this topic as resolved.

    Good luck and stay safe :)
     
    broni,
    #29
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...