1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Rootkit Help

Discussion in 'Malware and Virus Removal Archive' started by troothteller, 2015/07/31.

Thread Status:
Not open for further replies.
Page 4 of 5
  1. 2015/08/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes?...
     
    broni,
    #61
  2. 2015/08/03
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    The new FSS log:

    Farbar Service Scanner Version: 26-07-2015
    Ran by Louis Paul Toscano (administrator) on 03-08-2015 at 21:45:01
    Running from "C:\Documents and Settings\Louis Paul Toscano\Desktop "
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is OK.
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    Firewall Disabled Policy:
    ==================
    "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
    C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
    C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
    C:\WINDOWS\system32\netman.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\srsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
    C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
    C:\WINDOWS\system32\qmgr.dll => File is digitally signed
    C:\WINDOWS\system32\es.dll => File is digitally signed
    C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(5) PSched(7) pwipf6(12) Tcpip(3)
    0x100000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B0000000D0000000E0000000C0000000F00000010000000
    IpSec Tag value is correct.

    **** End of log ****
     
    troothteller,
    #62


  3. to hide this advert.

  4. 2015/08/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    One issue is fixed but not the second one.

    Download and run ServicesRepair.

    Reboot and post a new Farbar Service Scanner log.

    Post fresh FSS log as well.
     
    broni,
    #63
  5. 2015/08/03
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    Farbar Service Scanner Version: 26-07-2015
    Ran by Louis Paul Toscano (administrator) on 03-08-2015 at 23:15:29
    Running from "C:\Documents and Settings\Louis Paul Toscano\Desktop "
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is OK.
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall "=DWORD:0


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
    C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
    C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
    C:\WINDOWS\system32\netman.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\srsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
    C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
    C:\WINDOWS\system32\qmgr.dll => File is digitally signed
    C:\WINDOWS\system32\es.dll => File is digitally signed
    C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(5) PSched(7) pwipf6(12) Tcpip(3)
    0x100000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B0000000D0000000E0000000C0000000F00000010000000
    IpSec Tag value is correct.

    **** End of log ****
     
    troothteller,
    #64
  6. 2015/08/03
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    broni, after Service Repair ran, the computer did not restart as I expected even though I chose for it to restart. So, I restarted from the Start button choosing to Log Off and restart. I suspect something went wrong.
     
    troothteller,
    #65
  7. 2015/08/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    The issue is still there.

    Create another restore point.

    Download enable_firewall.reg file from here: https://www.sendspace.com/file/51ca2h
    Double click on downloaded file and confirm the prompt.

    Restart computer.
    Post new FSS log.
     
    broni,
    #66
  8. 2015/08/04
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    broni, I will do that; but I have some recent Firefox addons that may contribute to this problem. Maybe they should go. They are AddBlock Plus 2.6.10. and IE Tab 2 (FF 3.6+) 5.12.12.1.1-signed. I do not see this in Firefox on my XP; but SeaMonkey has it, HTTPS everywhere 5.0.7. Is any of this stuff bad? I know on Windows 7 I had to disable AddBlock on Torch Browser because it interfered with streaming.
     
    troothteller,
    #67
  9. 2015/08/04
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    broni, I meant to ask about this file on my Desktop CC Support. Why is that there? The first couple of times I downloaded ServicesRepair, it went into my antivirus quarantine file; so I had to go into my antivirus to restore it. If I accessed some other way and tried to move it onto my Desktop, it would jump back in. Here is the FSS log:

    Farbar Service Scanner Version: 26-07-2015
    Ran by Louis Paul Toscano (administrator) on 04-08-2015 at 09:09:57
    Running from "C:\Documents and Settings\Louis Paul Toscano\Desktop "
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is OK.
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
    C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
    C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
    C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
    C:\WINDOWS\system32\netman.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\srsvc.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
    C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
    C:\WINDOWS\system32\qmgr.dll => File is digitally signed
    C:\WINDOWS\system32\es.dll => File is digitally signed
    C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(5) PSched(7) pwipf6(12) Tcpip(3)
    0x100000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B0000000D0000000E0000000C0000000F00000010000000
    IpSec Tag value is correct.

    **** End of log ****
     
    troothteller,
    #68
  10. 2015/08/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Our fix worked.
    See if you can access Windows firewall settings.
     
    broni,
    #69
  11. 2015/08/04
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    No, I cannot. I tried twice, the second time after enabling RAS Async Adapter again. Incidentally, I am suspicious that infections travel between computers on this network. Web pages on my Windows 7 now have more ads than I am used to seeing.
     
    troothteller,
    #70
  12. 2015/08/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That's not possible unless you exchange files between computers.

    Download Windows Repair (All in One) from this site

    Install the program then run it.

    NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator ".
    NOTE 2. Disable your antivirus program before running Windows Repair.

    Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
    If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
    In that case make sure you restart computer.

    [​IMG]


    Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 5 and under "System Restore" click on Create button:

    [​IMG]


    Go to Repairs tab and click Open Repairs button.

    [​IMG]

    In next window....
    Leave all checkmarks as they're.
    Click on Start Repairs button.

    [​IMG]

    Post Windows Repair log which is located in the following folder:
    64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

    Post fresh FSS log as well.
     
    broni,
    #71
  13. 2015/08/04
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    broni, I don't know where my last post went, but I previously did defragmenter, Checkdisk and System File Checker. I just power cycled my computer in accordance with instructions for Windows Repair. I hope there is more to this beyond what I did before starting this thread.
     
    troothteller,
    #72
  14. 2015/08/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    There are more steps in Windows Repair.
    Please run it.
    All steps.
     
    broni,
    #73
  15. 2015/08/04
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    broni, I just did Step 4 twice and I am not sure if it worked. The second time I put my Windows CD in the drive, the disc supplied with this computer. I expected the program to ask for the disc, which it didn't. So, I am restarting this computer unsure of whether System File Checker did it job. When I ran that test before, I never needed to load the disc.
     
    troothteller,
    #74
  16. 2015/08/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If the program didn't ask for the disk it didn't need it.
     
    broni,
    #75
  17. 2015/08/04
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    Step 5 is still running. Good night until I have time to check it.
     
    troothteller,
    #76
  18. 2015/08/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No problem :)
     
    broni,
    #77
  19. 2015/08/05
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    Windows Repair completed, and I clicked OK to reboot; but it didn't. I could tell after leaving the computer and returning. I lost my connection after turning off my firewall, which rebooting fixes. So, I tried to restart, and it hung. Task Manager on this computer allows those commands through it; but it still hung. I had to use the power button. In the command lines, things did not look like they ran as they were supposed to. Until I obtain the FSS log, here is the log for Windows Repair:

    Tweaking.com - Windows Repair v3.3.1
    --------------------------------------------------------------------------------

    System Variables
    --------------------------------------------------------------------------------
    OS: Microsoft Windows XP
    OS Architecture: 32-bit
    OS Version: 5.1.2600
    OS Service Pack: Service Pack 3
    Computer Name: TOSHIBA-USER
    Windows Drive: C:\
    Windows Path: C:\WINDOWS
    Program Files: C:\Program Files
    Current Profile: C:\Documents and Settings\Louis Paul Toscano
    Current Profile SID: S-1-5-21-1019493958-4142826306-2034615594-1005
    Current Profile Classes: S-1-5-21-1019493958-4142826306-2034615594-1005_Classes
    Profiles Location: C:\Documents and Settings
    Profiles Location 2: C:\WINDOWS\ServiceProfiles
    Local Settings AppData: C:\Documents and Settings\Louis Paul Toscano\Local Settings\Application Data
    --------------------------------------------------------------------------------

    System Information
    --------------------------------------------------------------------------------
    System Up Time: 0 Days 00:11:52

    Process Count: 69
    Commit Total: 891.57 MB
    Commit Limit: 4.34 GB
    Commit Peak: 932.09 MB
    Handle Count: 16884
    Kernel Total: 90.92 MB
    Kernel Paged: 56.29 MB
    Kernel Non Paged: 34.63 MB
    System Cache: 792.41 MB
    Thread Count: 841
    --------------------------------------------------------------------------------

    Memory Before Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 2.49 GB
    Memory Used: 1,005.50 MB(39.4318%)
    Memory Avail.: 1.51 GB
    --------------------------------------------------------------------------------

    Cleaning Memory Before Starting Repairs...

    Memory After Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 2.49 GB
    Memory Used: 916.50 MB(35.9415%)
    Memory Avail.: 1.60 GB
    --------------------------------------------------------------------------------

    Starting Repairs...
    Started at (8/4/2015 9:52:55 PM)

    Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
    Total Missing 'InstallDate' Fixed: 148

    01 - Reset Registry Permissions 01/03
    HKEY_CURRENT_USER & Sub Keys
    Start (8/4/2015 9:53:20 PM)

    Running Repair Under Current User Account
    Done (8/4/2015 10:04:04 PM)

    01 - Reset Registry Permissions 02/03
    HKEY_LOCAL_MACHINE & Sub Keys
    Start (8/4/2015 10:04:04 PM)

    Running Repair Under System Account
    Done (8/4/2015 10:59:45 PM)

    01 - Reset Registry Permissions 03/03
    HKEY_CLASSES_ROOT & Sub Keys
    Start (8/4/2015 10:59:45 PM)

    Running Repair Under System Account
    Done (8/4/2015 11:25:44 PM)

    03 - Reset Service Permissions
    Start (8/4/2015 11:25:44 PM)

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/4/2015 11:26:37 PM)

    04 - Register System Files
    Start (8/4/2015 11:26:37 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/4/2015 11:39:34 PM)

    05 - Repair WMI
    Start (8/4/2015 11:39:34 PM)

    Starting Security Center So We Can Export The Security Info.

    Exporting Antivirus Info...
    Baidu Antivirus Exported.

    Exporting 3rd Party Firewall Info...
    Privatefirewall Exported.

    Running Repair Under Current User Account
    Done (8/4/2015 11:46:34 PM)

    06 - Repair Windows Firewall
    Start (8/4/2015 11:46:34 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/4/2015 11:47:47 PM)

    07 - Repair Internet Explorer
    Start (8/4/2015 11:47:47 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/4/2015 11:54:57 PM)

    08 - Repair MDAC/MS Jet
    Start (8/4/2015 11:54:57 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/4/2015 11:56:03 PM)

    09 - Repair Hosts File
    Start (8/4/2015 11:56:03 PM)
    Running Repair Under System Account
    Done (8/4/2015 11:56:06 PM)

    10 - Remove Policies Set By Infections
    Start (8/4/2015 11:56:06 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/4/2015 11:56:17 PM)

    12 - Repair Icons
    Start (8/4/2015 11:56:17 PM)
    Running Repair Under Current User Account
    Done (8/4/2015 11:56:20 PM)

    13 - Repair Network
    Start (8/4/2015 11:56:20 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/4/2015 11:57:08 PM)

    15 - Repair Proxy Settings
    Start (8/4/2015 11:57:08 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/4/2015 11:57:25 PM)

    17 - Repair Windows Updates
    Start (8/4/2015 11:57:25 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account

    The current repair has failed to start for over 30 sec.
    Trying Again....

    Running Repair Under System Account
    Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
    Done (8/5/2015 12:02:20 AM)

    18 - Repair CD/DVD Missing/Not Working
    Start (8/5/2015 12:02:20 AM)
    iTunes not found, not applying UpperFilters iTunes Reg Key
    Done (8/5/2015 12:02:20 AM)

    19 - Repair Volume Shadow Copy Service
    Start (8/5/2015 12:02:20 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:06:09 AM)

    21 - Repair MSI (Windows Installer)
    Start (8/5/2015 12:06:09 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:08:20 AM)

    23.01 - Repair bat Association
    Start (8/5/2015 12:08:21 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:08:26 AM)

    23.02 - Repair cmd Association
    Start (8/5/2015 12:08:26 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:08:31 AM)

    23.03 - Repair com Association
    Start (8/5/2015 12:08:31 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:08:36 AM)

    23.04 - Repair Directory Association
    Start (8/5/2015 12:08:36 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:08:41 AM)

    23.05 - Repair Drive Association
    Start (8/5/2015 12:08:41 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:08:45 AM)

    23.06 - Repair exe Association
    Start (8/5/2015 12:08:45 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:08:51 AM)

    23.07 - Repair Folder Association
    Start (8/5/2015 12:08:51 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:08:56 AM)

    23.08 - Repair inf Association
    Start (8/5/2015 12:08:56 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:09:02 AM)

    23.09 - Repair lnk (Shortcuts) Association
    Start (8/5/2015 12:09:02 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:09:07 AM)

    23.10 - Repair msc Association
    Start (8/5/2015 12:09:07 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:09:11 AM)

    23.11 - Repair reg Association
    Start (8/5/2015 12:09:11 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:09:16 AM)

    23.12 - Repair scr Association
    Start (8/5/2015 12:09:16 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:09:20 AM)

    24 - Repair Windows Safe Mode
    Start (8/5/2015 12:09:20 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:09:25 AM)

    25 - Repair Print Spooler
    Start (8/5/2015 12:09:25 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:10:35 AM)

    26 - Restore Important Windows Services
    Start (8/5/2015 12:10:35 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:12:12 AM)

    27 - Set Windows Services To Default Startup
    Start (8/5/2015 12:12:12 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:13:02 AM)

    Skipping Repair.
    Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
    Current version: 5.1

    Skipping Repair.
    Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
    Current version: 5.1

    Skipping Repair.
    Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
    Current version: 5.1

    31 - Repair Windows 'New' Submenu
    Start (8/5/2015 12:13:03 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (8/5/2015 12:13:08 AM)

    33 - Repair Performance Counters
    Start (8/5/2015 12:13:08 AM)
    Running Repair Under Current User Account
    Done (8/5/2015 12:13:09 AM)

    Cleaning up empty logs...

    All Selected Repairs Done.
    Done at (8/5/2015 12:13:09 AM)
    Total Repair Time: 02:20:15


    ...YOU MUST RESTART YOUR SYSTEM...
     
    troothteller,
    #78
  20. 2015/08/05
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    The FFS log:

    Farbar Service Scanner Version: 26-07-2015
    Ran by Louis Paul Toscano (administrator) on 05-08-2015 at 01:29:12
    Running from "C:\Documents and Settings\Louis Paul Toscano\Desktop "
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is OK.
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(5) PSched(7) pwipf6(12) Tcpip(3)
    0x100000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B0000000D0000000E0000000C0000000F00000010000000
    IpSec Tag value is correct.

    **** End of log ****
     
    troothteller,
    #79
  21. 2015/08/05
    troothteller

    troothteller Well-Known Member Thread Starter

    Joined:
    2010/12/06
    Messages:
    141
    Likes Received:
    0
    Darn it! I have to run this again, having noticed that I did not check Windows Update in the previous run:

    Farbar Service Scanner Version: 26-07-2015
    Ran by Louis Paul Toscano (administrator) on 05-08-2015 at 01:31:38
    Running from "C:\Documents and Settings\Louis Paul Toscano\Desktop "
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is OK.
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(5) PSched(7) pwipf6(12) Tcpip(3)
    0x100000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000B0000000D0000000E0000000C0000000F00000010000000
    IpSec Tag value is correct.

    **** End of log ****
     
    troothteller,
    #80
Page 4 of 5
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...