Jump to content

ZAccess problem but also....

playloud

By playloud
in Resolved Malware Removal Logs

 Share

Recommended Posts

MrCharlie

MrCharlie

Posted
Posted

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
MrC
Link to post
Share on other sites
playloud

playloud

Posted
  • Author
Posted

Service Scanner log

 

Farbar Service Scanner Version: 28-08-2013
Ran by play loud (administrator) on 04-09-2013 at 17:47:07
Running from "C:\Documents and Settings\play loud\Επιφάνεια εργασίας"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.
 
 
Firewall Disabled Policy: 
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
Checking LEGACY_wuauserv: ATTENTION!=====> Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.
 
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
File Check:
========
C:\windows\system32\dhcpcsvc.dll
[2008-05-09 11:57] - [2008-04-14 22:59] - 0128000 ____N (Microsoft Corporation) 94C7EE99425BC8342D2991A915D8A8A9
 
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll
[2004-09-07 15:00] - [2009-04-20 20:18] - 0046080 ____N (Microsoft Corporation) F99BE5941B69DC781C1C5A5D71280469
 
C:\windows\system32\ipnathlp.dll
[2004-09-07 15:00] - [2008-04-14 22:59] - 0335360 ____N (Microsoft Corporation) 522873DF0FFD34FB1A8AF7D7E276727E
 
C:\windows\system32\netman.dll
[2004-09-07 15:00] - [2008-04-14 22:59] - 0198144 ____N (Microsoft Corporation) A443996504A45CDF60CBA800DCB14420
 
C:\windows\system32\wbem\WMIsvc.dll
[2006-08-17 21:47] - [2008-04-14 23:00] - 0145408 ____N (Microsoft Corporation) 075EC50CA60F1B4EE576886BEF72AB21
 
C:\windows\system32\srsvc.dll
[2006-08-17 21:48] - [2008-04-14 23:00] - 0171520 ____N (Microsoft Corporation) BB9B6E360FF1A701A7920AA798A335BF
 
C:\windows\system32\Drivers\sr.sys
[2008-05-09 11:56] - [2008-04-14 22:32] - 0073472 ____N (Microsoft Corporation) A41AC0D87DC3054DB716F1456C84391C
 
C:\windows\system32\wscsvc.dll
[2004-09-07 15:00] - [2008-04-14 23:00] - 0080896 ____N (Microsoft Corporation) 1A5DDC44B0AB7C40C13796DB7DB82989
 
C:\windows\system32\wbem\WMIsvc.dll
[2006-08-17 21:47] - [2008-04-14 23:00] - 0145408 ____N (Microsoft Corporation) 075EC50CA60F1B4EE576886BEF72AB21
 
C:\windows\system32\wuauserv.dll
[2006-08-17 21:48] - [2008-04-14 23:00] - 0006656 ____N (Microsoft Corporation) 6F55057EE883AC1675F31242B6DD6EF3
 
C:\windows\system32\qmgr.dll
[2008-05-09 11:58] - [2008-04-14 22:59] - 0409088 ____N (Microsoft Corporation) ABDC5CF759C736DFBFEB031FDC01E303
 
C:\windows\system32\es.dll
[2004-09-07 15:00] - [2008-07-07 23:28] - 0253952 ____N (Microsoft Corporation) C35DF6D336EBCB2F5E8D817A531BA666
 
C:\windows\system32\cryptsvc.dll
[2004-09-07 15:00] - [2008-04-14 22:59] - 0062464 ____N (Microsoft Corporation) F50F73977012F0F5CF807451B79B6736
 
C:\windows\system32\svchost.exe
[2004-09-07 15:00] - [2008-04-14 23:01] - 0014336 ____N (Microsoft Corporation) 274E9C78C12EBF74DC56B2BF64312F34
 
C:\windows\system32\rpcss.dll
[2004-09-07 15:00] - [2009-02-09 13:52] - 0401408 ____N (Microsoft Corporation) B5F06957525D494D2C261B5739367524
 
C:\windows\system32\services.exe
[2008-05-09 11:57] - [2009-02-09 14:23] - 0111104 ____N (Microsoft Corporation) 2A0BB5C67281C423F8D7D6B7D79699AC
 
 
Extra List:
=======
Avgtdix(20) DigiNet(19) Gpc(3) IPSec(5) NetBT(6) pctgntdi(22) pctNdisMP(21) PSched(7) Tcpip(4) 
0x1700000005000000010000000200000003000000040000005A0000001600000014000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E0000000F0000001000000011000000120000001300000015000000
IpSec Tag value is correct.
 
**** End of log ****
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Download all of these reg files:

http://download.bleepingcomputer.com/win-services/xp/BITS.reg

http://download.bleepingcomputer.com/win-services/xp/LEGACY_BITS.reg

http://download.bleepingcomputer.com/win-services/xp/LEGACY_WUAUSERV.reg

http://download.bleepingcomputer.com/win-services/xp/LEGACY_WSCSVC.reg

http://download.bleepingcomputer.com/win-services/xp/LEGACY_SHAREDACCESS.reg

Then double click on each one and allow it to merge into the registry.

Reboot and run another FSS scan.

MrC

Link to post
Share on other sites
playloud

playloud

Posted
  • Author
Posted

Ok Mr C, did the scan, here's the log

 

 

Farbar Service Scanner Version: 28-08-2013
Ran by play loud (administrator) on 06-09-2013 at 11:14:15
Running from "C:\Documents and Settings\play loud\Επιφάνεια εργασίας"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.
 
sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".
 
 
System Restore Disabled Policy: 
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
File Check:
========
C:\windows\system32\dhcpcsvc.dll
[2008-05-09 11:57] - [2008-04-14 22:59] - 0128000 ____N (Microsoft Corporation) 94C7EE99425BC8342D2991A915D8A8A9
 
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll
[2004-09-07 15:00] - [2009-04-20 20:18] - 0046080 ____N (Microsoft Corporation) F99BE5941B69DC781C1C5A5D71280469
 
C:\windows\system32\ipnathlp.dll
[2004-09-07 15:00] - [2008-04-14 22:59] - 0335360 ____N (Microsoft Corporation) 522873DF0FFD34FB1A8AF7D7E276727E
 
C:\windows\system32\netman.dll
[2004-09-07 15:00] - [2008-04-14 22:59] - 0198144 ____N (Microsoft Corporation) A443996504A45CDF60CBA800DCB14420
 
C:\windows\system32\wbem\WMIsvc.dll
[2006-08-17 21:47] - [2008-04-14 23:00] - 0145408 ____N (Microsoft Corporation) 075EC50CA60F1B4EE576886BEF72AB21
 
C:\windows\system32\srsvc.dll
[2006-08-17 21:48] - [2008-04-14 23:00] - 0171520 ____N (Microsoft Corporation) BB9B6E360FF1A701A7920AA798A335BF
 
C:\windows\system32\Drivers\sr.sys
[2008-05-09 11:56] - [2008-04-14 22:32] - 0073472 ____N (Microsoft Corporation) A41AC0D87DC3054DB716F1456C84391C
 
C:\windows\system32\wscsvc.dll
[2004-09-07 15:00] - [2008-04-14 23:00] - 0080896 ____N (Microsoft Corporation) 1A5DDC44B0AB7C40C13796DB7DB82989
 
C:\windows\system32\wbem\WMIsvc.dll
[2006-08-17 21:47] - [2008-04-14 23:00] - 0145408 ____N (Microsoft Corporation) 075EC50CA60F1B4EE576886BEF72AB21
 
C:\windows\system32\wuauserv.dll
[2006-08-17 21:48] - [2008-04-14 23:00] - 0006656 ____N (Microsoft Corporation) 6F55057EE883AC1675F31242B6DD6EF3
 
C:\windows\system32\qmgr.dll
[2008-05-09 11:58] - [2008-04-14 22:59] - 0409088 ____N (Microsoft Corporation) ABDC5CF759C736DFBFEB031FDC01E303
 
C:\windows\system32\es.dll
[2004-09-07 15:00] - [2008-07-07 23:28] - 0253952 ____N (Microsoft Corporation) C35DF6D336EBCB2F5E8D817A531BA666
 
C:\windows\system32\cryptsvc.dll
[2004-09-07 15:00] - [2008-04-14 22:59] - 0062464 ____N (Microsoft Corporation) F50F73977012F0F5CF807451B79B6736
 
C:\windows\system32\svchost.exe
[2004-09-07 15:00] - [2008-04-14 23:01] - 0014336 ____N (Microsoft Corporation) 274E9C78C12EBF74DC56B2BF64312F34
 
C:\windows\system32\rpcss.dll
[2004-09-07 15:00] - [2009-02-09 13:52] - 0401408 ____N (Microsoft Corporation) B5F06957525D494D2C261B5739367524
 
C:\windows\system32\services.exe
[2008-05-09 11:57] - [2009-02-09 14:23] - 0111104 ____N (Microsoft Corporation) 2A0BB5C67281C423F8D7D6B7D79699AC
 
 
Extra List:
=======
Avgtdix(20) DigiNet(19) Gpc(3) IPSec(5) NetBT(6) pctgntdi(22) pctNdisMP(21) PSched(7) Tcpip(4) 
0x1700000005000000010000000200000003000000040000005A0000001600000014000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E0000000F0000001000000011000000120000001300000015000000
IpSec Tag value is correct.
 
**** End of log ****
Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.