run farbar service scanner
Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Trojan horse Patched_c.lzi [Solved]
Started by
csgecko99
, Jul 28 2012 09:19 AM
-
This topic is locked
#16
Posted 01 August 2012 - 11:25 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
run farbar service scanner
Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
#17
Posted 01 August 2012 - 04:15 PM
csgecko99
- Topic Starter
-
- Member
-
- 25 posts
Member
Farbar Service Scanner Version: 26-07-2012
Ran by Ronnie (administrator) on 01-08-2012 at 18:05:37
Running from "C:\Users\Ronnie\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-06-23 13:12] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation)
C:\Windows\System32\drivers\afd.sys
[2012-02-15 12:51] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-12 11:38] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E
C:\Windows\System32\dnsrslvr.dll
[2011-04-14 18:48] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0
C:\Windows\System32\mpssvc.dll
[2009-06-23 13:12] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C
C:\Windows\System32\bfe.dll
[2009-06-23 13:11] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-06-23 13:13] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1
C:\Windows\System32\wscsvc.dll
[2009-06-23 13:11] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A
C:\Windows\System32\wbem\WMIsvc.dll
[2009-06-23 13:12] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-06-23 13:13] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C
C:\Windows\System32\es.dll
[2009-06-23 13:12] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF
C:\Windows\System32\cryptsvc.dll
[2012-06-12 20:17] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-06-23 13:13] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF
**** End of log ****
Ran by Ronnie (administrator) on 01-08-2012 at 18:05:37
Running from "C:\Users\Ronnie\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-06-23 13:12] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation)
C:\Windows\System32\drivers\afd.sys
[2012-02-15 12:51] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-12 11:38] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E
C:\Windows\System32\dnsrslvr.dll
[2011-04-14 18:48] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0
C:\Windows\System32\mpssvc.dll
[2009-06-23 13:12] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C
C:\Windows\System32\bfe.dll
[2009-06-23 13:11] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-06-23 13:13] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1
C:\Windows\System32\wscsvc.dll
[2009-06-23 13:11] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A
C:\Windows\System32\wbem\WMIsvc.dll
[2009-06-23 13:12] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-06-23 13:13] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C
C:\Windows\System32\es.dll
[2009-06-23 13:12] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF
C:\Windows\System32\cryptsvc.dll
[2012-06-12 20:17] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-06-23 13:13] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF
**** End of log ****
#19
Posted 06 August 2012 - 06:13 PM
csgecko99
- Topic Starter
-
- Member
-
- 25 posts
Member
It says: "You do not have permission to update windows. Please contact your system administrator."
#20
Posted 07 August 2012 - 07:21 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK lets reset the system using a repair tool
Download Windows Repair (all in one) from this site
Install the programme then run
Go to step 3 and allow it to run SFC
On the start repairs tab click start
Select the following items and tick restart system when finished
Download Windows Repair (all in one) from this site
Install the programme then run
Go to step 3 and allow it to run SFC
On the start repairs tab click start
Select the following items and tick restart system when finished
#21
Posted 08 August 2012 - 05:32 PM
csgecko99
- Topic Starter
-
- Member
-
- 25 posts
Member
I ran this and tried to install the Windows Installer and still received the same error.
#22
Posted 09 August 2012 - 06:53 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK lets reregister the service
1. Click START
2. Type 'cmd' (without quotes). Right click the result (there should only be one)
and select 'Run as Administrator'
** Close out of any open programs before moving to the following steps
3. In command prompt, type 'msiexec /unregister' (without quotes and with a space between msiexec and /unregister)
4. Press enter
5. Type 'msiexec /regserver' (without quotes and with a space between msiexec and /regserver)
6. Press enter
7. Type 'net stop msiserver' (without quotes and with spaces between net and stop {and} stop and msiserver)
8. Press enter
9. Type 'net start msiserver' (without quotes and with spaces between net and start {and} stop and msiserver)
Then retry Java
1. Click START
2. Type 'cmd' (without quotes). Right click the result (there should only be one)
and select 'Run as Administrator'
** Close out of any open programs before moving to the following steps
3. In command prompt, type 'msiexec /unregister' (without quotes and with a space between msiexec and /unregister)
4. Press enter
5. Type 'msiexec /regserver' (without quotes and with a space between msiexec and /regserver)
6. Press enter
7. Type 'net stop msiserver' (without quotes and with spaces between net and stop {and} stop and msiserver)
8. Press enter
9. Type 'net start msiserver' (without quotes and with spaces between net and start {and} stop and msiserver)
Then retry Java
#23
Posted 12 August 2012 - 03:46 PM
csgecko99
- Topic Starter
-
- Member
-
- 25 posts
Member
That seemed to have worked. Everything seems to be running smoothly.
#24
Posted 12 August 2012 - 04:12 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Glad to hear all is well 
#25
Posted 13 August 2012 - 05:51 PM
csgecko99
- Topic Starter
-
- Member
-
- 25 posts
Member
Should I do any more final cleanup stuff?
#26
Posted 14 August 2012 - 07:04 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Delete FSS and the MSKB from the desktop and windows all in one can be uninstalled via the control panel
Enjoy
Enjoy
#27
Posted 16 August 2012 - 07:31 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
