Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan horse Patched_c.lzi [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets run a quick check on the services, this programme will not install it just sits on the desktop

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

Advertisements


#17
csgecko99

csgecko99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Farbar Service Scanner Version: 26-07-2012
Ran by Ronnie (administrator) on 01-08-2012 at 18:05:37
Running from "C:\Users\Ronnie\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-06-23 13:12] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation)

C:\Windows\System32\drivers\afd.sys
[2012-02-15 12:51] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-12 11:38] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-14 18:48] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-06-23 13:12] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-06-23 13:11] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-06-23 13:13] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-06-23 13:11] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-06-23 13:12] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-06-23 13:13] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-06-23 13:12] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-12 20:17] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-06-23 13:13] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you download and install the latest version from here select this version Windows6.0-KB942288-v2-x64.msu
  • 0

#19
csgecko99

csgecko99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
It says: "You do not have permission to update windows. Please contact your system administrator."
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets reset the system using a repair tool

Download Windows Repair (all in one) from this site

Install the programme then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image
  • 0

#21
csgecko99

csgecko99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I ran this and tried to install the Windows Installer and still received the same error.
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets reregister the service

1. Click START
2. Type 'cmd' (without quotes). Right click the result (there should only be one)
and select 'Run as Administrator'

** Close out of any open programs before moving to the following steps

3. In command prompt, type 'msiexec /unregister' (without quotes and with a space between msiexec and /unregister)
4. Press enter
5. Type 'msiexec /regserver' (without quotes and with a space between msiexec and /regserver)
6. Press enter
7. Type 'net stop msiserver' (without quotes and with spaces between net and stop {and} stop and msiserver)
8. Press enter
9. Type 'net start msiserver' (without quotes and with spaces between net and start {and} stop and msiserver)

Then retry Java
  • 0

#23
csgecko99

csgecko99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
That seemed to have worked. Everything seems to be running smoothly.
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Glad to hear all is well :thumbsup:
  • 0

#25
csgecko99

csgecko99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Should I do any more final cleanup stuff?
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Delete FSS and the MSKB from the desktop and windows all in one can be uninstalled via the control panel

Enjoy
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP