Solved

XP Hangs on right click of Local Area Connection

Posted on 2013-12-08
18
1,120 Views
Last Modified: 2013-12-09
I have a PC that was infected with a trojan horse but I've now cleared the infection and all scans return clean.
I think a legacy of the infection maybe causing the problem I now have. When I right click on Local Area Connection in Network Connections it seems to hang the system for a few minutes. I can run other tasks but the network configuration seems to get stuck. Eventually it gives up and I get back control of the Network Connections but I'm unable to change any network settings.

The PC is running Windows XP Pro SP3 with all patches applied
0
Comment
Question by:ClintonK
  • 9
  • 8
18 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 39704167
Open a CMD prompt as admin and then run SFC /scannow. You may need the installation CD to successfully finish this. After that run your windowsupdates again.

Since this is XP, you should anyway start thinking of upgrading to Windows 7, as XP will be obsolete by June anyway.
0
 
LVL 62

Accepted Solution

by:
☠ MASQ ☠ earned 500 total points
ID: 39704174
In addition you might want to try this scanning tool which looks specifically at networking changes as the result of malware.

Download the .exe, run and check all the services (by default a scan of Internet services is selected only).  Then hit the "Scan" button. FSS will check if any of your stack files have been replaced.

If you need help with the results post a copy of the log file (generated in the same location as the .exe is launched from).
0
 

Author Comment

by:ClintonK
ID: 39704282
Thanks rindi. I ran SFC /scannow and all was clean.
I ran the FSS tool as MASQUERAID suggested and I believe it has found something which shows in the log here:

Farbar Service Scanner Version: 05-12-2013
Ran by Tim (administrator) on 08-12-2013 at 13:06:31
Running from "C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\UPBR0VMA"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt: "C:\DOCUME~1\ALLUSE~1\APPLIC~1\jailtijrwpbcouliqet.bfg".


Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt: "C:\DOCUME~1\ALLUSE~1\APPLIC~1\jailtijrwpbcouliqet.bfg".


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============
Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(10) Avgtdix(11) DNE(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B00000004000000010000000200000003000000090000000B000000050000000600000007000000080000000A000000
IpSec Tag value is correct.

**** End of log ****
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 39704331
Looks like your ipsec file was compromised by the infection.

Launch FSS again and type ipsec.sys in the search box then click on search files, this will check for ipsec versions on your PC.  Chances are there'll be a backup copy you can recover quickly.

Please post the output file.
0
 

Author Comment

by:ClintonK
ID: 39704365
Farbar Service Scanner Version: 05-12-2013
Ran by Tim (administrator) on 08-12-2013 at 16:13:12
 Service Pack 3 (X86)

************************************************
======== Search: "ipsec.sys" =========

C:\WINDOWS\system32\drivers\ipsec.sys
[2008-04-25 16:16] - [2008-04-14 12:00] - 0075264 ____A (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

C:\WINDOWS\system32\dllcache\ipsec.sys
[2008-04-25 16:16] - [2008-04-14 12:00] - 0075264 ___AC (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

====== End Of Search ======
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 39704367
My mistake ipsec looks fine.

Need to reset the entry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters

Change the value for ServiceDll to: %SystemRoot%\system32\wbem\WMIsvc.dll

Fix LEGACY_WSCSVC\0000 by cutting the following code into a text editor & saving as fixwscsvc.reg then run the file to repair your registry setting:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSCSVC]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSCSVC\0000]
"Service"="wscsvc"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000020
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="Security Center"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSCSVC\0000\Control]
"ActiveService"="wscsvc"

Open in new window


Can you then restart and post a fresh FSS log + if you're still getting a delay with the right click.  There may be some access permissions that have been changed too.
0
 

Author Comment

by:ClintonK
ID: 39704374
When I run the .reg I get
"Cannot import C:\fixwscsvc.reg. Error accessing the registry"
Using regedit I notice that HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSCSVC doesn't exist

I have HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WZCSVC
0
 

Author Comment

by:ClintonK
ID: 39704385
I've rebooted and I can now happily right click on the Local Area Connection to modify my network settings :-)
After a rerun of FSS I get the output:

Farbar Service Scanner Version: 05-12-2013
Ran by Tim (administrator) on 08-12-2013 at 16:37:25
Running from "C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\UPBR0VMA"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============
Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(10) Avgtdix(11) DNE(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B00000004000000010000000200000003000000090000000B000000050000000600000007000000080000000A000000
IpSec Tag value is correct.

**** End of log ****
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 39704405
In Regedit go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

Right-click on Root in the left pane and select Permissions.  Under Security select "Everyone" & put a check in the box "Allow" next to "Full Control".

Reboot

Try merging the registry Key again and then at a command prompt repair the PolicyAgent ipsec entry by typing (or copying):

REG add "HKLM\SYSTEM\CurrentControlSet\services\PolicyAgent" /v Start /t REG_DWORD /d 2 /f
0
 

Author Comment

by:ClintonK
ID: 39704419
.reg has run successfully now and also the "REG add...."  too.
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 39704467
Adding firewall settings next
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Open in new window


Then remove the Full Control option for Everyone (back to Read Only)

One more FSS log and (hopefully) we're done :)
0
 

Author Comment

by:ClintonK
ID: 39704471
Farbar Service Scanner Version: 05-12-2013
Ran by Tim (administrator) on 08-12-2013 at 18:09:26
Running from "C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\5R28GQVE"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to retrieve ImagePath of PolicyAgent. The value does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(10) Avgtdix(11) DNE(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B00000004000000010000000200000003000000090000000B000000050000000600000007000000080000000A000000
IpSec Tag value is correct.

**** End of log ****
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 39705441
Hmmm - was that after rebooting?
If so repair using the MS FixIt here
http://support.microsoft.com/kb/914230
0
 

Author Comment

by:ClintonK
ID: 39705626
Farbar Service Scanner Version: 05-12-2013
Ran by Tim (administrator) on 09-12-2013 at 09:33:51
Running from "C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\JY47KLD2"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to retrieve ImagePath of PolicyAgent. The value does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(10) Avgtdix(11) DNE(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B00000004000000010000000200000003000000090000000B000000050000000600000007000000080000000A000000
IpSec Tag value is correct.

**** End of log ****
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 39705765
& Finally ....

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6c,\
  00,73,00,61,00,73,00,73,00,2e,00,65,00,78,00,65,00,00,00
"DisplayName"="IPSEC Services"
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,54,00,63,00,70,00,\
  69,00,70,00,00,00,49,00,50,00,53,00,65,00,63,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"="Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver."
"PolstoreDllRegisterVersion"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
  02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Enum]
"0"="Root\\LEGACY_POLICYAGENT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Open in new window

0
 

Author Comment

by:ClintonK
ID: 39705795
Perfect!

Farbar Service Scanner Version: 05-12-2013
Ran by Tim (administrator) on 09-12-2013 at 11:01:32
Running from "C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\188SCMEM"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(10) Avgtdix(11) DNE(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B00000004000000010000000200000003000000090000000B000000050000000600000007000000080000000A000000
IpSec Tag value is correct.

**** End of log ****
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 39706319
Great - my work here is done :)
0
 

Author Closing Comment

by:ClintonK
ID: 39707102
That's absolutely brilliant Masqueraid. Thanks very much for all your assistance; I'm very impressed. How you know all that registry stuff amazes me.

Thanks again.
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ok I have been working on this for some time having learned and gained certification in XenDesktop 4 along came version 5 which was released last month. Since then I have been working to deploy XenDesktop 5 in a small environment with only 2 virt…
It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question