[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

XP Hangs on right click of Local Area Connection

Posted on 2013-12-08
18
Medium Priority
?
1,144 Views
Last Modified: 2013-12-09
I have a PC that was infected with a trojan horse but I've now cleared the infection and all scans return clean.
I think a legacy of the infection maybe causing the problem I now have. When I right click on Local Area Connection in Network Connections it seems to hang the system for a few minutes. I can run other tasks but the network configuration seems to get stuck. Eventually it gives up and I get back control of the Network Connections but I'm unable to change any network settings.

The PC is running Windows XP Pro SP3 with all patches applied
0
Comment
Question by:ClintonK
  • 9
  • 8
18 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 39704167
Open a CMD prompt as admin and then run SFC /scannow. You may need the installation CD to successfully finish this. After that run your windowsupdates again.

Since this is XP, you should anyway start thinking of upgrading to Windows 7, as XP will be obsolete by June anyway.
0
 
LVL 63

Accepted Solution

by:
☠ MASQ ☠ earned 2000 total points
ID: 39704174
In addition you might want to try this scanning tool which looks specifically at networking changes as the result of malware.

Download the .exe, run and check all the services (by default a scan of Internet services is selected only).  Then hit the "Scan" button. FSS will check if any of your stack files have been replaced.

If you need help with the results post a copy of the log file (generated in the same location as the .exe is launched from).
0
 

Author Comment

by:ClintonK
ID: 39704282
Thanks rindi. I ran SFC /scannow and all was clean.
I ran the FSS tool as MASQUERAID suggested and I believe it has found something which shows in the log here:

Farbar Service Scanner Version: 05-12-2013
Ran by Tim (administrator) on 08-12-2013 at 13:06:31
Running from "C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\UPBR0VMA"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt: "C:\DOCUME~1\ALLUSE~1\APPLIC~1\jailtijrwpbcouliqet.bfg".


Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt: "C:\DOCUME~1\ALLUSE~1\APPLIC~1\jailtijrwpbcouliqet.bfg".


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============
Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(10) Avgtdix(11) DNE(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B00000004000000010000000200000003000000090000000B000000050000000600000007000000080000000A000000
IpSec Tag value is correct.

**** End of log ****
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 39704331
Looks like your ipsec file was compromised by the infection.

Launch FSS again and type ipsec.sys in the search box then click on search files, this will check for ipsec versions on your PC.  Chances are there'll be a backup copy you can recover quickly.

Please post the output file.
0
 

Author Comment

by:ClintonK
ID: 39704365
Farbar Service Scanner Version: 05-12-2013
Ran by Tim (administrator) on 08-12-2013 at 16:13:12
 Service Pack 3 (X86)

************************************************
======== Search: "ipsec.sys" =========

C:\WINDOWS\system32\drivers\ipsec.sys
[2008-04-25 16:16] - [2008-04-14 12:00] - 0075264 ____A (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

C:\WINDOWS\system32\dllcache\ipsec.sys
[2008-04-25 16:16] - [2008-04-14 12:00] - 0075264 ___AC (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

====== End Of Search ======
0
 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 39704367
My mistake ipsec looks fine.

Need to reset the entry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters

Change the value for ServiceDll to: %SystemRoot%\system32\wbem\WMIsvc.dll

Fix LEGACY_WSCSVC\0000 by cutting the following code into a text editor & saving as fixwscsvc.reg then run the file to repair your registry setting:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSCSVC]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSCSVC\0000]
"Service"="wscsvc"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000020
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="Security Center"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSCSVC\0000\Control]
"ActiveService"="wscsvc"

Open in new window


Can you then restart and post a fresh FSS log + if you're still getting a delay with the right click.  There may be some access permissions that have been changed too.
0
 

Author Comment

by:ClintonK
ID: 39704374
When I run the .reg I get
"Cannot import C:\fixwscsvc.reg. Error accessing the registry"
Using regedit I notice that HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSCSVC doesn't exist

I have HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WZCSVC
0
 

Author Comment

by:ClintonK
ID: 39704385
I've rebooted and I can now happily right click on the Local Area Connection to modify my network settings :-)
After a rerun of FSS I get the output:

Farbar Service Scanner Version: 05-12-2013
Ran by Tim (administrator) on 08-12-2013 at 16:37:25
Running from "C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\UPBR0VMA"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============
Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(10) Avgtdix(11) DNE(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B00000004000000010000000200000003000000090000000B000000050000000600000007000000080000000A000000
IpSec Tag value is correct.

**** End of log ****
0
 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 39704405
In Regedit go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

Right-click on Root in the left pane and select Permissions.  Under Security select "Everyone" & put a check in the box "Allow" next to "Full Control".

Reboot

Try merging the registry Key again and then at a command prompt repair the PolicyAgent ipsec entry by typing (or copying):

REG add "HKLM\SYSTEM\CurrentControlSet\services\PolicyAgent" /v Start /t REG_DWORD /d 2 /f
0
 

Author Comment

by:ClintonK
ID: 39704419
.reg has run successfully now and also the "REG add...."  too.
0
 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 39704467
Adding firewall settings next
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Open in new window


Then remove the Full Control option for Everyone (back to Read Only)

One more FSS log and (hopefully) we're done :)
0
 

Author Comment

by:ClintonK
ID: 39704471
Farbar Service Scanner Version: 05-12-2013
Ran by Tim (administrator) on 08-12-2013 at 18:09:26
Running from "C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\5R28GQVE"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to retrieve ImagePath of PolicyAgent. The value does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(10) Avgtdix(11) DNE(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B00000004000000010000000200000003000000090000000B000000050000000600000007000000080000000A000000
IpSec Tag value is correct.

**** End of log ****
0
 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 39705441
Hmmm - was that after rebooting?
If so repair using the MS FixIt here
http://support.microsoft.com/kb/914230
0
 

Author Comment

by:ClintonK
ID: 39705626
Farbar Service Scanner Version: 05-12-2013
Ran by Tim (administrator) on 09-12-2013 at 09:33:51
Running from "C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\JY47KLD2"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to retrieve ImagePath of PolicyAgent. The value does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(10) Avgtdix(11) DNE(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B00000004000000010000000200000003000000090000000B000000050000000600000007000000080000000A000000
IpSec Tag value is correct.

**** End of log ****
0
 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 39705765
& Finally ....

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6c,\
  00,73,00,61,00,73,00,73,00,2e,00,65,00,78,00,65,00,00,00
"DisplayName"="IPSEC Services"
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,54,00,63,00,70,00,\
  69,00,70,00,00,00,49,00,50,00,53,00,65,00,63,00,00,00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"="Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver."
"PolstoreDllRegisterVersion"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
  05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
  02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Enum]
"0"="Root\\LEGACY_POLICYAGENT\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Open in new window

0
 

Author Comment

by:ClintonK
ID: 39705795
Perfect!

Farbar Service Scanner Version: 05-12-2013
Ran by Tim (administrator) on 09-12-2013 at 11:01:32
Running from "C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\188SCMEM"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(10) Avgtdix(11) DNE(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B00000004000000010000000200000003000000090000000B000000050000000600000007000000080000000A000000
IpSec Tag value is correct.

**** End of log ****
0
 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 39706319
Great - my work here is done :)
0
 

Author Closing Comment

by:ClintonK
ID: 39707102
That's absolutely brilliant Masqueraid. Thanks very much for all your assistance; I'm very impressed. How you know all that registry stuff amazes me.

Thanks again.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you build your web application in Visual Studio you'll get at least a few binaries, or .DLL, files in your bin folder. However, there is more compiling to be done. Normally this would happen when an ASP.NET resource within the web site is request…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question