My first time with Farbar...doesn't seem right to me...

Deek · Sep 12, 2013

I was just checking out what farbar does...I don't have any issues with my machine so this log doesn't seem right to me?? Can anyone comment?

Here is the log:

Code:

Farbar Service Scanner Version: 05-09-2013
Ran by deektribe (administrator) on 12-09-2013 at 15:01:23
Running from "D:\X_ProtectedStorage\MyDocuments\Downloads"
Microsoft(R) Windows(R) XP Professional x64 Edition Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************


Internet Services:
============


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


ATTENTION!=====> local policy on IP: 
Key: "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local"
Value: "ActivePolicy"
Data: "SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{0d4499e1-0025-48ea-950d-1fe0d84b2f05}"




Windows Firewall:
=============


Firewall Disabled Policy: 
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.




System Restore:
============


System Restore Disabled Policy: 
========================




Security Center:
============


wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.




Windows Update:
============


Windows Autoupdate Disabled Policy: 
============================




Other Services:
==============




File Check:
========
C:\WINDOWS\SysWOW64\dhcpcsvc.dll
[2009-09-01 08:46] - [2007-02-18 11:05] - 0117248 ____A (Microsoft Corporation) 1201DF9A11FBB0F69EBD22E503D3BC87




ATTENTION!=====> C:\Windows\System32\drivers\afd.sys FILE IS MISSING AND SHOULD BE RESTORED.




ATTENTION!=====> C:\WINDOWS\SysWOW64\Drivers\netbt.sys FILE IS MISSING AND SHOULD BE RESTORED.




ATTENTION!=====> C:\Windows\System32\Drivers\tcpip.sys FILE IS MISSING AND SHOULD BE RESTORED.




ATTENTION!=====> C:\WINDOWS\SysWOW64\Drivers\ipsec.sys FILE IS MISSING AND SHOULD BE RESTORED.




ATTENTION!=====> C:\Windows\System32\dnsrslvr.dll FILE IS MISSING AND SHOULD BE RESTORED.


C:\WINDOWS\SysWOW64\ipnathlp.dll
[2005-03-25 05:00] - [2007-02-18 11:05] - 0343552 ____A (Microsoft Corporation) 27C6B8C2AFED21C10429A56DB95735F6


C:\WINDOWS\SysWOW64\netman.dll
[2009-09-01 08:46] - [2007-02-18 11:05] - 0263680 ____A (Microsoft Corporation) 12BCFB57162AD17CEA545E362CD886A8




ATTENTION!=====> C:\WINDOWS\SysWOW64\wbem\WMIsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.




ATTENTION!=====> C:\WINDOWS\SysWOW64\srsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.




ATTENTION!=====> C:\WINDOWS\SysWOW64\Drivers\sr.sys FILE IS MISSING AND SHOULD BE RESTORED.




ATTENTION!=====> C:\Windows\System32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.




ATTENTION!=====> C:\Windows\System32\wbem\WMIsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.




ATTENTION!=====> C:\WINDOWS\SysWOW64\wuauserv.dll FILE IS MISSING AND SHOULD BE RESTORED.




ATTENTION!=====> C:\Windows\System32\qmgr.dll FILE IS MISSING AND SHOULD BE RESTORED.




ATTENTION!=====> C:\Windows\System32\es.dll FILE IS MISSING AND SHOULD BE RESTORED.




ATTENTION!=====> C:\Windows\System32\cryptsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.




ATTENTION!=====> C:\Windows\System32\svchost.exe FILE IS MISSING AND SHOULD BE RESTORED.




ATTENTION!=====> C:\Windows\System32\rpcss.dll FILE IS MISSING AND SHOULD BE RESTORED.




ATTENTION!=====> C:\WINDOWS\SysWOW64\services.exe FILE IS MISSING AND SHOULD BE RESTORED.




Extra List:
=======
aswTdi(16) Gpc(3) IPSec(5) NetBT(6) PSched(7) RFCOMM(14) Tcpip(4) 
0x15000000050000000100000002000000030000000400000010000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E0000000F0000001100000013000000140000001200000016000000
IpSec Tag value is correct.


**** End of log ****

jcgriff2 · Sep 12, 2013

Is it an x86 app? If so, it explains a lot!

Can you please provide a link to Farbar?

Deek · Sep 12, 2013

Link:

Farbar Service Scanner Download

It's the fss.exe farbar service scanner I see used around here all the time!

Will Watts · Sep 12, 2013

Hey Deek,

Code:

Microsoft(R) Windows(R) XP Professional x64 Edition Service Pack 2 (X64)

I can't say I've ever seen many x64 XP copies floating around. FSS has never been updated to include the x64 version of XP, as it was only created a few years ago. It was created primarily as a tool to help diagnose and repair internet connection issues caused by the ZeroAccess rootkit.

I can pass on your log to the author, but as x64 versions of XP are such rare occurrences these days it's unlikely to be updated to account for this.

jcgriff2 · Sep 12, 2013

Windows 8.1 Pro Preview x64 - build 9431

Code:

Farbar Service Scanner Version: 13-09-2013
Ran by jcgriff2 (administrator) on 12-09-2013 at 22:33:55
Running from "C:\Users\jcgriff2\Downloads"
Microsoft Windows 8.1 Pro Preview  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open SDRSVC registry key. The service key does not exist.


System Restore Disabled Policy: 
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll
[2013-06-15 23:17] - [2013-06-15 23:17] - 0028672 ____A (Microsoft Corporation) C19D60C8104EE5A86129078ED5AFCA95

C:\Windows\System32\drivers\nsiproxy.sys
[2013-06-15 23:17] - [2013-06-15 23:17] - 0040448 ____A (Microsoft Corporation) 8253448BE26096CD413E0F05CDE08DDF

C:\Windows\System32\dhcpcore.dll
[2013-06-15 18:57] - [2013-06-15 18:57] - 0346112 ____A (Microsoft Corporation) ABE8EB8397CF7FF6FB7F69660828E21E

C:\Windows\System32\drivers\afd.sys
[2013-06-15 23:17] - [2013-06-15 23:17] - 0565248 ____A (Microsoft Corporation) 14CDFA692B6147CBB4A496C536754791

C:\Windows\System32\drivers\tdx.sys
[2013-06-15 23:17] - [2013-06-15 23:17] - 0108032 ____A (Microsoft Corporation) 6F1FBE838430034D60080439091C7C8B

C:\Windows\System32\Drivers\tcpip.sys
[2013-06-15 23:17] - [2013-06-15 23:17] - 2366224 ____A (Microsoft Corporation) 3583E8BDABEA1CD81727E1CCCAE55FBA

C:\Windows\System32\dnsrslvr.dll
[2013-06-15 18:58] - [2013-06-15 18:58] - 0256512 ____A (Microsoft Corporation) 64CB0A845BF3EE8D57C73435ED7314BE

C:\Windows\System32\mpssvc.dll
[2013-06-15 18:20] - [2013-06-15 18:20] - 0873984 ____A (Microsoft Corporation) F353DFB05A00C293C2CD547C878215FE

C:\Windows\System32\bfe.dll
[2013-06-15 18:50] - [2013-06-15 18:50] - 0816128 ____A (Microsoft Corporation) 191BBCE9B9501B31DE6C83E9911233B6

C:\Windows\System32\drivers\mpsdrv.sys
[2013-06-15 20:32] - [2013-06-15 20:32] - 0073728 ____A (Microsoft Corporation) 45088E6982B123C2BDC8F5D7D0A98D9D


ATTENTION!=====> C:\Windows\System32\SDRSVC.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\Windows\System32\vssvc.exe
[2013-06-15 18:16] - [2013-06-15 18:16] - 1497088 ____A (Microsoft Corporation) 546AEC7299474C69C936554F888E5410

C:\Windows\System32\wscsvc.dll
[2013-06-15 18:11] - [2013-06-15 18:11] - 0128512 ____A (Microsoft Corporation) 4F99BB8B8785C0AAA88227931DA0646E

C:\Windows\System32\wbem\WMIsvc.dll
[2013-06-15 18:42] - [2013-06-15 18:42] - 0221184 ____A (Microsoft Corporation) 64B392C1275BD36ADDA34BDAE023215F

C:\Windows\System32\wuaueng.dll
[2013-06-15 18:03] - [2013-06-15 18:03] - 3416576 ____A (Microsoft Corporation) 7B478481A077259D985983051EF3C6AC

C:\Windows\System32\qmgr.dll
[2013-06-15 19:12] - [2013-06-15 19:12] - 0844288 ____A (Microsoft Corporation) BBD75C50935F7BC182213D9E00E59DBE

C:\Windows\System32\es.dll
[2013-06-15 18:35] - [2013-06-15 18:35] - 0475136 ____A (Microsoft Corporation) 02927ADA6439276DF23BF0D0B5052D4A

C:\Windows\System32\cryptsvc.dll
[2013-06-15 18:54] - [2013-06-15 18:54] - 0147968 ____A (Microsoft Corporation) 4067644422B0CE868B8F4902E4FDF78B

C:\Program Files\Windows Defender\MpSvc.dll
[2013-06-15 20:04] - [2013-06-15 20:04] - 1570816 ____A (Microsoft Corporation) 14959B7DBBE88D54E6275BDD01905541

C:\Program Files\Windows Defender\MsMpEng.exe
[2013-06-15 20:27] - [2013-06-15 22:18] - 0023840 ____A (Microsoft Corporation) C41C83E9C720D164A3E5152E1CF56101

C:\Windows\System32\ipnathlp.dll
[2013-06-15 18:30] - [2013-06-15 18:29] - 0433152 ____A (Microsoft Corporation) C004269B7268BC60FF31783F3E323D9F

C:\Windows\System32\iphlpsvc.dll
[2013-06-15 18:16] - [2013-06-15 18:16] - 0903168 ____A (Microsoft Corporation) A8EA8FF3F0CEE0DF7D3C73AB9A31E024

C:\Windows\System32\svchost.exe
[2013-06-15 18:48] - [2013-06-15 22:30] - 0037768 ____A (Microsoft Corporation) F7191317F1CD10F35DC74E24C1B71E06

C:\Windows\System32\rpcss.dll
[2013-06-15 18:44] - [2013-06-15 18:44] - 0755712 ____A (Microsoft Corporation) 0A5D7B49DDE56316CA11EA0FEDD364AD



**** End of log ****

Deek · Sep 13, 2013

ok, no worries...

I love XPx64...It's basically Server2003, it even uses the same service packs. For years I was not subject to rootkits and many virus's and It's stable as hell! I reboot only a couple times a year.

Drivers are problematic these days, but I still think it's the best OS M$ ever put out.

Search

Search

My first time with Farbar...doesn't seem right to me...

Deek

Well-known member

jcgriff2

Co-Founder/Admin
BSOD Expert (Ret.)
Microsoft MVP (Ret.)
PRIMARILY RETIRED

Deek

Well-known member

Will Watts

Senior Administrator, Security Analyst

jcgriff2

Co-Founder/Admin
BSOD Expert (Ret.)
Microsoft MVP (Ret.)
PRIMARILY RETIRED

Deek

Well-known member

My first time with Farbar...doesn't seem right to me...

Deek

Well-known member

jcgriff2

Co-Founder/AdminBSOD Expert (Ret.)Microsoft MVP (Ret.)PRIMARILY RETIRED

Deek

Well-known member

Will Watts

Senior Administrator, Security Analyst

jcgriff2

Co-Founder/AdminBSOD Expert (Ret.)Microsoft MVP (Ret.)PRIMARILY RETIRED

Deek

Well-known member

Co-Founder/Admin
BSOD Expert (Ret.)
Microsoft MVP (Ret.)
PRIMARILY RETIRED

Co-Founder/Admin
BSOD Expert (Ret.)
Microsoft MVP (Ret.)
PRIMARILY RETIRED