Avast WEBforum

Other => General Topics => Topic started by: Chunker on January 08, 2012, 05:18:23 PM

Title: Emails scanned???
Post by: Chunker on January 08, 2012, 05:18:23 PM
Why am I not seeing any indications of any emails being scanned by Avast?  I have email scanned turned on but when I click on mail shield it shows no activity whatsoever under shield traffic.  Also at the bottom nothing appears beside "last email scanned" or "last email infected".  I have no way of knowing if avast is actively scanning my emails.  Any help would be appreciated.
Title: Re: Emails scanned???
Post by: bob3160 on January 08, 2012, 05:20:48 PM
Outlook, Outlook Express, Windows Live Mail, etc. ???

Which one are you using ???
Title: Re: Emails scanned???
Post by: Chunker on January 08, 2012, 05:31:33 PM
My ISP provides Gmail as their mail program.  I download all my mail via Thunderbird using my gmail settings.  I also forgot to mention that on my Mail Shield page inside Avast it always shows E-mails scanned/infected as 0/0.
Title: Re: Emails scanned???
Post by: Pondus on January 08, 2012, 05:36:14 PM
Since it is deliverd by Gmail, then i guess you have SSL settings  ?
meaning if you want avast to scan the mail, you must remove the SSL settings from your mail client and let avast do the SSL connection

avast! 5.x: Some e-mails are not scanned by the Mail Shield
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=458



Some info: if you dont get it to work, you are still protected
Gmail protect all accounts with postini spam/virus filter using two AV engines from Authentium and McAfee
Title: Re: Emails scanned???
Post by: YoKenny on January 08, 2012, 05:42:25 PM
avast! 5.x: Some e-mails are not scanned by the Mail Shield
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=458
It is the same for avast! 6.0
Title: Re: Emails scanned???
Post by: Chunker on January 08, 2012, 05:45:28 PM
Yes, they are all encrypted as SSL.  If I understand your link properly Avast won't scan unless I change them to none?  Is this what I should do to have Avast scan my emails?  Would doing so stop my ability to receive my emails?  Just want to know as much as possible before I try your proposed solution.
Title: Re: Emails scanned???
Post by: YoKenny on January 08, 2012, 05:51:09 PM
As you now have 20 posts please go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.
Title: Re: Emails scanned???
Post by: bob3160 on January 08, 2012, 05:52:15 PM
As you now have 20 posts please go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.

I suggest he does that after he's solved his problem.  :)
Title: Re: Emails scanned???
Post by: Pondus on January 08, 2012, 05:52:44 PM
As you now have 20 posts please go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.

are you locked on to that signature nag again   ???
Title: Re: Emails scanned???
Post by: Pondus on January 08, 2012, 05:55:34 PM
Quote
If I understand your link properly Avast won't scan unless I change them to none?
correct....that is the point with SSL...it is a secure connection...cant be scanned

so if you want avast to scan, you dissable the SSL in your mail client and let avast take care of the SSL connection....so it will still be secure
it is all in the guide posted above
Title: Re: Emails scanned???
Post by: Chunker on January 08, 2012, 06:03:03 PM
Thank you, I'll give it a try and post how things turn out for me.  I also hope my profile update is what somebody wanted me to do?  Thanks again!
Title: Re: Emails scanned???
Post by: Pondus on January 08, 2012, 06:10:43 PM
Quote
I also hope my profile update is what somebody wanted me to do?
it is voluntary........but a demand from Kenny   ;D
Title: Re: Emails scanned???
Post by: Chunker on January 08, 2012, 06:17:47 PM
I just gave your fix a try and it seems to work perfectly.  I changed from SSL to none in my email client settings, then sent myself an emai with a small video attachment.  Now I see the email scanned information in Avast and the email did go out and did come in.  I thank all who responded to my question!
Title: Re: Emails scanned???
Post by: YoKenny on January 08, 2012, 06:20:45 PM
Quote
I also hope my profile update is what somebody wanted me to do?
it is voluntary........but a demand from Kenny   ;D
Its not a demand but it sure helps us avast! √úberevangelists help people to use avast! better.  ;)
Title: Re: Emails scanned???
Post by: Chunker on January 08, 2012, 06:32:21 PM
YoKenny, if it will make you feel better, I may be an American now, but I was born in Winnipeg and migrated to the US in 1964.  So you and I are brothers of a sort!!!!!!!!!
Title: Re: Emails scanned???
Post by: Pondus on January 08, 2012, 06:35:44 PM
I just gave your fix a try and it seems to work perfectly.  I changed from SSL to none in my email client settings, then sent myself an emai with a small video attachment.  Now I see the email scanned information in Avast and the email did go out and did come in.  I thank all who responded to my question!
congrats.....you now have trippel scanning of your mail  Authentium/McAfee/avast   that should be secure enough   ;D
Title: Re: Emails scanned???
Post by: YoKenny on January 08, 2012, 06:55:30 PM
YoKenny, if it will make you feel better, I may be an American now, but I was born in Winnipeg and migrated to the US in 1964.  So you and I are brothers of a sort!!!!!!!!!
In Canada Winnipeg is affectionaly known as Winterpeg  ;D

I worked in Raleigh N.C. for 2.5 years and hated to have to go back to Cold Canada EH!  :'(
Title: Re: Emails scanned???
Post by: Chunker on January 08, 2012, 07:34:53 PM
Well Pondus, my email will certainly be secure but now to figure how to protect myself from that dreadful Win 7 security 2012!!!!!!!!!!!!!!  I got hit with it a few weeks ago and it changed my system forever.  Of course I'm talking about losing my Windows Security Center.  Because of that I also lost my auto Windows Update feature, Windows Defender, and Windows Firewall.  I've had the virus removed and to compensate for my loses I have to manually look for windows update, installed Comodo for a firewall, and Superantispyware for a defender.  One more thing I did was to install Norton DNS.  That seems to work perfectly along with Avast.  Don't know what else I can do.  Just wish all the AV programs can get a handle on this monster.  I know quite a few people that have been plagued with it.  In my case Avast alerted me, but not until after it installed itself and caused irrevocable damage. :'( :'( 
Title: Re: Emails scanned???
Post by: bob3160 on January 08, 2012, 07:40:42 PM
@Chunker,
No Security program will ever be able to protect you or me 100%.
One of the reasons why regular image backups are essential.
Unless you have one available to install which was made prior to the infection,
a fresh installation is about the only option.
Title: Re: Emails scanned???
Post by: Pondus on January 08, 2012, 07:44:54 PM
Quote
Well Pondus, my email will certainly be secure but now to figure how to protect myself from that dreadful Win 7 security 2012
I recomend Malwarebytes PRO
then you get a protection module, IP block (that David does not like) and auto update

a one time fee for a lifetime license   http://www.malwarebytes.org/




Remove Win 7 Security 2012 (Uninstall Guide)
Automated Removal Instructions for Win 7 Security 2012 using Malwarebytes' Anti-Malware:
http://www.bleepingcomputer.com/virus-removal/remove-win-7-security-2012



Quote
.....and caused irrevocable damage
then i recomend you let Essexboy have a look inside.....and fix it

Title: Re: Emails scanned???
Post by: YoKenny on January 08, 2012, 07:49:28 PM
Quote
Well Pondus, my email will certainly be secure but now to figure how to protect myself from that dreadful Win 7 security 2012
I recomend Malwarebytes PRO
then you get a protection module, IP block (that David does not like) and auto update

a one time fee for a lifetime license
I like Malwarebytes PRO and I do like IP block that I refer to many times.

I have two licenses. 
One for each system I own.
Title: Re: Emails scanned???
Post by: essexboy on January 08, 2012, 07:56:06 PM
Are you still having problems with the system ?

If so what areas
Title: Re: Emails scanned???
Post by: Chunker on January 08, 2012, 08:36:46 PM
My system is clean now (I had the virus professionally removed) but I still have lost those functions that I mentioned.  I do have a complete system backup on an external drive that I could run but that would entail one heck of a lot of work to get all my programs, changes, and functions restored to what I have now.  The experts who cleaned and fixed my system installed and used SuperAntiSpyware.  I downloaded and tried Malwarebites, but decided to stay with the SAS that they installed.  I don't run it real time so as to not conflict with Avast.  The Norton DNS is a cloud service and causes no problems.  That virus is so quick, it installs in the blink of an eye.  From what I've read via Google, it's running out of control.  This was the very first virus I've been hit with in over 15 years of computing.
Title: Re: Emails scanned???
Post by: Pondus on January 08, 2012, 08:44:48 PM
Quote
The Norton DNS is a cloud service and causes no problems.
I use openDNS

Quote
I downloaded and tried Malwarebites, but decided to stay with the SAS that they installed.  I don't run it real time so as to not conflict with Avast.
It does not conflict with avast......but Malwarebytes is better  ;)


Quote
My system is clean now (I had the virus professionally removed) but I still have lost those functions that I mentioned.
Strange....if it was a pro doing it?

see Essexboys guide here   http://forum.avast.com/index.php?topic=53253.0
to avoid multiple post with copy and paste, attach the OTL log so Essexboy can have a look inside

Title: Re: Emails scanned???
Post by: Chunker on January 08, 2012, 09:18:51 PM
Thank you Pondus, I'm going to take a long look at Malwarebytes per your suggestion.  I wasn't sure if it could be run in real time and not conflict with Avast.  I thought the same with SAS.  I took a look at that information link for sending a log to Essexboy but believe me it is way too complicated for this guy!  Funny but when you first mentioned essexboy, the first thing that popped into my head was "I've never heard of that program before, maybe I should Google and take a look at it?"  I think I'll just keep running as is.  I believe my system is one heck of a lot safer now than it was before.  Comodo seems to be a better firewall than the windows built in version.  The only thing I really miss is the windows security icon in the systray that alerted me to windows updates and other notifications such as turning off my antivirus program.  It is grayed out now and I can't get it to turn on.  That virus destroyed the system security center.  When I had it, I could do nothing, not even open notepad.  Since you have inferred running Malwarebytes in real time would not conflict with Avast, I will more than likely give it a try.  Thanks so much! 
Title: Re: Emails scanned???
Post by: Pondus on January 08, 2012, 09:23:30 PM
Quote
I took a look at that information link for sending a log to Essexboy but believe me it is way too complicated for this guy
not complicated...you click the red OTL in the guide and download the program, save to desktop and scan
then attach the log here....just follow the instructions


how to attach, se lower left corner - additional options > attach



Quote
The only thing I really miss is the windows security icon in the systray that alerted me to windows updates and other notifications such as turning off my antivirus program.
This is bc the malware turned that off....
Title: Re: Emails scanned???
Post by: ady4um on January 08, 2012, 09:24:39 PM
I just gave your fix a try and it seems to work perfectly.  I changed from SSL to none in my email client settings, then sent myself an emai with a small video attachment.  Now I see the email scanned information in Avast and the email did go out and did come in.  I thank all who responded to my question!

I know you are talking about something else now, but just to be clear I'd like to point out that you say:

- now email client is not configured to use SSL;
- now avast says it is scanning emails.

What you didn't mention (but I guess you did anyway) is that you actually configured avast *with* SSL now (which was not configured as such before).

Sorry for the interruption. Please continue.
Title: Re: Emails scanned???
Post by: Chunker on January 08, 2012, 09:41:39 PM
Sorry Ady4um, I guess I'm almost as confused as your are!  My Thunderbird mail program downloads my ISP Gmail account.  All my Thunderbird settings were SSL.  That is why Avast wasn't scanning my emails and I showed no email activity.  Now that I've changed those setting to None, Avast is now showing email activity.  What bothers me still is that when I go into the Avast mail shield/expert settings/SSL accounts, it lists about 20 different email servers including gmail with SSL turned on.  Guess I'm scared to touch any of those accounts listed.  I never built them, I'm guessing Avast built them in there when I installed the program?
Title: Re: Emails scanned???
Post by: ady4um on January 08, 2012, 09:52:08 PM
Sorry Ady4um, I guess I'm almost as confused as your are!  My Thunderbird mail program downloads my ISP Gmail account.  All my Thunderbird settings were SSL.  That is why Avast wasn't scanning my emails and I showed no email activity.  Now that I've changed those setting to None, Avast is now showing email activity.  What bothers me still is that when I go into the Avast mail shield/expert settings/SSL accounts, it lists about 20 different email servers including gmail with SSL turned on.  Guess I'm scared to touch any of those accounts listed.  I never built them, I'm guessing Avast built them in there when I installed the program?

OK, now that you actually wrote it, it is clear to me that avast is indeed configured for SSL with your gmail account and that your email is working correctly, together with avast scanning it. Please continue with your logs for Pondus and Essexboy.
Title: Re: Emails scanned???
Post by: essexboy on January 08, 2012, 10:01:36 PM
Hi there lets take it one stage at a time then

Download OTL (http://oldtimer.geekstogo.com/OTL.exe)  to your Desktop

.
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bfe /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpssvc /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mscsvc /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT

.
Title: Re: Emails scanned???
Post by: Chunker on January 08, 2012, 10:05:00 PM
Well, I think I'm done.  I've read and reread that link and it is still way too confusing for me.  It's not just download and run a scan and attach a log file.  There are about 10 black screens that make absolutely no sense.  Plus whatever to type in before the scan out of 20 or so lines?? I know very well that virus turned off my windows notification icon.  Microsoft can't even tell me how to turn it back on.  All they say is to do a complete system restore.  
Title: Re: Emails scanned???
Post by: Pondus on January 08, 2012, 10:23:43 PM
sounds like you are still infected   ???


when you have downloaded OTL to your desktop, you click the OTL icon to run it, and this it what you see...click the attached screen shot to enlarge

at the lower section you see a green line where it say "Custom Scan/Fix"  belowe that line you copy and paste in this


COPY AND PASTE WHT YOU SEE BELOW____________





netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bfe /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpssvc /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mscsvc /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT






COPY AND PASE WHAT YOU SEE ABOVE_____________


Then you click the pink quick scan button you see at the top

Title: Re: Emails scanned???
Post by: Chunker on January 08, 2012, 10:24:50 PM
Ok, I tried exactly what your said in your step by step instructions.  I have the two logs and will post them here.  Hope this is what you wanted to look at?  Thank you for being so patient with me.

Title: Re: Emails scanned???
Post by: Pondus on January 08, 2012, 10:29:16 PM
Perfect    ;)   no Essexboy will do the rest
Title: Re: Emails scanned???
Post by: Chunker on January 08, 2012, 10:33:03 PM
Oh no, don't say I might be still infested???  I've run avast many times, I've run Superantispyware and I've also ran Malwarebytes.  All show no infestations.  Plus all my programs work now, where not one worked before.  I have both my browsers taking me where I want to go, not where the virus wanted me to go.  It seems all I might have are some bad registry entries left behind.  I also run CCleaner and keep everything cleaned up.  Please don't say I'm still infected.  Now I won't sleep tonight!!!!!!!!!!!
Title: Re: Emails scanned???
Post by: bob3160 on January 08, 2012, 10:39:45 PM
Semper fidelis.  :) Rest easy.
If there is a problem, you're now at least in good hands an,
these hands really care and don't cost anything.  :)

Title: Re: Emails scanned???
Post by: Chunker on January 08, 2012, 10:41:11 PM
Pardon me but I have to say a couple of things.  For Pondus, I live in a part of the US that has very large Scandinavian roots, especially with that of Norway.  In fact your King and Queen were here visiting just a short time ago.  My wife is also a quarter Norwegian.  During Christmas we always enjoy Norwegian holiday favorites and don't even ask me to try and spell their names here!  And for Essexboy, "Long Live Oasis!"  I love English rock and have all the way back to the early 60's. I'm starting to feel better now!
Title: Re: Emails scanned???
Post by: essexboy on January 08, 2012, 11:34:50 PM
Hi OK as suspected the 3 registry keys that control that part of your system are missing

Quote
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bfe /s >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpssvc /s >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mscsvc /s >

I will remove the remaining malware and construct some registry fixes

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
Once you have done this I will then give you the registry fixes.. As I have a 64bit win 7 I will export them from my registry
Title: Re: Emails scanned???
Post by: Chunker on January 08, 2012, 11:59:17 PM
Sorry Essexboy but I don't think your instructions worked for me?  I mean things didn't go as you had laid out.  It seemed that everything hung up and I ended up powering down my pc to get anything to work.  I did as you said, pasted your entries in and hit the fix button.  It ran about a minute then just seized up.  I now have two shortcut to desktop.ini files on my desktop.  I also have a desktop.ini  a cmd.txt and a cmd.bat file where the OTL is located.  Kind of lost what to do now?  Don't know what file you want me to post here and if they are good files or not?
Title: Re: Emails scanned???
Post by: Chunker on January 09, 2012, 12:02:09 AM
I rechecked and the two on the desktop are not shortcuts but actually .ini files but look to be grayed out?  Plus they are off two different sizes.
Title: Re: Emails scanned???
Post by: Chunker on January 09, 2012, 12:09:15 AM
Also forgot to mention that because of the freezing I haven't done the rerun of the OTL yet and I believe that is what you wanted me to post???  Don't know if I should do that or not suspecting that the fix run didn't complete properly??
Title: Re: Emails scanned???
Post by: Chunker on January 09, 2012, 12:25:13 AM
I'm sitting here wondering if I should delete all the files from my last attempt and try the entire fix process once again?
Title: Re: Emails scanned???
Post by: Pondus on January 09, 2012, 12:27:57 AM
Also forgot to mention that because of the freezing I haven't done the rerun of the OTL yet and I believe that is what you wanted me to post???  Don't know if I should do that or not suspecting that the fix run didn't complete properly??
I was probably hanging on "empty temp"

but you can do the rerun and attach the new log


Essexboy is on UK time and have logged out for today....but he will be back tommorow and continue   ;)
Title: Re: Emails scanned???
Post by: Chunker on January 09, 2012, 01:03:53 AM
Thank you Pondus for making me aware of that.  I just completed the new run and will attach the new file to this post.  This time there was only one file created, the OTL.txt file and no extras.txt file as in the first quick scan.  I also realize something that I had mentioned in my earlier posts about 2 .ini files on the desktop.  It seems that running the fix scan in OTL changes the view option to view all files and not hide system and hidden files.  Once I put the view back to hide, they are no longer visible.  They must be files that have always been there.  I still have the three files created by the aborted fix scan that somebody might want, but won't post them until asked for.  Thanks so much!
Title: Re: Emails scanned???
Post by: essexboy on January 09, 2012, 09:46:25 PM
Just to confirm that I am repairing the correct entries could you do the following please

run farbar service scanner (http://download.bleepingcomputer.com/farbar/FSS.exe)

(http://i1238.photobucket.com/albums/ff484/CompCav/Farbarservicesinternetticked-2.jpg)
Tick "Internet services" and "Windows Firewall" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
Title: Re: Emails scanned???
Post by: Chunker on January 09, 2012, 10:07:43 PM
Here it is Essexboy!  Hope it is what you wanted.
Title: Re: Emails scanned???
Post by: essexboy on January 09, 2012, 10:48:33 PM
Farbar Service Scanner
Ran by Chunker (administrator) on 09-01-2012 at 15:06:18
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 18:09] - [2009-07-13 19:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll
[2009-07-13 18:09] - [2009-07-13 19:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
Title: Re: Emails scanned???
Post by: essexboy on January 09, 2012, 10:51:33 PM
OK I will need to find two replacement files before I can do the registry fix

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
mpssvc.*
bfe.*
/md5stop
CREATERESTOREPOINT

Title: Re: Emails scanned???
Post by: Chunker on January 09, 2012, 11:01:22 PM
Ok, done, but it only posted one log.  Here it is.
Title: Re: Emails scanned???
Post by: essexboy on January 09, 2012, 11:34:47 PM
OK the files report a good MD5

Download Chunker.zip from here  http://www.mediafire.com/?h6cg5xilof9f4qk   (http://www.mediafire.com/?h6cg5xilof9f4qk)to your desktop

Extract both registry files to your desktop
To extract just double click the folder and select from the options extract

Right click BFE.reg and select merge
Accept the warnings
Right click mpssvc.reg and select merge
Accept the warnings

Reboot and see if the windows security centre is back

Title: Re: Emails scanned???
Post by: jadinolf on January 09, 2012, 11:45:48 PM
YoKenny, if it will make you feel better, I may be an American now, but I was born in Winnipeg and migrated to the US in 1964.  So you and I are brothers of a sort!!!!!!!!!

And put that in your profile too Chunker. ;)
Title: Re: Emails scanned???
Post by: Chunker on January 09, 2012, 11:59:45 PM
Well Essexboy, I really appreciate all you're trying to do for me, but I'm sorry to say I see no real change from what I had before.  The first thing I checked is to see if the security center icon that gives me notifications for everything was on, and it is still grayed out, can't turn it on.  When I go into my control panel, I see only the windows update window and not the security center window that was previously the norm.  Since I have comodo running as my firewall, I didn't even try to turn on the firewall.  But I did try to turn on windows defender and that still won't start, I get an error message.  Then I turned off my avast.  I'd always get a security message notification that my firewall was disabled via a notification from that same icon.  No notification, no nothing.  I was crossing my fingers but that didn't even help.
Title: Re: Emails scanned???
Post by: essexboy on January 10, 2012, 12:07:46 AM
Could you run Farbar again please

Title: Re: Emails scanned???
Post by: essexboy on January 10, 2012, 12:08:49 AM
Also could you go to administrative tools > servieces and check that both are running .. If not then start them
Title: Re: Emails scanned???
Post by: Chunker on January 10, 2012, 12:20:38 AM
Ok, checked administrative tools and there are about 30 or so entries with over half of them running and the rest are manual.  Here is the log from farbar.
Title: Re: Emails scanned???
Post by: Chunker on January 10, 2012, 04:10:05 PM
Well EB, I took a good look and I believe the Security Center is running.  The only thing is it's a little different than before.  But it still lists all the functions such as firewall and antivirus.  It tells me they are being protected by comodo and avast.  The same with spyware pretection.  That also shows comodo and avast.  I'm thinking that if I uninstalled avast and comodo, windows might allow me to turn on Windows Firewall and Windows Defender.  So as is it seems to be ok.  The only real problem I seem to still be having is the security icon that runs in the systray does not appear and is grayed out in the list and I can't turn it on.  Without that icon I can't get any security notifications and notifications of windows update.  If I could get that back I'd be more than happy!
Title: Re: Emails scanned???
Post by: essexboy on January 10, 2012, 09:50:55 PM
Could you go back to services and ensure that the following are set to auto

MpsSvc
bfe (Base Filtering Engine) 


Under the View heading in service select customise
Ensure all boxes are ticked and OK out
Then as each service is selected on the right select more actions > Properties and ensure the start type is auto and start the service

Title: Re: Emails scanned???
Post by: Chunker on January 10, 2012, 10:35:54 PM
MpsSvc
bfe (Base Filtering Engine) 

MpsSvc shows started and Base Filtering Engine shows Automatic but not started.  I tried to do a start on it and it wouldn't start
Title: Re: Emails scanned???
Post by: essexboy on January 10, 2012, 10:55:39 PM
Within the properties tab could you click on dependencies and take a quick screenshot of it

Title: Re: Emails scanned???
Post by: Chunker on January 10, 2012, 11:01:52 PM
Here it is
Title: Re: Emails scanned???
Post by: essexboy on January 10, 2012, 11:13:54 PM
Could you confirm the the RPC service is running and set to auto please
Title: Re: Emails scanned???
Post by: Chunker on January 10, 2012, 11:15:31 PM
I already checked in admin services and both of those two dependencies that I seem to be missing show automatic and started.
Title: Re: Emails scanned???
Post by: essexboy on January 10, 2012, 11:28:39 PM
Could you update windows please and then let me know what problems remain
Title: Re: Emails scanned???
Post by: Chunker on January 10, 2012, 11:33:40 PM
By updating windows, I show no windows updates.  All I can do is a reboot.  Will do that and post back the results.
Title: Re: Emails scanned???
Post by: Chunker on January 11, 2012, 12:13:26 AM
Ok, you knew there were updates as I don't get notifications.  I had checked earlier today and there were none.  But with you alert, I checked and there were 4.  Did those and after a reboot, there was another.  Did that one, and then another reboot.  Then I checked an the same problem exists.  The security center icon is still grayed out.  I also went ahead and took a look at the properties that I had checked earlier, and now there are no dependencies listed at all.  I think maybe it is no sense kicking a dead horse.  My pc is running fine.  The only thing I'm really missing is the auto notifications of windows updates.  I feel more secure with comodo as a firewall over Windows firewall.  That and avast should keep me safe.  I'm also running Norton DNS and I have SuperAntiSpyware.  I'm going to purchase and run in real time Malwarebytes instead.  I know you have tried your hardest but I think this would be the most logical thing to do.  I also have an image that I can go back to that was saved on an external drive about 9 weeks before I became infected.  I shouldn't lose too much doing that but I feel confident in staying where I am along with the change in malware detection.  This has taken a heck of a lot of time for me and you which I really appreciate.  If you have any other advice please feel free to let me know!

Wayne  :-)
Title: Re: Emails scanned???
Post by: essexboy on January 11, 2012, 10:05:58 PM
It just so happens that there is one final registry fix that may cure that

Go to my malware files here https://skydrive.live.com/?cid=32D8666F4048075B&id=32D8666F4048075B%21117
Near the bottom is a zip file wscsvc(64)
Download to your desktop
Extract the reg file to your desktop
Right click the reg file and select Merge
Accept the warnings and reboot

Is it working now ?
Title: Re: Emails scanned???
Post by: Chunker on January 11, 2012, 10:48:45 PM
Went ahead and did what you said.  After reboot, nothing has changed at all.  The service center icon is still grayed out, can't start either firewall or defender.  Still no icon in the tray to give me any notifications.  Looks like that didn't do anything at all.
Title: Re: Emails scanned???
Post by: essexboy on January 11, 2012, 11:06:35 PM
Grrr could you download and install the MSFixit centre from here http://fileforum.betanews.com/detail/Microsoft-Fix-it-Center/1271432341/1
This will give you a vast range of MS tools

Select the ones relevant to updates and security... I would recommend that you retain this programme as it is very usefull
Title: Re: Emails scanned???
Post by: Chunker on January 11, 2012, 11:42:43 PM
Downloaded it, installed it, and ran for all security center issues.  Some of them said it fixed something but the log didn't show what?  The only one that really failed was the firewall one.  It said it couldn't fix.  It also mentioned to uninstall my comodo and then to try and run the fix again.  I checked and the security center icon is still grayed out and I think that is the real source of my trouble.  If I could get that back on somehow???  I guess this tool didn't really do anything either.  But I am saving the tool on my pc and will try it again when something needs looking at.  Thank you!  An hey, no more grrrrs!  Laugh!  If anybody should be grrrring it is me.  Today I went and preplanned and prepayed for 2 funerals!  Hope my kids appreciate it????
Title: Re: Emails scanned???
Post by: essexboy on January 11, 2012, 11:44:25 PM
Lets run farbar and see what we get - this tool is getting a lot of use lately

run farbar service scanner (http://"http://download.bleepingcomputer.com/farbar/FSS.exe")

(http://i1238.photobucket.com/albums/ff484/CompCav/Farbarservicesinternetticked-2.jpg)
Tick "Internet services" and "Windows Firewall" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
Title: Re: Emails scanned???
Post by: Chunker on January 11, 2012, 11:50:19 PM
Ok, here is the log.
Title: Re: Emails scanned???
Post by: essexboy on January 12, 2012, 09:18:51 PM
Could you go Start > run and type in the following please

sfc /scannow

This will check the veracity of your files
Title: Re: Emails scanned???
Post by: Chunker on January 13, 2012, 12:33:07 AM
Ok, I gave it a try.  The search finds it but when I right click and pick run as administrator, it seems to run for about 1 second or so and then shuts down with no report or any log.
Title: Re: Emails scanned???
Post by: essexboy on January 13, 2012, 08:49:15 PM
OK bear with me I am installing XP on a VM at the moment - So I am playing with the wrong system  ;D

Meanwhile lets see if you have a replacement file on your system
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
wscsvc.*
/md5stop


Then press quickscan and attach the log
Title: Re: Emails scanned???
Post by: Chunker on January 13, 2012, 10:19:43 PM
Here it is attached.  Just to let you know I'm now running with Windows Firewall.  Did an online port check and it says 100 percent stealth.  It came on after I uninstalled comodo.  So that seems to work fine.  Right now I'm running Avast, Windows Firewall, Malwarebytes Pro-real time, and also Norton DNS.  The only thing that I seem to be missing is the action center icon.  It is still grayed out and I can't get it on.  I found a site with a reg fix to turn it on, but that didn't work even after a reboot.  I'm assuming that virus stopped that service so I wouldn't get notifications from windows that something was going on.  But how they did it and where they did it is the big question??  Otherwise I'm running a lot safer than I ever was.  Oh yea, almost forgot.  I've also turned on Windows UAC to the highest level.
Title: Re: Emails scanned???
Post by: Chunker on January 13, 2012, 10:29:22 PM
Here's a screenshot of what I'm referring to.  The bottom two used to be active but not since the virus.  I don't care about the power one, but the action center one is critical to receive messages from windows on.  It always loaded when windows started on a delayed load.
Title: Re: Emails scanned???
Post by: essexboy on January 13, 2012, 10:49:40 PM
OK run OTL

In the custom scans and fixes box copy/paste the following

:Files
C:\Windows\System32\wscsvc.dll|C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_767435e5cb9af730\wscsvc.dll /replace


Then press run fix

Then go to my site https://skydrive.live.com/?cid=32d8666f4048075b&id=32D8666F4048075B%21117

And download the clear-notification-items.vbs
To your desktop
Double click the file and accept the warnings

What this will do is clear all the notification area
then as programmes are used they will repopulate
Title: Re: Emails scanned???
Post by: Pondus on January 13, 2012, 10:50:45 PM
Just some info. You say You did run a port scan.......if You are behind a ruter with a firewall or your ISP supplied box has a firewall, then it is that firewall You are testing.  ;)
Title: Re: Emails scanned???
Post by: bob3160 on January 13, 2012, 11:00:44 PM
If what essexboy suggested doesn't work, what happens if you restore the default settings ???
Will that allow you to again make your custom changes ???
Also, remove the lock taskbar till you're satisfied with all your changes.
Title: Re: Emails scanned???
Post by: ady4um on January 13, 2012, 11:11:01 PM
As suggested (if what essexboy posted is not enough), I would also suggest:
1_UNlock taskbar.
2_Restore default icons.
3_Reboot.
4_Review the start up type services again.
Title: Re: Emails scanned???
Post by: Chunker on January 13, 2012, 11:13:07 PM
Gonna run and what EB mentioned.  Before I do that, Bob, I wish it were that simple.  That does nothing in that window but goes back and changes all the personal notification choices that I've made for all those running.  And Pondus, don't understand what you're trying to say???  I did a firewall scan online and it shows all ports running in stealth, the same thing I had using comodo.  So, now with comodo gone, I'm assuming my windows firewall in running properly.  Back shortly!
Title: Re: Emails scanned???
Post by: Pondus on January 13, 2012, 11:39:50 PM
When You run a port scan, it is the frist firewall that is tested........mening if you have a router and or a ISP box with a firewall than it was that firewall You tested.......and not your Windows firewalll.  You Can test this by turning off the win firewall and run the test, if You still get same result, then You are behind a firewall.
OBS  You should still keep winfirewall on  ;)
Title: Re: Emails scanned???
Post by: Chunker on January 13, 2012, 11:40:56 PM
Ok, that doesn't work either.  Believe me I've done over a thousand suggested fixes during the last 3 weeks.  Everything seems to be ok but the except for the problem with the Action Center icon.  If you Google that phrase, you'll see thousands have the same problem I have and they all relate to the same virus.  Nobody can recommend a simple fix, only to restore to an earlier system image.  I've also flushed and reflushed my notifications icon area about a hundred times.  Yes, they all go away and reappear when they start.  But only those that are turned on.  That will only flush those that are in the running and active screen which is previous to the screen I took a screen shot of.  It's awful hard to work with somebody and try to post and have others jumping in.  I appreciate all the attempts to help me but I'm at the end of my rope on this.  I just wanna call it good and go on from here.  It's only gonna cost me a couple of extra minutes a day to do a manual windows update.  I'm much better protected now than I was 3 weeks ago.  It's because of this board that I implemented every one of the changes I've made and I truly appreciate all that was done for me.
Title: Re: Emails scanned???
Post by: Chunker on January 13, 2012, 11:48:33 PM
I have no router, no firewalled isp box.  Nothing but windows firewall running.  I turned it off and took the test.  Everything that was stealth now shows closed.  Put it back on and everything changes to stealth.
Title: Re: Emails scanned???
Post by: essexboy on January 13, 2012, 11:54:30 PM
The firewall is not to bad on Vista/7 so I would not be to concerned

I think we have now changed, fixed and jumped up and down on all possible elements.  If you have windows updates set to automatic then it will download them for you and notify you when they are ready to install

As it stands it is not a security loophole in your system, just an embuggerance

 
Title: Re: Emails scanned???
Post by: Pondus on January 13, 2012, 11:59:58 PM
If it say closed.....then you are behind a firewall
Title: Re: Emails scanned???
Post by: ady4um on January 14, 2012, 10:29:55 AM
Registry keys to "enable" Action Center in Windows Seven.

1_UNlock taskbar.
2_Restore default icons.
3_Merge the following registry key (you may want to backup the registry first or take a restore point just in case, as a general recommendation)

Code: [Select]
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"HideSCAHealth"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"HideSCAHealth"=-

4_Reboot.

5_ Your previous status for the Action Center was grayed out (not selectable). Now (after the above steps) you should review if the icon for Action Center can be re-enabled again in the properties. If it can, then select it, save changes and review the results in the tray area.

Please report back.
Title: Re: Emails scanned???
Post by: Chunker on January 14, 2012, 04:26:22 PM
Thank you for your suggestion.  I did exactly what you suggested and exactly as you laid it all out.  Sorry to say, this did not work either.  They two are still grayed out and I'm unable to select them.  Guess I'm going to have to live with it.