Author Topic: Emails scanned???  (Read 31766 times)

0 Members and 1 Guest are viewing this topic.

Chunker

  • Guest
Re: Emails scanned???
« Reply #45 on: January 09, 2012, 10:07:43 PM »
Here it is Essexboy!  Hope it is what you wanted.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Emails scanned???
« Reply #46 on: January 09, 2012, 10:48:33 PM »
Farbar Service Scanner
Ran by Chunker (administrator) on 09-01-2012 at 15:06:18
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 18:09] - [2009-07-13 19:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll
[2009-07-13 18:09] - [2009-07-13 19:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Emails scanned???
« Reply #47 on: January 09, 2012, 10:51:33 PM »
OK I will need to find two replacement files before I can do the registry fix

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
mpssvc.*
bfe.*
/md5stop
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Chunker

  • Guest
Re: Emails scanned???
« Reply #48 on: January 09, 2012, 11:01:22 PM »
Ok, done, but it only posted one log.  Here it is.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Emails scanned???
« Reply #49 on: January 09, 2012, 11:34:47 PM »
OK the files report a good MD5

Download Chunker.zip from here http://www.mediafire.com/?h6cg5xilof9f4qk  to your desktop

Extract both registry files to your desktop
To extract just double click the folder and select from the options extract

Right click BFE.reg and select merge
Accept the warnings
Right click mpssvc.reg and select merge
Accept the warnings

Reboot and see if the windows security centre is back


Offline jadinolf

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1090
Re: Emails scanned???
« Reply #50 on: January 09, 2012, 11:45:48 PM »
YoKenny, if it will make you feel better, I may be an American now, but I was born in Winnipeg and migrated to the US in 1964.  So you and I are brothers of a sort!!!!!!!!!

And put that in your profile too Chunker. ;)
printed on 100% recycled bytes

Chunker

  • Guest
Re: Emails scanned???
« Reply #51 on: January 09, 2012, 11:59:45 PM »
Well Essexboy, I really appreciate all you're trying to do for me, but I'm sorry to say I see no real change from what I had before.  The first thing I checked is to see if the security center icon that gives me notifications for everything was on, and it is still grayed out, can't turn it on.  When I go into my control panel, I see only the windows update window and not the security center window that was previously the norm.  Since I have comodo running as my firewall, I didn't even try to turn on the firewall.  But I did try to turn on windows defender and that still won't start, I get an error message.  Then I turned off my avast.  I'd always get a security message notification that my firewall was disabled via a notification from that same icon.  No notification, no nothing.  I was crossing my fingers but that didn't even help.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Emails scanned???
« Reply #52 on: January 10, 2012, 12:07:46 AM »
Could you run Farbar again please


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Emails scanned???
« Reply #53 on: January 10, 2012, 12:08:49 AM »
Also could you go to administrative tools > servieces and check that both are running .. If not then start them

Chunker

  • Guest
Re: Emails scanned???
« Reply #54 on: January 10, 2012, 12:20:38 AM »
Ok, checked administrative tools and there are about 30 or so entries with over half of them running and the rest are manual.  Here is the log from farbar.

Chunker

  • Guest
Re: Emails scanned???
« Reply #55 on: January 10, 2012, 04:10:05 PM »
Well EB, I took a good look and I believe the Security Center is running.  The only thing is it's a little different than before.  But it still lists all the functions such as firewall and antivirus.  It tells me they are being protected by comodo and avast.  The same with spyware pretection.  That also shows comodo and avast.  I'm thinking that if I uninstalled avast and comodo, windows might allow me to turn on Windows Firewall and Windows Defender.  So as is it seems to be ok.  The only real problem I seem to still be having is the security icon that runs in the systray does not appear and is grayed out in the list and I can't turn it on.  Without that icon I can't get any security notifications and notifications of windows update.  If I could get that back I'd be more than happy!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Emails scanned???
« Reply #56 on: January 10, 2012, 09:50:55 PM »
Could you go back to services and ensure that the following are set to auto

MpsSvc
bfe (Base Filtering Engine) 


Under the View heading in service select customise
Ensure all boxes are ticked and OK out
Then as each service is selected on the right select more actions > Properties and ensure the start type is auto and start the service


Chunker

  • Guest
Re: Emails scanned???
« Reply #57 on: January 10, 2012, 10:35:54 PM »
MpsSvc
bfe (Base Filtering Engine) 

MpsSvc shows started and Base Filtering Engine shows Automatic but not started.  I tried to do a start on it and it wouldn't start

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Emails scanned???
« Reply #58 on: January 10, 2012, 10:55:39 PM »
Within the properties tab could you click on dependencies and take a quick screenshot of it


Chunker

  • Guest
Re: Emails scanned???
« Reply #59 on: January 10, 2012, 11:01:52 PM »
Here it is