Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Action Center missing in "action"


  • This topic is locked This topic is locked
34 replies to this topic

#1 barryace

barryace

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southwestern Wisconsin
  • Local time:02:43 AM

Posted 13 January 2013 - 05:39 PM

Last week I found my way here from answers.microsoft.com...cant-turn-on-action-center after unsatisfactory dealings with Dell and McAfee. At least I didn't have to pay McAfee NOT to solve my problem. Many hours and days later, first a thank you to all on this site who posted on the topic in mid-December and whose counsel was invaluable to me watching from the sidelines. That's now a closed forum and I need a little more help.

So far I've followed all of the good advice, ten steps worth, and removed Win32/Sirefef!cfg and Win 32/Sirefef.P along with a Rogue rootkit virus and minor mal/adware. My computer is running faster and better than it has in a long time. The only lingering problem is that I cannot recover Action Center which has been replaced by an also inop WSCS, neither of which can be turned back on again by any of many methods I've tried including turning System Restore off then on again and other fixes, none of which have solved this problem.

I have a line of code copied to my desktop to install in the Registry but I'm uncomfortable doing it (as it's well beyond my experience). That code to be saved in Notepad and merged with the .reg extension is: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}] "AutoStart"="" The explanation is that doing this will restore Action Center and all will be well! I've also read that a repair reinstall might be warranted. At this point five long days into the problem, I'm brain dead and need sound advice. I know from searching that this is not a new problem nor a rare one. Rather than trial and error on my part that might make things worse, what can you recommend that actually works to get Action Center back and running normally again?

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 AM

Posted 14 January 2013 - 11:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

If your .reg file is the same as the text in bold AND that your Operaring system is Window 7 the you can execute it.

For windows 7 ONLY.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
"AutoStart"=""


And reboot normally.
The Action Center icon can reappear with a delay. One user reported that after first reboot it took around 4 minutes to show the icon and unblock the options. We can confirm this behaviour.
===

Take this opportunity to run these two tools.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search for AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Post the logs for my review.

#3 barryace

barryace
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southwestern Wisconsin
  • Local time:02:43 AM

Posted 15 January 2013 - 01:57 AM

Thank you, Nasdaq, for such a quick contact; I didn't expect that! FYI: I'm running Win7x64 and your text for the reg edit does match what I found, but I have not taken that step. If you think that's the eventual right step, please be aware that I've never done a registry edit and would very much appreciate a handhold on it. So thank you very much and here goes:

For your review #1:
Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spyder3Pro
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 10
Java version out of Date!
Adobe Reader 10.1.5 Adobe Reader out of Date!
Mozilla Firefox (9.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

And #2:
# AdwCleaner v2.105 - Logfile created 01/15/2013 at 00:42:04
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : New - STUDIO-XPS
# Boot Mode : Normal
# Running from : C:\Users\New\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v9.0.1 (en-US)

File : C:\Users\New\AppData\Roaming\Mozilla\Firefox\Profiles\2ccucvfn.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [664 octets] - [15/01/2013 00:42:04]

########## EOF - C:\AdwCleaner[R1].txt - [723 octets] ##########

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 AM

Posted 15 January 2013 - 11:49 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java 7 Update 10


p.s. Update 11 came out a few days ago.

Java 7 update 10 introduced important new security controls
You can read about it here.
http://nakedsecurity.sophos.com/2012/12/19/java-7-update-10-introduces-important-new-security-controls/
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

FYI: I'm running Win7x64 and your text for the reg edit does match what I found, but I have not taken that step. If you think that's the eventual right step, please be aware that I've never done a registry edit and would very much appreciate a handhold on it.


That fix was suggested by a Microsoft MVP (Most Valuable Player.) I'm confident.

Right click on the .reg file and select merge to the registry.

This will not take very long.

Restart the computer normally.

Let me know if the problem is solved.

Edited by nasdaq, 15 January 2013 - 11:50 AM.


#5 barryace

barryace
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southwestern Wisconsin
  • Local time:02:43 AM

Posted 15 January 2013 - 01:44 PM

I had new versions of Java and Reader on Tuesday of this week; as Security Checkup 317 and you noted, they were already outdated. I now have Java 7.11 and Reader XI.

As for the regedit, yes, the line of code did come from a Microsoft MVP. I've just worked my way from a paste into Notepad then Save As with .reg extension, then merge, etc. with a confirmation. I'm about to reboot and will let you know how it goes.

#6 barryace

barryace
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southwestern Wisconsin
  • Local time:02:43 AM

Posted 15 January 2013 - 02:38 PM

Okay there's good progress. On the success side:
  • Registry edit worked to restore Action Center and its flag to the taskbar
  • Action Center Maintenance items and messages are working and accurately reflect what I see elsewhere

Yesterday I tried a manual backup; actually two separate but sequential ones. It worked to the second onboard harddrive, but failed to the external WDMB. I scanned that drive with all of the various anti-virus, anti-malware software during the repair of the rest of my system, and also ran onboard and Western Digital tests of its integrity. Everything passed. So this is still a problem. After I send this, I'll try changing to a custom one (rather than Windows default) of only the Users files and a system image and let you know what happens on this point later .

On the question mark side of things:
  • Windows Security Center Service (Important) says "The Windows Security Center service is turned off."
  • When I click Turn on now, I get, "The Windows Security Center service can't be started."

I read that Windows Security Center prior to Win7 was its own program but that in Win7 it's integrated within Action Center. So okay, I see the WSCS with the condition as quoted above and I cannot turn it back on.

Thank you so much for everything you've done so far. I saw the PayPal link on the original (now closed) forum where I began and assume there will also be one for me once this is resolved and finished. Getting close B) !

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 AM

Posted 16 January 2013 - 09:18 AM

Lets check on the security center and other services.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

The PayPal button was from an other helper.
I do not have it. My services are free.

#8 barryace

barryace
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southwestern Wisconsin
  • Local time:02:43 AM

Posted 16 January 2013 - 09:57 AM

Farbar Service Scanner Version: 16-01-2013
Ran by New (administrator) on 16-01-2013 at 08:51:08
Running from "C:\Users\New\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================

Nasdaq, I've been telling everyone how impressed I am with bleepingcomputer.com for knowledge, courtesy, and helpfulness. As you are the "face" of BC to me, that compliment is yours. I understand the motivation as it fuels a part of my life as well. I want you to know I've come further much faster for your help (and that of the first forum question/answer) than I could have done on my own.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 AM

Posted 16 January 2013 - 11:37 AM

Please print these instructions for your reference.


Please download Seven.zip file from here: http://www.smartestc...y-network-keys/
Unzip the file to a temporary folder your desktop.

These files will be extracted:
afd.reg
bit.reg
bfe.reg
mpssvc.reg
nsiproxy.reg
sdrsvc.reg
tdx.reg
wscsvc.reg
windefend.reg
wuauserv.reg

legacy_afd.reg
legacy_bfe.reg
Legacy_bit.reg
legacy_mpssvc.reg
legacy_nsiproxy.reg
legacy_sdrsvc.reg
legacy_tdx.reg
Legacy_windefend.reg
legacy_wscsvc.reg
legacy_wuauserv.reg

start_services.bat


Double-click each one of the 4 .reg files listed below in turn and click Yes to add it to the Registry

mpssvc.reg
bfe.reg
legacy_mpssvc.reg
legacy_bfe.reg


Allow registry merge.
When the 4 file have been executed.

Restart computer.

===

Click Start and in "Search Box" type in:
regedit
Press Enter.

Registry editor will open.
Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
Right click on BFE key, click "Permissions"
Click on Add button, type Everyone and click OK.
Now click once on Everyone
Below, in "Permissions" pane checkmark "Allow" in "Full control" row.
Click "Apply" then "OK".

Close regedit and go back to your Desktop find start_services.bat Right click on it, click "Run As Administrator" to run the fix. Agree any alerts, then re-boot.

===

Note: Ignore this error:
"Cannot import C:\...\Desktop\Legacy_xxx.reg:
Not all data was successfully written to the registry. Some keys are open by the system or other processes."
Just continue executing the remaining .reg files.


Run the Farbar Service Scanner tool again and post a fresh Log.

Let me know what problem persists.

#10 barryace

barryace
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southwestern Wisconsin
  • Local time:02:43 AM

Posted 16 January 2013 - 11:56 AM

I had no problem adding mpssvc.reg and bfe.reg. Error Accessing the registry: Cannot import when trying to add legacy_mpssvc.reg and legacy_bfe.reg. I didn't go further until checking with you.

#11 barryace

barryace
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southwestern Wisconsin
  • Local time:02:43 AM

Posted 16 January 2013 - 12:27 PM

I thought more about this and that perhaps the two legacy .reg files could be added after rebooting. That didn't work, but I did run FSS again with the following results:

Farbar Service Scanner Version: 16-01-2013
Ran by New (administrator) on 16-01-2013 at 11:20:09
Running from "C:\Users\New\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 AM

Posted 16 January 2013 - 02:04 PM

I want you to run these 4 files as you did the others.

Double-click each one of the 4 .reg files listed below in turn and click Yes to add it to the Registry

wscsvc.reg
windefend.reg
legacy_wscsvc.reg
Legacy_windefend.reg

Allow registry merge.
When the 4 file have been executed.

Restart computer.

===

Click Start and in "Search Box" type in:
regedit
Press Enter.

Note: Ignore this error:
"Cannot import C:\...\Desktop\Legacy_xxx.reg:
Not all data was successfully written to the registry. Some keys are open by the system or other processes."
Just continue executing the remaining .reg files.

Run the Farbar Service Scanner tool again and post a fresh Log.

p.s.
No need to run the start_services.bat this time.

After the restart please run the Farbar Service Scanner and post a fresh log.

Let me know also if you were able to create a System Restore point as suggested on my previous post.

Let me know what problem persists.

#13 barryace

barryace
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southwestern Wisconsin
  • Local time:02:43 AM

Posted 16 January 2013 - 04:13 PM

Yes, I was able to create a system restore point on both of my protected drives. And I now have a new files backup (Users) but without the system image. Action Center is present but under the Security section of AC the WSCSVC doesn't show as it did earlier today. I need to leave my desk for a couple of hours and when I return I'll do some checking of service functions, etc. and then report back on any persistent problems that remain. Thanks so much! Here's the newest FSS scan:

Farbar Service Scanner Version: 16-01-2013
Ran by New (administrator) on 16-01-2013 at 14:50:23
Running from "C:\Users\New\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:43 AM

Posted 17 January 2013 - 09:36 AM

For Windows 7 owners only.

Download and run these SharedAccess.reg and iphlpsvc.reg files from this site.

http://download.bleepingcomputer.com/win-services/7/

Merge the file to the registry.

Restart the computer when done.

Post a fresh Farbar Service Scanner log for my review.

===

#15 barryace

barryace
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southwestern Wisconsin
  • Local time:02:43 AM

Posted 17 January 2013 - 10:11 AM

I have to take care of a family thing this morning and will return after noon. Here's the latest service scan. We're getting there . . . I am so appreciative of your help.

Farbar Service Scanner Version: 16-01-2013
Ran by New (administrator) on 17-01-2013 at 09:03:54
Running from "C:\Users\New\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users