Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registry Modified?


  • Please log in to reply
31 replies to this topic

#1 seethis

seethis

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 13 February 2013 - 11:02 AM

I get this error when trying to install legacy_mpssvc.reg: Cannot import C:\Users\Me\AppData\Local\Opera\Opera\temporary_downloads\Vista\legacy_mpssvc.reg:Error accessing the registry. Same thing with legacy_bfe.reg.

 

I was referred to this forum section by nasdaq, who helped me get rid of a virus I had. http://www.bleepingcomputer.com/forums/t/478950/system-restore-error-windows-firewall-error-and-a-bunch-of-viruses/page-5

 

Here is my SystemLook log:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 16:55 on 11/02/2013 by me
Administrator - Elevation successful

========== filefind ==========

Searching for "Regedit.exe"
C:\Windows\regedit.exe --a---- 161792 bytes [02:49 21/01/2008] [02:49 21/01/2008] 5DFBCE56E689D90AE9E2FB278F80058E
C:\Windows\erdnt\cache86\regedit.exe --a---- 161792 bytes [01:00 18/12/2012] [02:49 21/01/2008] 5DFBCE56E689D90AE9E2FB278F80058E
C:\Windows\SysWOW64\regedit.exe --a---- 134656 bytes [02:50 21/01/2008] [02:50 21/01/2008] 467A3B03E924B7B7EDD16D34740574B0
C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe --a---- 161792 bytes [02:49 21/01/2008] [02:49 21/01/2008] 5DFBCE56E689D90AE9E2FB278F80058E
C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe --a---- 134656 bytes [02:50 21/01/2008] [02:50 21/01/2008] 467A3B03E924B7B7EDD16D34740574B0

========== regfind ==========

Searching for "Regedit"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"e"="regedit\1"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\regedit.exe,-309"="Registration Entries"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\regedit.exe,-309"="Registration Entries"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\regedit.exe"="Registry Editor"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\regedit.exe,-310"="Mer&ge"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\SysWOW64\regedit.exe"="Registry Editor"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\system32\regedit.exe"="Registry Editor"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\regedit.exe,-309"="Registration Entries"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\regedit.exe"="Registry Editor"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\regedit.exe,-310"="Mer&ge"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\SysWOW64\regedit.exe"="Registry Editor"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\system32\regedit.exe"="Registry Editor"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_6.0.6000.16386_en-us_37b6b0a05ec4786b]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_da39838351bd8072]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_6.0.6001.18000_en-us_39ed729c5baf893f]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_6.0.6001.18000_fr-fr_dc70457f4ea89146]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_server-help-chm.regedit32_31bf3856ad364e35_6.0.6000.16386_none_20b13ade3955ae9e]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_0028c5a9\ComponentFamilies\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_en-us_65fa9fff12669a5f]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_0028c5a9\ComponentFamilies\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_fr-fr_9374298d304aeed0]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_0028c5a9\ComponentFamilies\amd64_server-help-chm.regedit32_31bf3856ad364e35_none_fad80a8ea4c83f04]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_en-us_65fa9fff12669a5f]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_fr-fr_9374298d304aeed0]
[HKEY_LOCAL_MACHINE\COMPONENTS\Winners\amd64_server-help-chm.regedit32_31bf3856ad364e35_none_fad80a8ea4c83f04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\regedit.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regedit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regedit\shell\open\command]
@="regedit.exe %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile]
"FriendlyTypeName"="@%SystemRoot%\regedit.exe,-309"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\DefaultIcon]
@="%SystemRoot%\regedit.exe,1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open]
"MUIVerb"="@%SystemRoot%\regedit.exe,-310"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\regfile\shell\open\command]
@="regedit.exe "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Applications\regedit.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\regedit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\regedit\shell\open\command]
@="regedit.exe %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\regfile]
"FriendlyTypeName"="@%SystemRoot%\regedit.exe,-309"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\regfile\DefaultIcon]
@="%SystemRoot%\regedit.exe,1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\regfile\shell\open]
"MUIVerb"="@%SystemRoot%\regedit.exe,-310"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\regfile\shell\open\command]
@="regedit.exe "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_0.0.0.0_en-us_5dc76849a3d9c575]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_0.0.0.0_fr-fr_004a3b2c96d2cd7c]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_6.0.6000.16386_en-us_37b6b0a05ec4786b]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_da39838351bd8072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_6.0.6001.18000_en-us_39ed729c5baf893f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_6.0.6001.18000_fr-fr_dc70457f4ea89146]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\amd64_server-help-chm.regedit32_31bf3856ad364e35_6.0.6000.16386_none_20b13ade3955ae9e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_0028c5a9\ComponentFamilies\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_en-us_65fa9fff12669a5f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_0028c5a9\ComponentFamilies\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_fr-fr_9374298d304aeed0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_0028c5a9\ComponentFamilies\amd64_server-help-chm.regedit32_31bf3856ad364e35_none_fad80a8ea4c83f04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_en-us_65fa9fff12669a5f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_server-help-chm.regedit32.resources_31bf3856ad364e35_fr-fr_9374298d304aeed0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_server-help-chm.regedit32_31bf3856ad364e35_none_fad80a8ea4c83f04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Applications\regedit.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\regedit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\regedit\shell\open\command]
@="regedit.exe %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\regfile]
"FriendlyTypeName"="@%SystemRoot%\regedit.exe,-309"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\regfile\DefaultIcon]
@="%SystemRoot%\regedit.exe,1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\regfile\shell\open]
"MUIVerb"="@%SystemRoot%\regedit.exe,-310"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\regfile\shell\open\command]
@="regedit.exe "%1""
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\regedit.exe,-309"="Registration Entries"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"e"="regedit\1"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\regedit.exe,-309"="Registration Entries"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\regedit.exe,-309"="Registration Entries"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\regedit.exe"="Registry Editor"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\regedit.exe,-310"="Mer&ge"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\SysWOW64\regedit.exe"="Registry Editor"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\system32\regedit.exe"="Registry Editor"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\regedit.exe,-309"="Registration Entries"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\regedit.exe"="Registry Editor"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\regedit.exe,-310"="Mer&ge"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\SysWOW64\regedit.exe"="Registry Editor"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\system32\regedit.exe"="Registry Editor"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\regedit.exe,-309"="Registration Entries"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\regedit.exe"="Registry Editor"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\regedit.exe,-310"="Mer&ge"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\SysWOW64\regedit.exe"="Registry Editor"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\system32\regedit.exe"="Registry Editor"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\regedit.exe,-309"="Registration Entries"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\regedit.exe"="Registry Editor"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\regedit.exe,-310"="Mer&ge"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\SysWOW64\regedit.exe"="Registry Editor"
[HKEY_USERS\S-1-5-21-679880683-153750638-2589842705-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\system32\regedit.exe"="Registry Editor"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\Shell\MuiCache]
"@C:\Windows\regedit.exe,-309"="Registration Entries"

-= EOF =-



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:22 PM

Posted 13 February 2013 - 11:14 AM

Lets fix them one by one

 

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 



#3 seethis

seethis
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 13 February 2013 - 04:15 PM

Farbar Service Scanner Version: 30-01-2013



Ran by me (administrator) on 13-02-2013 at 12:39:34



 

Running from "C:\Users\me\Desktop"



Windows Vista ™ Home Premium Service Pack 2 (X64)



Boot Mode: Normal



****************************************************************



 



Internet Services:



============



 



Connection Status:



==============



Localhost is accessible.



LAN connected.



Attempt to access Google IP returned error. Google IP is offline



Google.com is accessible.



Yahoo IP is accessible.



Yahoo.com is accessible.



 



 



Windows Firewall:



=============



mpsdrv Service is not running. Checking service configuration:



The start type of mpsdrv service is OK.



The ImagePath of mpsdrv service is OK.



 



MpsSvc Service is not running. Checking service configuration:



The start type of MpsSvc service is OK.



The ImagePath of MpsSvc service is OK.



The ServiceDll of MpsSvc service is OK.



Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open
LEGACY_MpsSvc\0000 registry key. The key does not exist.



 



bfe Service is not running. Checking service configuration:



The start type of bfe service is OK.



The ImagePath of bfe service is OK.



The ServiceDll of bfe service is OK.



Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000
registry key. The key does not exist.



 



 



Firewall Disabled Policy:



==================



 



 



System Restore:



============



 



System Restore Disabled Policy:



========================



 



 



Security Center:



============



 



Windows Update:



============



 



Windows Autoupdate Disabled Policy:



============================



 



 



Windows Defender:



==============



 



Other Services:



==============



 



 



File Check:



========



C:\Windows\System32\nsisvc.dll => MD5 is legit



C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit



C:\Windows\System32\dhcpcsvc.dll



[2009-09-23 21:53] - [2009-04-10 23:11] - 0268288 ____A (Microsoft
Corporation) 3ED0321127CE70ACDAABBF77E157C2A7



 



C:\Windows\System32\drivers\afd.sys



[2012-02-15 08:29] - [2012-01-03 06:25] - 0404992 ____A (Microsoft
Corporation) C4F6CE6087760AD70960C9EB130E7943



 



C:\Windows\System32\drivers\tdx.sys => MD5 is legit



C:\Windows\System32\Drivers\tcpip.sys



[2012-05-16 13:50] - [2012-03-30 04:45] - 1423744 ____A (Microsoft
Corporation) 46D448E9117464E4D3BBF36D7E3FA48E



 



C:\Windows\System32\dnsrslvr.dll



[2011-04-14 12:31] - [2011-03-02 08:12] - 0117760 ____A (Microsoft
Corporation) 06230F1B721494A6DF8D47FD395BB1B0



 



C:\Windows\System32\mpssvc.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 0603136 ____A (Microsoft
Corporation) 897E3BAF68BA406A61682AE39C83900C



 



C:\Windows\System32\bfe.dll



[2009-09-23 21:52] - [2009-04-10 23:11] - 0458240 ____A (Microsoft
Corporation) FFB96C2589FFA60473EAD78B39FBDE29



 



C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit



C:\Windows\System32\SDRSVC.dll => MD5 is legit



C:\Windows\System32\vssvc.exe



[2009-09-23 21:54] - [2009-04-10 23:11] - 1433600 ____A (Microsoft
Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1



 



C:\Windows\System32\wscsvc.dll



[2009-09-23 21:52] - [2009-04-10 23:11] - 0074752 ____A (Microsoft
Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A



 



C:\Windows\System32\wbem\WMIsvc.dll



[2009-09-23 21:53] - [2009-04-10 23:11] - 0221696 ____A (Microsoft
Corporation) D2E7296ED1BD26D8DB2799770C077A02



 



C:\Windows\System32\wuaueng.dll => MD5 is legit



C:\Windows\System32\qmgr.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 1081856 ____A (Microsoft
Corporation) 6D316F4859634071CC25C4FD4589AD2C



 



C:\Windows\System32\es.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 0361984 ____A (Microsoft
Corporation) E12F22B73F153DECE721CD45EC05B4AF



 



C:\Windows\System32\cryptsvc.dll



[2012-10-11 04:12] - [2012-06-01 16:20] - 0174592 ____A (Microsoft
Corporation) CA78B312C44E4D52E842C2C8BD48E452



 



C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit



C:\Windows\System32\svchost.exe => MD5 is legit



C:\Windows\System32\rpcss.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 0719872 ____A (Microsoft
Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



 



 



 



**** End of log ****


Edited by hamluis, 13 February 2013 - 04:41 PM.
Attempted to correct spacing, failed - Hamluis.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:22 PM

Posted 13 February 2013 - 09:34 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log
 



#5 seethis

seethis
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 13 February 2013 - 11:29 PM

Farbar Service Scanner Version: 30-01-2013



Ran by me (administrator) on 13-02-2013 at 20:24:12



Running from "C:\Users\me\Desktop"



Windows Vista ™ Home Premium Service Pack 2 (X64)



Boot Mode: Normal



****************************************************************



 



Internet Services:



============



 



Connection Status:



==============



Localhost is accessible.



LAN connected.


 

Attempt to access Google IP returned error. Google IP is offline



Google.com is accessible.



Yahoo IP is accessible.



Yahoo.com is accessible.



 



 



Windows Firewall:


 

=============



MpsSvc Service is not running. Checking service configuration:



The start type of MpsSvc service is OK.



The ImagePath of MpsSvc service is OK.



The ServiceDll of MpsSvc service is OK.



Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open
LEGACY_MpsSvc\0000 registry key. The key does not exist.



 



bfe Service is not running. Checking service configuration:


 

Checking Start type: ATTENTION!=====> Unable to open bfe registry
key. The service key does not exist.



Checking ImagePath: ATTENTION!=====> Unable to open bfe registry
key. The service key does not exist.



Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry
key. The service key does not exist.



Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000
registry key. The key does not exist.



 



 


 

Firewall Disabled Policy:



==================



 



 



System Restore:



============



 


 

System Restore Disabled Policy:



========================



 



 



Security Center:



============



 



Windows Update:



============



 



Windows Autoupdate Disabled Policy:


 

============================



 



 



Windows Defender:



==============



WinDefend Service is not running. Checking service configuration:



The start type of WinDefend service is OK.



The ImagePath of WinDefend service is OK.



The ServiceDll of WinDefend service is OK.



 



 



Windows Defender Disabled Policy:



==========================



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]



"DisableAntiSpyware"=DWORD:1



 



 



Other Services:



==============



 



 



File Check:



========



C:\Windows\System32\nsisvc.dll => MD5 is legit



C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit



C:\Windows\System32\dhcpcsvc.dll



[2009-09-23 21:53] - [2009-04-10 23:11] - 0268288 ____A (Microsoft
Corporation) 3ED0321127CE70ACDAABBF77E157C2A7



 



C:\Windows\System32\drivers\afd.sys



[2012-02-15 08:29] - [2012-01-03 06:25] - 0404992 ____A (Microsoft
Corporation) C4F6CE6087760AD70960C9EB130E7943



 



C:\Windows\System32\drivers\tdx.sys => MD5 is legit



C:\Windows\System32\Drivers\tcpip.sys



[2012-05-16 13:50] - [2012-03-30 04:45] - 1423744 ____A (Microsoft
Corporation) 46D448E9117464E4D3BBF36D7E3FA48E



 



C:\Windows\System32\dnsrslvr.dll



[2011-04-14 12:31] - [2011-03-02 08:12] - 0117760 ____A (Microsoft
Corporation) 06230F1B721494A6DF8D47FD395BB1B0



 



C:\Windows\System32\mpssvc.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 0603136 ____A (Microsoft
Corporation) 897E3BAF68BA406A61682AE39C83900C



 



C:\Windows\System32\bfe.dll



[2009-09-23 21:52] - [2009-04-10 23:11] - 0458240 ____A (Microsoft
Corporation) FFB96C2589FFA60473EAD78B39FBDE29



 



C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit



C:\Windows\System32\SDRSVC.dll => MD5 is legit



C:\Windows\System32\vssvc.exe



[2009-09-23 21:54] - [2009-04-10 23:11] - 1433600 ____A (Microsoft
Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1



 



C:\Windows\System32\wscsvc.dll



[2009-09-23 21:52] - [2009-04-10 23:11] - 0074752 ____A (Microsoft
Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A



 



C:\Windows\System32\wbem\WMIsvc.dll



[2009-09-23 21:53] - [2009-04-10 23:11] - 0221696 ____A (Microsoft
Corporation) D2E7296ED1BD26D8DB2799770C077A02



 



C:\Windows\System32\wuaueng.dll => MD5 is legit



C:\Windows\System32\qmgr.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 1081856 ____A (Microsoft
Corporation) 6D316F4859634071CC25C4FD4589AD2C



 



C:\Windows\System32\es.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 0361984 ____A (Microsoft
Corporation) E12F22B73F153DECE721CD45EC05B4AF



 



C:\Windows\System32\cryptsvc.dll



[2012-10-11 04:12] - [2012-06-01 16:20] - 0174592 ____A (Microsoft
Corporation) CA78B312C44E4D52E842C2C8BD48E452



 



C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit



C:\Windows\System32\svchost.exe => MD5 is legit



C:\Windows\System32\rpcss.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 0719872 ____A (Microsoft
Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



 



 



 



**** End of log ****



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:22 PM

Posted 14 February 2013 - 02:44 AM

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Reset file permissions
Register system files

Repair WMI

Repair windows firewall
Remove Policies Set By Infections
Repair Winsock & DNS Cache



Checkmark Restart System When Finished option
click the Start button

System should restart after repair

 

Run farbar service scanner again and post the new log



#7 seethis

seethis
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 15 February 2013 - 11:00 PM

Farbar Service Scanner Version: 30-01-2013



Ran by me (administrator) on 15-02-2013 at 19:52:49



Running from "C:\Users\me\Desktop"



Windows Vista ™ Home Premium Service Pack 2 (X64)



Boot Mode: Normal



****************************************************************



 



Internet Services:



============



 



Connection Status:



==============



Localhost is accessible.



LAN connected.



Attempt to access Google IP returned error. Google IP is offline



Google.com is accessible.



Yahoo IP is accessible.



Yahoo.com is accessible.



 



 



Windows Firewall:



=============



MpsSvc Service is not running. Checking service configuration:



The start type of MpsSvc service is OK.



The ImagePath of MpsSvc service is OK.



The ServiceDll of MpsSvc service is OK.



Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open
LEGACY_MpsSvc\0000 registry key. The key does not exist.



 



 



Firewall Disabled Policy:



==================



 



 



System Restore:



============



 



System Restore Disabled Policy:



========================



 



 



Security Center:



============



 



Windows Update:



============



 



Windows Autoupdate Disabled Policy:



============================



 



 



Windows Defender:



==============



WinDefend Service is not running. Checking service configuration:



The start type of WinDefend service is OK.



The ImagePath of WinDefend service is OK.



The ServiceDll of WinDefend service is OK.



 



 



Windows Defender Disabled Policy:



==========================



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]



"DisableAntiSpyware"=DWORD:1



 



 



Other Services:



==============



 



 



File Check:



========



C:\Windows\System32\nsisvc.dll => MD5 is legit



C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit



C:\Windows\System32\dhcpcsvc.dll



[2009-09-23 21:53] - [2009-04-10 23:11] - 0268288 ____A (Microsoft
Corporation) 3ED0321127CE70ACDAABBF77E157C2A7



 



C:\Windows\System32\drivers\afd.sys



[2012-02-15 08:29] - [2012-01-03 06:25] - 0404992 ____A (Microsoft
Corporation) C4F6CE6087760AD70960C9EB130E7943



 



C:\Windows\System32\drivers\tdx.sys => MD5 is legit



C:\Windows\System32\Drivers\tcpip.sys



[2013-02-13 13:36] - [2013-01-04 03:31] - 1423720 ____A (Microsoft
Corporation) 0E970F59D7FBB838316176B19A2ADB82



 



C:\Windows\System32\dnsrslvr.dll



[2011-04-14 12:31] - [2011-03-02 08:12] - 0117760 ____A (Microsoft
Corporation) 06230F1B721494A6DF8D47FD395BB1B0



 



C:\Windows\System32\mpssvc.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 0603136 ____A (Microsoft
Corporation) 897E3BAF68BA406A61682AE39C83900C



 



C:\Windows\System32\bfe.dll



[2009-09-23 21:52] - [2009-04-10 23:11] - 0458240 ____A (Microsoft
Corporation) FFB96C2589FFA60473EAD78B39FBDE29



 



C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit



C:\Windows\System32\SDRSVC.dll => MD5 is legit



C:\Windows\System32\vssvc.exe



[2009-09-23 21:54] - [2009-04-10 23:11] - 1433600 ____A (Microsoft
Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1



 



C:\Windows\System32\wscsvc.dll



[2009-09-23 21:52] - [2009-04-10 23:11] - 0074752 ____A (Microsoft
Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A



 



C:\Windows\System32\wbem\WMIsvc.dll



[2009-09-23 21:53] - [2009-04-10 23:11] - 0221696 ____A (Microsoft
Corporation) D2E7296ED1BD26D8DB2799770C077A02



 



C:\Windows\System32\wuaueng.dll => MD5 is legit



C:\Windows\System32\qmgr.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 1081856 ____A (Microsoft
Corporation) 6D316F4859634071CC25C4FD4589AD2C



 



C:\Windows\System32\es.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 0361984 ____A (Microsoft
Corporation) E12F22B73F153DECE721CD45EC05B4AF



 



C:\Windows\System32\cryptsvc.dll



[2012-10-11 04:12] - [2012-06-01 16:20] - 0174592 ____A (Microsoft
Corporation) CA78B312C44E4D52E842C2C8BD48E452



 



C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit



C:\Windows\System32\svchost.exe => MD5 is legit



C:\Windows\System32\rpcss.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 0719872 ____A (Microsoft
Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



 



 



 



**** End of log ****



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:22 PM

Posted 16 February 2013 - 08:03 AM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log
 



#9 seethis

seethis
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 16 February 2013 - 01:54 PM

Farbar Service Scanner Version: 30-01-2013



Ran by Me (administrator) on 16-02-2013 at 10:48:08



Running from "C:\Users\Me\Desktop"



Windows Vista ™ Home Premium Service Pack 2 (X64)



Boot Mode: Normal



****************************************************************



 



Internet Services:



============



 



Connection Status:



==============



Localhost is accessible.



LAN connected.



Attempt to access Google IP returned error. Google IP is offline



Google.com is accessible.



Yahoo IP is accessible.



Yahoo.com is accessible.



 



 



Windows Firewall:



=============



MpsSvc Service is not running. Checking service configuration:



The start type of MpsSvc service is OK.



The ImagePath of MpsSvc service is OK.



The ServiceDll of MpsSvc service is OK.



Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open
LEGACY_MpsSvc\0000 registry key. The key does not exist.



 



 



Firewall Disabled Policy:



==================



 



 



System Restore:



============



 



System Restore Disabled Policy:



========================



 



 



Security Center:



============



 



Windows Update:



============



 



Windows Autoupdate Disabled Policy:



============================



 



 



Windows Defender:



==============



WinDefend Service is not running. Checking service configuration:



The start type of WinDefend service is OK.



The ImagePath of WinDefend service is OK.



The ServiceDll of WinDefend service is OK.



 



 



Windows Defender Disabled Policy:



==========================



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]



"DisableAntiSpyware"=DWORD:1



 



 



Other Services:



==============



 



 



File Check:



========



C:\Windows\System32\nsisvc.dll => MD5 is legit



C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit



C:\Windows\System32\dhcpcsvc.dll



[2009-09-23 21:53] - [2009-04-10 23:11] - 0268288 ____A (Microsoft
Corporation) 3ED0321127CE70ACDAABBF77E157C2A7



 



C:\Windows\System32\drivers\afd.sys



[2012-02-15 08:29] - [2012-01-03 06:25] - 0404992 ____A (Microsoft
Corporation) C4F6CE6087760AD70960C9EB130E7943



 



C:\Windows\System32\drivers\tdx.sys => MD5 is legit



C:\Windows\System32\Drivers\tcpip.sys



[2013-02-13 13:36] - [2013-01-04 03:31] - 1423720 ____A (Microsoft
Corporation) 0E970F59D7FBB838316176B19A2ADB82



 



C:\Windows\System32\dnsrslvr.dll



[2011-04-14 12:31] - [2011-03-02 08:12] - 0117760 ____A (Microsoft
Corporation) 06230F1B721494A6DF8D47FD395BB1B0



 



C:\Windows\System32\mpssvc.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 0603136 ____A (Microsoft
Corporation) 897E3BAF68BA406A61682AE39C83900C



 



C:\Windows\System32\bfe.dll



[2009-09-23 21:52] - [2009-04-10 23:11] - 0458240 ____A (Microsoft
Corporation) FFB96C2589FFA60473EAD78B39FBDE29



 



C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit



C:\Windows\System32\SDRSVC.dll => MD5 is legit



C:\Windows\System32\vssvc.exe



[2009-09-23 21:54] - [2009-04-10 23:11] - 1433600 ____A (Microsoft
Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1



 



C:\Windows\System32\wscsvc.dll



[2009-09-23 21:52] - [2009-04-10 23:11] - 0074752 ____A (Microsoft
Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A



 



C:\Windows\System32\wbem\WMIsvc.dll



[2009-09-23 21:53] - [2009-04-10 23:11] - 0221696 ____A (Microsoft
Corporation) D2E7296ED1BD26D8DB2799770C077A02



 



C:\Windows\System32\wuaueng.dll => MD5 is legit



C:\Windows\System32\qmgr.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 1081856 ____A (Microsoft
Corporation) 6D316F4859634071CC25C4FD4589AD2C



 



C:\Windows\System32\es.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 0361984 ____A (Microsoft
Corporation) E12F22B73F153DECE721CD45EC05B4AF



 



C:\Windows\System32\cryptsvc.dll



[2012-10-11 04:12] - [2012-06-01 16:20] - 0174592 ____A (Microsoft
Corporation) CA78B312C44E4D52E842C2C8BD48E452



 



C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit



C:\Windows\System32\svchost.exe => MD5 is legit



C:\Windows\System32\rpcss.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 0719872 ____A (Microsoft
Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



 



 



 



**** End of log ****



#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:22 PM

Posted 16 February 2013 - 02:16 PM

Download

 

http://www.bleepstatic.com/fhost/uploads/1/legacy_mpssvc.reg

 

Click on start button and type

regedit and press ENTER

Navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

Right click on root-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now launch the legacy_mpssvc.reg file and import it.Restart the PC

 

Run farbar service scanner again and post the log



#11 seethis

seethis
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 16 February 2013 - 02:38 PM

It says:

Unable to save permission changes on Root.

 

Access is denied.

 

after I select full control.



#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:22 PM

Posted 16 February 2013 - 02:41 PM

Navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

Right click on root-permissions

Click on Advanced

Click on owner tab

Select the account in which you are logged in as owner

Place a tick on Replace owner on subcontainers and objects

Now try to add everyone to the security tab



#13 seethis

seethis
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 16 February 2013 - 02:55 PM

Registry Editor could not set owner on the key selected, or some of its subkeys

 

After I put a tick on replace owner on subcontainers and objects



#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:22 PM

Posted 16 February 2013 - 03:13 PM

Do not put a tick,can you add now?



#15 seethis

seethis
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 16 February 2013 - 03:30 PM

Yes! Not ticking it did the trick-thanks, narenxp!

 

Here's my FSS log:

 

Farbar Service Scanner Version: 30-01-2013



Ran by me (administrator) on 16-02-2013 at 12:28:40



Running from "C:\Users\me\Desktop"



Windows Vista ™ Home Premium Service Pack 2 (X64)



Boot Mode: Normal



****************************************************************



 



Internet Services:



============



 



Connection Status:



==============



Localhost is accessible.



LAN connected.



Attempt to access Google IP returned error. Google IP is offline



Google.com is accessible.



Yahoo IP is accessible.



Yahoo.com is accessible.



 



 



Windows Firewall:



=============



MpsSvc Service is not running. Checking service configuration:



The start type of MpsSvc service is OK.



The ImagePath of MpsSvc service is OK.



The ServiceDll of MpsSvc service is OK.



 



 



Firewall Disabled Policy:



==================



 



 



System Restore:



============



 



System Restore Disabled Policy:



========================



 



 



Security Center:



============



 



Windows Update:



============



 



Windows Autoupdate Disabled Policy:



============================



 



 



Windows Defender:



==============



WinDefend Service is not running. Checking service configuration:



The start type of WinDefend service is OK.



The ImagePath of WinDefend service is OK.



The ServiceDll of WinDefend service is OK.



 



 



Windows Defender Disabled Policy:



==========================



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]



"DisableAntiSpyware"=DWORD:1



 



 



Other Services:



==============



 



 



File Check:



========



C:\Windows\System32\nsisvc.dll => MD5 is legit



C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit



C:\Windows\System32\dhcpcsvc.dll



[2009-09-23 21:53] - [2009-04-10 23:11] - 0268288 ____A (Microsoft
Corporation) 3ED0321127CE70ACDAABBF77E157C2A7



 



C:\Windows\System32\drivers\afd.sys



[2012-02-15 08:29] - [2012-01-03 06:25] - 0404992 ____A (Microsoft
Corporation) C4F6CE6087760AD70960C9EB130E7943



 



C:\Windows\System32\drivers\tdx.sys => MD5 is legit



C:\Windows\System32\Drivers\tcpip.sys



[2013-02-13 13:36] - [2013-01-04 03:31] - 1423720 ____A (Microsoft Corporation)
0E970F59D7FBB838316176B19A2ADB82



 



C:\Windows\System32\dnsrslvr.dll



[2011-04-14 12:31] - [2011-03-02 08:12] - 0117760 ____A (Microsoft
Corporation) 06230F1B721494A6DF8D47FD395BB1B0



 



C:\Windows\System32\mpssvc.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 0603136 ____A (Microsoft
Corporation) 897E3BAF68BA406A61682AE39C83900C



 



C:\Windows\System32\bfe.dll



[2009-09-23 21:52] - [2009-04-10 23:11] - 0458240 ____A (Microsoft
Corporation) FFB96C2589FFA60473EAD78B39FBDE29



 



C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit



C:\Windows\System32\SDRSVC.dll => MD5 is legit



C:\Windows\System32\vssvc.exe



[2009-09-23 21:54] - [2009-04-10 23:11] - 1433600 ____A (Microsoft
Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1



 



C:\Windows\System32\wscsvc.dll



[2009-09-23 21:52] - [2009-04-10 23:11] - 0074752 ____A (Microsoft
Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A



 



C:\Windows\System32\wbem\WMIsvc.dll



[2009-09-23 21:53] - [2009-04-10 23:11] - 0221696 ____A (Microsoft
Corporation) D2E7296ED1BD26D8DB2799770C077A02



 



C:\Windows\System32\wuaueng.dll => MD5 is legit



C:\Windows\System32\qmgr.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 1081856 ____A (Microsoft
Corporation) 6D316F4859634071CC25C4FD4589AD2C



 



C:\Windows\System32\es.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 0361984 ____A (Microsoft
Corporation) E12F22B73F153DECE721CD45EC05B4AF



 



C:\Windows\System32\cryptsvc.dll



[2012-10-11 04:12] - [2012-06-01 16:20] - 0174592 ____A (Microsoft
Corporation) CA78B312C44E4D52E842C2C8BD48E452



 



C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit



C:\Windows\System32\svchost.exe => MD5 is legit



C:\Windows\System32\rpcss.dll



[2009-09-23 21:54] - [2009-04-10 23:11] - 0719872 ____A (Microsoft
Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



 



 



 



**** End of log ****






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users