Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall Issue, System Slow


  • This topic is locked This topic is locked
13 replies to this topic

#1 FIA007

FIA007

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 15 August 2016 - 11:53 PM

Hi Mods,

 

I need your help to fix my system, I am using dell notebook, and it seems it's totally messed up. It is extremely slow and takes long time for startup or to run an application, when I turned system on almost every time chkdsk starts. Windows firewall is disabled or what can't see the options to turned it on. I got msg Action center can't turn windows firewall on when tried to turn firewall on from solve pc issues from system taskbar.

 

When I tried to shutdown, it restarts it self.

 

Please note, in the past I have tried (unsuccessful) to fix the issue as well, but I can't remember what tools I used that time.

 

Kindly find logs for review and suggestion:

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2016 01
Ran by Soofia (administrator) on SOOFIA-PC (15-08-2016 22:04:38)
Running from C:\Users\Soofia\Desktop\Resolve
Loaded Profiles: Soofia (Available Profiles: Soofia)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-15] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6561384 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-29] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-29] ()
HKLM-x32\...\Run: [hpbdfawep] => C:\Program Files (x86)\HP\Dfawep\bin\hpbdfawep.exe [1214976 2007-04-25] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-10] (Oracle Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3437754924-4161754857-3663261247-1000\...\MountPoints2: {e9afc34d-4517-11e1-bd70-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-3437754924-4161754857-3663261247-1000\...\MountPoints2: {e9afc36d-4517-11e1-bd70-bc77370ad646} - E:\AutoRun.exe
HKU\S-1-5-21-3437754924-4161754857-3663261247-1000\...\MountPoints2: {ffed1ffe-b9bb-11e3-8681-001e101f2500} - E:\AutoRun.exe
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{059A89D5-3866-4173-95AF-37BF6E1411A7}: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{E1B66CAF-8ADB-4DD0-B18B-423C30EB79BC}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3437754924-4161754857-3663261247-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-3437754924-4161754857-3663261247-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://arabia.msn.com/
SearchScopes: HKLM -> DefaultScope {B52C17A5-CB1E-4362-9BD1-2729568875F2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {B52C17A5-CB1E-4362-9BD1-2729568875F2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {88CCF9C4-8222-45CE-99C4-E4E9285EB509} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {88CCF9C4-8222-45CE-99C4-E4E9285EB509} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3437754924-4161754857-3663261247-1000 -> DefaultScope {5013771E-B720-47D6-A37D-6EBD65D60751} URL = 
SearchScopes: HKU\S-1-5-21-3437754924-4161754857-3663261247-1000 -> {88CCF9C4-8222-45CE-99C4-E4E9285EB509} URL = 
SearchScopes: HKU\S-1-5-21-3437754924-4161754857-3663261247-1000 -> {B52C17A5-CB1E-4362-9BD1-2729568875F2} URL = 
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130321091224.dll [2011-12-06] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-22] (Sun Microsystems, Inc.)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll => No File
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-10] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130321091224.dll [2011-12-06] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-10] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-03-22] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3437754924-4161754857-3663261247-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Soofia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3437754924-4161754857-3663261247-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Soofia\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3437754924-4161754857-3663261247-1000: @talk.google.com/O1DPlugin -> C:\Users\Soofia\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3437754924-4161754857-3663261247-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Soofia\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-3437754924-4161754857-3663261247-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Soofia\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Soofia\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Soofia\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2015-10-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-10-16] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Soofia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Soofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-10]
CHR Extension: (Google Docs Offline) - C:\Users\Soofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Soofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-10]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Soofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2016-08-10]
CHR Extension: (Chrome Media Router) - C:\Users\Soofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-15]
CHR HKU\S-1-5-21-3437754924-4161754857-3663261247-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Soofia\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-24]
CHR HKU\S-1-5-21-3437754924-4161754857-3663261247-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2010-12-14] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-12-14] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [974912 2010-12-14] (Intel Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2011-12-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208536 2011-12-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177680 2015-09-08] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-22] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2015-09-08] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-01-22] ()
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-15 22:04 - 2016-08-15 22:04 - 00000000 ____D C:\FRST
2016-08-15 22:02 - 2016-08-15 22:04 - 00000000 ____D C:\Users\Soofia\Desktop\Resolve
2016-08-15 21:33 - 2016-08-15 21:33 - 00003416 ____N C:\bootsqm.dat
2016-08-15 21:30 - 2016-08-15 21:30 - 00000000 __SHD C:\found.008
2016-07-31 18:10 - 2016-07-31 18:10 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1eb89215b267d.job
2016-07-29 15:10 - 2016-07-31 18:10 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1e9ddb07f7ec4.job
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-15 22:06 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-15 22:06 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-15 21:36 - 2013-11-14 04:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-15 21:35 - 2011-03-22 09:51 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-08-15 21:34 - 2013-07-28 07:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-15 21:34 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-15 17:09 - 2013-07-28 07:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-15 15:08 - 2013-07-30 10:03 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3437754924-4161754857-3663261247-1000UA.job
2016-08-14 21:08 - 2013-07-30 10:03 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3437754924-4161754857-3663261247-1000Core.job
2016-08-08 22:12 - 2013-07-28 07:42 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-03 20:28 - 2009-07-13 23:13 - 00800500 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-03 20:28 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-08-01 23:32 - 2016-01-23 14:56 - 00000000 ____D C:\Users\Soofia\AppData\Local\CrashDumps
2016-07-31 17:37 - 2013-11-14 04:18 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-31 17:37 - 2011-12-27 13:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-31 17:36 - 2011-12-27 13:05 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-31 17:35 - 2011-03-22 09:38 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-29 15:10 - 2016-05-11 21:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1abfbee31d485.job
2016-07-27 13:25 - 2015-09-08 22:54 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2013-07-24 13:37 - 2013-07-24 13:37 - 0120731 _____ () C:\Users\Soofia\AppData\Local\ars.cache
2013-07-24 13:37 - 2013-07-24 13:37 - 0137294 _____ () C:\Users\Soofia\AppData\Local\census.cache
2013-07-20 10:18 - 2015-11-25 11:19 - 0012288 _____ () C:\Users\Soofia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-24 13:17 - 2013-07-24 13:17 - 0000036 _____ () C:\Users\Soofia\AppData\Local\housecall.guid.cache
 
Some files in TEMP:
====================
C:\Users\Soofia\AppData\Local\Temp\aocigddc.dll
C:\Users\Soofia\AppData\Local\Temp\gqicexdt.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-10 14:36
 
==================== End of FRST.txt ============================
 
Thanks

Attached Files


Edited by FIA007, 16 August 2016 - 12:18 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:39 AM

Posted 17 August 2016 - 09:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 

MpsSvc => Firewall Service is not running.

What I suspect is that your removed the McAfee's security programs and the Firewall is still active.
This fix will remove the Firewall settings.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll => No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Soofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-10]
CHR HKU\S-1-5-21-3437754924-4161754857-3663261247-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
CustomCLSID: HKU\S-1-5-21-3437754924-4161754857-3663261247-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Soofia\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3437754924-4161754857-3663261247-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Soofia\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {CA73056A-0342-4C21-9991-03659433B242} - System32\Tasks\{B59D0C8C-2085-41AB-AC38-EB1E0CD54F26} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124.259&amp;LastError=12002
FirewallRules: [{6CE60E9F-9216-4545-8464-2D2FF5A27019}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{67BD817F-1375-4665-B22C-CFDD61965E1E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{934D54C6-0D81-4C4D-A84A-07EA77867E24}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1B0C209C-ECCC-41BF-B55E-6433D99EF80E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
C:\Program Files\Common Files\mcafee
C:\Users\Soofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Soofia\AppData\Local\Temp\aocigddc.dll
C:\Users\Soofia\AppData\Local\Temp\gqicexdt.dll


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

After the restart of the computer is the problem persists please download and run the McAfee's removal tool from this site.
https://service.mcafee.com/webcenter/portal/cp/home/articleview;jsessionid=rjGY0AbatZvmSMKu7mnu9kXN_vO416bZ-nljFPhb9ZrmdoYZ46De!-127964032!-5810101?articleId=TS101331&_afrLoop=2209451594956375#!%40%40%3F_afrLoop%3D2209451594956375%26articleId%3DTS101331%26centerWidth%3D100%25%26leftWidth%3D0%25%26rightWidth%3D0%25%26showFooter%3Dfalse%26showHeader%3Dfalse%26_adf.ctrl-state%3Dtbp5opm8s_4

===

Later when all is well you should update these 3rd party programs.

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader Via the Control Panel > Programs > Programs and Features.
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
<<<>>>

Your version of Shockwave is out-or-date and vulnerable.

Navigate to this page and follow the instructions to get the latest version.
https://get.adobe.com/flashplayer/

Go to Start > Control Panel > Programs and Features and uninstall the old version(s) if present.
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
<<<>>>

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Java™ 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Java™ 6 Update 23 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 - Oracle)

Please post the Fixlog.txt and let me know what problem persists.

#3 FIA007

FIA007
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 17 August 2016 - 09:57 PM

Hi nasdaq,

 

Thanks for your response, I have run the fix and you may see the log below. Problem still persists, I have downloaded and run the McAfee removal tool as well but un istallation remain incomplete as some or all files may not have been removed successfully. 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-08-2016
Ran by Soofia (17-08-2016 19:55:51) Run:1
Running from C:\Users\Soofia\Desktop\Resolve
Loaded Profiles: Soofia (Available Profiles: Soofia)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll => No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Soofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-10]
CHR HKU\S-1-5-21-3437754924-4161754857-3663261247-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
CustomCLSID: HKU\S-1-5-21-3437754924-4161754857-3663261247-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Soofia\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3437754924-4161754857-3663261247-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Soofia\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {CA73056A-0342-4C21-9991-03659433B242} - System32\Tasks\{B59D0C8C-2085-41AB-AC38-EB1E0CD54F26} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124.259&amp;LastError=12002
FirewallRules: [{6CE60E9F-9216-4545-8464-2D2FF5A27019}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{67BD817F-1375-4665-B22C-CFDD61965E1E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{934D54C6-0D81-4C4D-A84A-07EA77867E24}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1B0C209C-ECCC-41BF-B55E-6433D99EF80E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
C:\Program Files\Common Files\mcafee
C:\Users\Soofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\Soofia\AppData\Local\Temp\aocigddc.dll
C:\Users\Soofia\AppData\Local\Temp\gqicexdt.dll
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => key removed successfully
"HKCR\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Soofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKU\S-1-5-21-3437754924-4161754857-3663261247-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
PCDSRVC{1E208CE0-FB7451FF-06020101}_0 => service removed successfully
"HKU\S-1-5-21-3437754924-4161754857-3663261247-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-3437754924-4161754857-3663261247-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA73056A-0342-4C21-9991-03659433B242}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA73056A-0342-4C21-9991-03659433B242}" => key removed successfully
C:\Windows\System32\Tasks\{B59D0C8C-2085-41AB-AC38-EB1E0CD54F26} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B59D0C8C-2085-41AB-AC38-EB1E0CD54F26}" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6CE60E9F-9216-4545-8464-2D2FF5A27019} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67BD817F-1375-4665-B22C-CFDD61965E1E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{934D54C6-0D81-4C4D-A84A-07EA77867E24} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1B0C209C-ECCC-41BF-B55E-6433D99EF80E} => value removed successfully
C:\Program Files\Common Files\mcafee => moved successfully
"C:\Users\Soofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
C:\Users\Soofia\AppData\Local\Temp\aocigddc.dll => moved successfully
C:\Users\Soofia\AppData\Local\Temp\gqicexdt.dll => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1383298 B
Java, Flash, Steam htmlcache => 612 B
Windows/system/drivers => 262208445 B
Edge => 0 B
Chrome => 92739032 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 46406299 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 7385810 B
Soofia => 15921716 B
 
RecycleBin => 0 B
EmptyTemp: => 414.4 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:58:12 ====
 
Regards


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:39 AM

Posted 18 August 2016 - 08:08 AM

when I turned system on almost every time chkdsk starts


Navigate to this page and run execute the fix suggested.

http://www.thewindowsclub.com/check-disk-runs-at-every-startup-windows

Keep me posted.

#5 FIA007

FIA007
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 18 August 2016 - 09:57 PM

I have run the fix suggested in the link provided and will observe whether chkdsk runs or otherwise. Well, I still can't turn windows firewall on and I don't know it is due to the same reason or what can't logon to skype as well.

 

Please suggest fix for this issue.

 

Thanks



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:39 AM

Posted 19 August 2016 - 08:08 AM

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#7 FIA007

FIA007
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 20 August 2016 - 01:47 AM

Please find FSS log:

 

 

Farbar Service Scanner Version: 27-01-2016
Ran by Soofia (administrator) on 20-08-2016 at 00:45:31
Running from "C:\Users\Soofia\Desktop\Resolve"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:39 AM

Posted 20 August 2016 - 07:51 AM


Skype is shown as disabled in the MsConfig section of the Addition.txt log.
This should restore it. Keep me posted.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {08F6E554-1919-4A7F-9C98-A5FA3EF891D5} - System32\Tasks\{84D9D686-7B3D-49EB-897A-FC7B4669CDE9} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124.259&amp;LastError=12007
Task: {1E2E41DC-CB53-4E4A-9E4F-B4AE1FDB7143} - System32\Tasks\{B67003FF-45F1-42F5-B515-75002C6AD6B9} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124.259&amp;LastError=12007
Task: {5534C1E2-9041-43B0-AB45-5ADBA0E017AB} - System32\Tasks\{9437C0D8-A363-48B9-836B-02B9BA9D5626} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.2.0.106&amp;LastError=12007
Task: {CA73056A-0342-4C21-9991-03659433B242} - System32\Tasks\{B59D0C8C-2085-41AB-AC38-EB1E0CD54F26} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124.259&amp;LastError=12002
Task: {F61D2B6E-C61E-4CDC-9FAA-2102009EBC16} - System32\Tasks\{E6D5F7E2-67DA-4E32-9844-FE5946A4DF56} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124.259&amp;LastError=12007
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SkypeMSCONFIG\startup

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please run the Farbar Recovery Scan Tool. Enter MpsSvc in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#9 FIA007

FIA007
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 21 August 2016 - 08:51 PM

Hi nasdaq,

 

I have run the fix, but still the same result can't enable windows firewall and skype logon issue.

 

Fixlog.txt

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Soofia (21-08-2016 19:32:29) Run:2
Running from C:\Users\Soofia\Desktop\Resolve
Loaded Profiles: Soofia (Available Profiles: Soofia)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Task: {08F6E554-1919-4A7F-9C98-A5FA3EF891D5} - System32\Tasks\{84D9D686-7B3D-49EB-897A-FC7B4669CDE9} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124.259&amp;LastError=12007
Task: {1E2E41DC-CB53-4E4A-9E4F-B4AE1FDB7143} - System32\Tasks\{B67003FF-45F1-42F5-B515-75002C6AD6B9} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124.259&amp;LastError=12007
Task: {5534C1E2-9041-43B0-AB45-5ADBA0E017AB} - System32\Tasks\{9437C0D8-A363-48B9-836B-02B9BA9D5626} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.2.0.106&amp;LastError=12007
Task: {CA73056A-0342-4C21-9991-03659433B242} - System32\Tasks\{B59D0C8C-2085-41AB-AC38-EB1E0CD54F26} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124.259&amp;LastError=12002
Task: {F61D2B6E-C61E-4CDC-9FAA-2102009EBC16} - System32\Tasks\{E6D5F7E2-67DA-4E32-9844-FE5946A4DF56} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124.259&amp;LastError=12007
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SkypeMSCONFIG\startup
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08F6E554-1919-4A7F-9C98-A5FA3EF891D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08F6E554-1919-4A7F-9C98-A5FA3EF891D5}" => key removed successfully
C:\Windows\System32\Tasks\{84D9D686-7B3D-49EB-897A-FC7B4669CDE9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{84D9D686-7B3D-49EB-897A-FC7B4669CDE9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E2E41DC-CB53-4E4A-9E4F-B4AE1FDB7143}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E2E41DC-CB53-4E4A-9E4F-B4AE1FDB7143}" => key removed successfully
C:\Windows\System32\Tasks\{B67003FF-45F1-42F5-B515-75002C6AD6B9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B67003FF-45F1-42F5-B515-75002C6AD6B9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5534C1E2-9041-43B0-AB45-5ADBA0E017AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5534C1E2-9041-43B0-AB45-5ADBA0E017AB}" => key removed successfully
C:\Windows\System32\Tasks\{9437C0D8-A363-48B9-836B-02B9BA9D5626} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9437C0D8-A363-48B9-836B-02B9BA9D5626}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA73056A-0342-4C21-9991-03659433B242} => key not found. 
C:\Windows\System32\Tasks\{B59D0C8C-2085-41AB-AC38-EB1E0CD54F26} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B59D0C8C-2085-41AB-AC38-EB1E0CD54F26} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F61D2B6E-C61E-4CDC-9FAA-2102009EBC16}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F61D2B6E-C61E-4CDC-9FAA-2102009EBC16}" => key removed successfully
C:\Windows\System32\Tasks\{E6D5F7E2-67DA-4E32-9844-FE5946A4DF56} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E6D5F7E2-67DA-4E32-9844-FE5946A4DF56}" => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SkypeMSCONFIG\startup => key not found. 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 142318450 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 564008 B
Edge => 0 B
Chrome => 315754184 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 1999410 B
Soofia => 24642299 B
 
RecycleBin => 0 B
EmptyTemp: => 470.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:34:05 ====
 

Search.txt

 

 
 
Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Soofia (21-08-2016 19:46:34)
Running from C:\Users\Soofia\Desktop\Resolve
Boot Mode: Normal
 
================== Search Registry: "MpsSvc" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM]
"Autorecover MOFs"="%windir%\system32\wbem\cimwin32.mof
%windir%\system32\wbem\ncprov.mof
%windir%\system32\wbem\wmipcima.mof
%windir%\system32\wbem\secrcw32.mof
%windir%\system32\wbem\subscrpt.mof
%windir%\system32\wbem\scm.mof
%windir%\system32\wbem\system.mof
%windir%\system32\wbem\interop.mof
%windir%\system32\wbem\scrcons.mof
%windir%\system32\wbem\smtpcons.mof
%windir%\system32\wbem\wbemcons.mof
%windir%\system32\wbem\wmi.mof
%windir%\system32\wbem\wmi_tracing.mof
%windir%\system32\wbem\win32_printer.mof
%windir%\system32\wbem\tcpip.mof
%windir%\system32\wbem\services.mof
%windir%\system32\wbem\mmc.mof
%windir%\system32\wbem\newdev.mof
%windir%\system32\restartmanager.mof
%windir%\system32\wbem\wsdapi.mof
%windir%\system32\wbem\qmgr.mof
%windir%\system32\wbem\schannel.mof
%windir%\system32\wbem\ncsi.mof
%windir%\system32\wbem\nlasvc.mof
%windir%\system32\wbem\mpssvc.mof
%windir%\system32\wbem\mpsdrv.mof
%windir%\system32\wbem\firewallapi.mof
%windir%\system32\wbem\wfapigp.mof
%windir%\system32\wbem\ipsecsvc.mof
%windir%\system32\wbem\polstore.mof
%windir%\system32\wbem\winipsec.mof
%windir%\system32\wbem\l2gpstore.mof
%windir%\system32\wbem\schedsvc.mof
%windir%\system32\wbem\l2sechc.mof
%windir%\system32\wbem\onex.mof
%windir%\system32\wbem\ssdpsrv.mof
%windir%\system32\wbem\nci.mof
%windir%\system32\wbem\sstpsvc.mof
%windir%\system32\wbem\wininit.mof
%windir%\system32\wbem\wdf01000.mof
%windir%\system32\wbem\wmipdfs.mof
%windir%\system32\wbem\wmipdskq.mof
%windir%\system32\wbem\wmipsess.mof
%windir%\system32\wbem\cimdmtf.mof
%windir%\system32\wbem\powermeterprovider.mof
%windir%\system32\wbem\powerpolicyprovider.mof
%windir%\system32\wbem\profileassociationprovider.mof
%windir%\system32\wbem\wfp.mof
%windir%\system32\wbem\fundisc.mof
%windir%\system32\wbem\netprofm.mof
%windir%\system32\wbem\lltdio.mof
%windir%\system32\wbem\rspndr.mof
%windir%\system32\wbem\lltdsvc.mof
%windir%\system32\wbem\networkmap.mof
%windir%\system32\wbem\networkitemfactory.mof
%windir%\system32\wbem\hnetcfg.mof
%windir%\system32\wbem\msv1_0.mof
%windir%\system32\wbem\kerberos.mof
%windir%\system32\wbem\wdigest.mof
%windir%\system32\wbem\ndistrace.mof
%windir%\system32\wbem\nlsvc.mof
%windir%\system32\wbem\samsrv.mof
%windir%\system32\wbem\mountmgr.mof
%windir%\system32\wbem\partmgr.mof
%windir%\system32\wbem\bcd.mof
%windir%\system32\wbem\ntfs.mof
%windir%\system32\wbem\setupapi.mof
%windir%\system32\wbem\drvinst.mof
%windir%\system32\wbem\umpnpmgr.mof
%windir%\system32\wbem\dimsjob.mof
%windir%\system32\wbem\lsasrv.mof
%windir%\system32\wbem\xwizards.mof
%windir%\system32\wbem\rsop.mof
%windir%\system32\wbem\ppcrsopcompschema.mof
%windir%\system32\wbem\ppcrsopuserschema.mof
%windir%\system32\wbem\printfilterpipelinesvc.mof
%windir%\system32\wbem\microsoft-windows-remote-filesystem.mof
%windir%\system32\wbem\whqlprov.mof
%windir%\system32\wbem\wmiperfclass.mof
%windir%\system32\wbem\wmiperfinst.mof
%windir%\system32\wbem\scersop.mof
%windir%\system32\wbem\userprofilewmiprovider.mof
%windir%\system32\wbem\winlogon.mof
%windir%\system32\wbem\wscmisetup.mof
%windir%\system32\wbem\pnpsetup.mof
%windir%\system32\wbem\cli.mof
%windir%\system32\wbem\cliegaliases.mof
%windir%\system32\wbem\krnlprov.mof
%windir%\system32\wbem\wmitimep.mof
%windir%\system32\wbem\regevent.mof
%windir%\system32\wbem\dsprov.mof
%windir%\system32\wbem\wmipiprt.mof
%windir%\system32\wbem\wmipjobj.mof
%windir%\system32\wbem\ntevt.mof
%windir%\system32\wbem\msi.mof
%windir%\system32\wbem\wmipicmp.mof
%windir%\system32\wbem\mstscax.mof
%windir%\system32\wbem\aaclient.mof
%windir%\system32\wbem\mstsc.mof
%windir%\system32\wbem\fwcfg.mof
%windir%\system32\wbem\authfwcfg.mof
%windir%\system32\wbem\tspkg.mof
%windir%\system32\wbem\auditrsop.mof
%windir%\system32\wbem\sdbus.mof
%windir%\system32\wbem\wudfx.mof
%windir%\system32\wbem\racwmiprov.mof
%windir%\system32\wbem\msiscsi.mof
%windir%\system32\wbem\iscsihba.mof
%windir%\system32\wbem\iscsidsc.mof
%windir%\system32\wbem\iscsiprf.mof
%windir%\system32\wbem\hbaapi.mof
%windir%\system32\wbem\win32_tpm.mof
%windir%\system32\wbem\dimsroam.mof
%windir%\system32\wbem\rdpencom.mof
%windir%\system32\wbem\rdpcore.mof
%windir%\system32\wbem\sppwmi.mof
%windir%\system32\wbem\imapiv2-base.mof
%windir%\system32\wbem\imapiv2-filesystemsupport.mof
%windir%\system32\wbem\imapiv2-legacyshim.mof
%windir%\microsoft.net\framework64\v2.0.50727\clr.mof
%windir%\microsoft.net\framework64\v2.0.50727\aspnet.mof
%windir%\system32\wbem\eaimeapi.mof
%windir%\system32\wbem\wsmauto.mof
%windir%\system32\wbem\auxiliarydisplayapi.mof
%windir%\system32\wbem\filetrace.mof
%windir%\system32\wbem\vss.mof
%windir%\system32\wbem\vds.mof
%windir%\system32\wbem\dot3.mof
%windir%\system32\wbem\fdphost.mof
%windir%\system32\wbem\fdwnet.mof
%windir%\system32\wbem\fdrespub.mof
%windir%\system32\wbem\ipbusenum.mof
%windir%\system32\wbem\fdwsd.mof
%windir%\system32\wbem\fdssdp.mof
%windir%\system32\wbem\umb.mof
%windir%\system32\wbem\umbus.mof
%windir%\system32\wbem\umpass.mof
%windir%\system32\wbem\pnpxassoc.mof
%windir%\system32\wbem\devicepairinghandler.mof
%windir%\system32\wbem\napclientprov.mof
%windir%\system32\wbem\napclientschema.mof
%windir%\system32\wbem\nshipsec.mof
%windir%\system32\wbem\stortrace.mof
%windir%\system32\wbem\wmp.mof
%windir%\system32\wbem\wfs.mof
%windir%\system32\wbem\wgxinstalledgame.mof
%windir%\system32\wbem\wpcsprov.mof
%windir%\system32\wbem\wpc.mof
%windir%\system32\wbem\irmon.mof
%windir%\system32\wbem\wscenter.mof
%windir%\system32\wbem\wpd_ci.mof
%windir%\system32\wbem\winsat.mof
%windir%\system32\wbem\p2p-mesh.mof
%windir%\system32\wbem\p2p-pnrp.mof
%windir%\system32\wbem\p2p-collab.mof
%windir%\system32\wbem\wzcdlg.mof
%windir%\system32\wbem\servicemodel.mof
%windir%\system32\wbem\servicemodel35.mof
%windir%\system32\wbem\wlanhc.mof
%windir%\system32\wbem\wpdshext.mof
%windir%\system32\wbem\wpdshserviceobj.mof
%windir%\system32\wbem\portabledevicewmdrm.mof
%windir%\system32\wbem\mswmdm.mof
%windir%\system32\wbem\wcncsvc.mof
%windir%\system32\wbem\wmpnetwk.mof
%windir%\system32\wbem\wpdsp.mof
%windir%\system32\wbem\msfeedsbs.mof
%windir%\system32\wbem\tsmf.mof
%windir%\system32\wbem\dshowrdpfilter.mof
%windir%\system32\wbem\win32_encryptablevolume.mof
%windir%\system32\wbem\wlan.mof
%windir%\system32\wbem\wpdwcn.mof
%windir%\system32\wbem\portabledeviceapi.mof
%windir%\system32\wbem\portabledevicetypes.mof
%windir%\system32\wbem\portabledeviceclassextension.mof
%windir%\system32\wbem\portabledeviceconnectapi.mof
%windir%\system32\wbem\sr.mof
%windir%\system32\wbem\wpdbusenum.mof
%windir%\system32\wbem\wpdfs.mof
%windir%\system32\wbem\portabledevicewiacompat.mof
%windir%\system32\wbem\msfeeds.mof
%windir%\system32\wbem\bthmtpenum.mof
%windir%\system32\wbem\wpdmtp.mof
%windir%\system32\wbem\wpdcomp.mof
%windir%\system32\wbem\irda.mof
%windir%\system32\wbem\en-us\cimwin32.mfl
%windir%\system32\wbem\en-us\wmipcima.mfl
%windir%\system32\wbem\en-us\secrcw32.mfl
%windir%\system32\wbem\en-us\subscrpt.mfl
%windir%\system32\wbem\en-us\ncprov.mfl
%windir%\system32\wbem\en-us\system.mfl
%windir%\system32\wbem\en-us\interop.mfl
%windir%\system32\wbem\en-us\scrcons.mfl
%windir%\system32\wbem\en-us\smtpcons.mfl
%windir%\system32\wbem\en-us\wbemcons.mfl
%windir%\system32\wbem\en-us\wmi.mfl
%windir%\system32\wbem\en-us\win32_printer.mfl
%windir%\system32\wbem\en-us\wfs.mfl
%windir%\system32\wbem\en-us\cli.mfl
%windir%\system32\wbem\en-us\cliegaliases.mfl
%windir%\system32\wbem\en-us\krnlprov.mfl
%windir%\system32\wbem\en-us\wmitimep.mfl
%windir%\system32\wbem\en-us\regevent.mfl
%windir%\system32\wbem\en-us\dsprov.mfl
%windir%\system32\wbem\en-us\wmipiprt.mfl
%windir%\system32\wbem\en-us\wmipjobj.mfl
%windir%\system32\wbem\en-us\ntevt.mfl
%windir%\system32\wbem\en-us\msi.mfl
%windir%\system32\wbem\en-us\wmipicmp.mfl
%windir%\system32\wbem\en-us\wmipdfs.mfl
%windir%\system32\wbem\en-us\wmipdskq.mfl
%windir%\system32\wbem\en-us\wmipsess.mfl
%windir%\system32\wbem\en-us\wgxinstalledgame.mfl
%windir%\system32\wbem\en-us\mstscax.mfl
%windir%\system32\wbem\en-us\aaclient.mfl
%windir%\system32\wbem\en-us\mstsc.mfl
%windir%\system32\wbem\en-us\irmon.mfl
%windir%\system32\wbem\en-us\vss.mfl
%windir%\system32\wbem\en-us\vds.mfl
%windir%\system32\wbem\en-us\wscenter.mfl
%windir%\system32\wbem\en-us\rsop.mfl
%windir%\system32\wbem\en-us\iscsiprf.mfl
%windir%\system32\wbem\en-us\iscsidsc.mfl
%windir%\system32\wbem\en-us\userprofilewmiprovider.mfl
%windir%\system32\wbem\en-us\whqlprov.mfl
%windir%\system32\wbem\en-us\wudfx.mfl
%windir%\system32\wbem\en-us\sppwmi.mfl
%windir%\system32\wbem\en-us\msfeeds.mfl
%windir%\system32\wbem\en-us\wmpnetwk.mfl
%windir%\system32\wbem\en-us\filetrace.mfl
%windir%\system32\wbem\en-us\wininit.mfl
%windir%\system32\wbem\en-us\rdpencom.mfl
%windir%\system32\wbem\en-us\racwmiprov.mfl
%windir%\system32\wbem\en-us\sr.mfl
%windir%\system32\wbem\en-us\wcncsvc.mfl
%windir%\system32\wbem\en-us\xwizards.mfl
%windir%\system32\en-us\restartmanager.mfl
%windir%\system32\wbem\en-us\hbaapi.mfl
%windir%\system32\wbem\en-us\winlogon.mfl
%windir%\system32\wbem\en-us\l2gpstore.mfl
%windir%\system32\wbem\en-us\msfeedsbs.mfl
%windir%\system32\wbem\en-us\rdpcore.mfl
%windir%\system32\wbem\en-us\cimdmtf.mfl
%windir%\system32\wbem\en-us\powermeterprovider.mfl
%windir%\system32\wbem\en-us\powerpolicyprovider.mfl
%windir%\system32\wbem\en-us\profileassociationprovider.mfl
%windir%\system32\wbem\en-us\auxiliarydisplaycpl.mfl
%windir%\system32\wbem\auxiliarydisplaycpl.mof
%windir%\system32\wbem\auxiliarydisplayservices.mof
%windir%\system32\wbem\auxiliarydisplaydriverlib.mof
%windir%\system32\wbem\mblctr.mof
%windir%\system32\wbem\sensorscpl.mof
%windir%\system32\wbem\en-us\sensorscpl.mfl
%windir%\system32\wbem\sensorsclassextension.mof
C:\PROGRA~1\INTEL\WIFI\BIN\IWMSPROV.MOF
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\MOF\SERVICEMODEL.MOF
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\MOF\SERVICEMODEL35.MOF
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MOF\SERVICEMODEL.MOF
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\MOF\SERVICEMODEL35.MOF
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICESOFTWAREPROTECTIONPLATFORM\OSPPWMI.MOF
C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\MSINFO\OINFOP12.MOF
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V4.0.30319\ASPNET.MOF
C:\AS.MOF
C:\PROGRAM FILES\INTEL\WIFI\BIN\IWMSPROV.MOF
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOF
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET.MOF
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\488053CDBCA3231EEB2C2AF7236D09ED\AMD64_MICROSOFT-WINDOWS-O..TEND-APIS.RESOURCES_31BF3856AD364E35_6.1.7601.17514_EN-US_FE0A300973CF3A35\OFFLINEFILESWMIPROVIDER.MFL
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\488053CDBCA3231EEB2C2AF7236D09ED\AMD64_MICROSOFT-WINDOWS-T..IPROVIDER.RESOURCES_31BF3856AD364E35_6.1.7601.17514_EN-US_A2E96EC3A0EE3FA3\TSALLOW.MFL
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\488053CDBCA3231EEB2C2AF7236D09ED\AMD64_MICROSOFT-WINDOWS-T..LISHING-WMIPROVIDER_31BF3856AD364E35_6.1.7601.17514_NONE_935E5E07AA28AA00\TSALLOW.MOF
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\488053CDBCA3231EEB2C2AF7236D09ED\AMD64_NETFX-CLR_MOF_B03F5F7F11D50A3A_6.1.7601.17514_NONE_DA9A73FBF2F874CD\CLR.MOF
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\488053CDBCA3231EEB2C2AF7236D09ED\AMD64_WCF-M_SM_MOF_31BF3856AD364E35_6.1.7601.17514_NONE_2297D27F96C493F0\SERVICEMODEL.MOF
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\488053CDBCA3231EEB2C2AF7236D09ED\X86_MICROSOFT-WINDOWS-O..TEND-APIS.RESOURCES_31BF3856AD364E35_6.1.7601.17514_EN-US_A1EB9485BB71C8FF\OFFLINEFILESWMIPROVIDER.MFL
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\488053CDBCA3231EEB2C2AF7236D09ED\X86_NETFX-CLR_MOF_B03F5F7F11D50A3A_6.1.7601.17514_NONE_2247AAD307749DD3\CLR.MOF
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\488053CDBCA3231EEB2C2AF7236D09ED\X86_WCF-M_SM_MOF_31BF3856AD364E35_6.1.7601.17514_NONE_C67936FBDE6722BA\SERVICEMODEL.MOF
C:\WINDOWS\SYSTEM32\WBEM\WDF01000UNINSTALL.MOF
C:\WINDOWS\SYSTEM32\WBEM\WPCUNINST.MOF
C:\WINDOWS\SYSTEM32\WBEM\WUDFXUNINSTALL.MOF
C:\WINDOWS\SYSWOW64\WBEM\AACLIENT.MOF
C:\WINDOWS\SYSWOW64\WBEM\CLI.MOF
C:\WINDOWS\SYSWOW64\WBEM\CLIEGALIASES.MOF
C:\WINDOWS\SYSWOW64\WBEM\HBAAPI.MOF
C:\WINDOWS\SYSWOW64\WBEM\ISCSIDSC.MOF
C:\WINDOWS\SYSWOW64\WBEM\ISCSIHBA.MOF
C:\WINDOWS\SYSWOW64\WBEM\ISCSIPRF.MOF
C:\WINDOWS\SYSWOW64\WBEM\KERBEROS.MOF
C:\WINDOWS\SYSWOW64\WBEM\L2SECHC.MOF
C:\WINDOWS\SYSWOW64\WBEM\MSTSC.MOF
C:\WINDOWS\SYSWOW64\WBEM\MSTSCAX.MOF
C:\WINDOWS\SYSWOW64\WBEM\MSV1_0.MOF
C:\WINDOWS\SYSWOW64\WBEM\NCI.MOF
C:\WINDOWS\SYSWOW64\WBEM\NLSVC.MOF
C:\WINDOWS\SYSWOW64\WBEM\PPCRSOPCOMPSCHEMA.MOF
C:\WINDOWS\SYSWOW64\WBEM\PPCRSOPUSERSCHEMA.MOF
C:\WINDOWS\SYSWOW64\WBEM\RACWMIPROV.MOF
C:\WINDOWS\SYSWOW64\WBEM\REGEVENT.MOF
C:\WINDOWS\SYSWOW64\WBEM\SCERSOP.MOF
C:\WINDOWS\SYSWOW64\WBEM\SCHEDSVC.MOF
C:\WINDOWS\SYSWOW64\WBEM\SERVICEMODEL.MOF
C:\WINDOWS\SYSWOW64\WBEM\SERVICEMODEL35.MOF
C:\WINDOWS\SYSWOW64\WBEM\SSDPSRV.MOF
C:\WINDOWS\SYSWOW64\WBEM\VDS.MOF
C:\WINDOWS\SYSWOW64\WBEM\VSS.MOF
C:\WINDOWS\SYSWOW64\WBEM\WGXINSTALLEDGAME.MOF
C:\WINDOWS\SYSWOW64\WBEM\WMIPERFCLASS.MOF
C:\WINDOWS\SYSWOW64\WBEM\WMIPERFINST.MOF
C:\WINDOWS\SYSWOW64\WBEM\WPCSPROV.MOF
C:\WINDOWS\SYSWOW64\WBEM\WPCUNINST.MOF
C:\WINDOWS\SYSWOW64\WBEM\WSCENTER.MOF
C:\WINDOWS\SYSWOW64\WBEM\WSDAPI.MOF
C:\WINDOWS\SYSWOW64\WBEM\EN-US\AACLIENT.MFL
C:\WINDOWS\SYSWOW64\WBEM\EN-US\CLI.MFL
C:\WINDOWS\SYSWOW64\WBEM\EN-US\CLIEGALIASES.MFL
C:\WINDOWS\SYSWOW64\WBEM\EN-US\HBAAPI.MFL
C:\WINDOWS\SYSWOW64\WBEM\EN-US\ISCSIDSC.MFL
C:\WINDOWS\SYSWOW64\WBEM\EN-US\ISCSIPRF.MFL
C:\WINDOWS\SYSWOW64\WBEM\EN-US\MSTSC.MFL
C:\WINDOWS\SYSWOW64\WBEM\EN-US\MSTSCAX.MFL
C:\WINDOWS\SYSWOW64\WBEM\EN-US\RACWMIPROV.MFL
C:\WINDOWS\SYSWOW64\WBEM\EN-US\REGEVENT.MFL
C:\WINDOWS\SYSWOW64\WBEM\EN-US\VDS.MFL
C:\WINDOWS\SYSWOW64\WBEM\EN-US\VSS.MFL
C:\WINDOWS\SYSWOW64\WBEM\EN-US\WGXINSTALLEDGAME.MFL
C:\WINDOWS\SYSWOW64\WBEM\EN-US\WSCENTER.MFL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~0.0.0.0]
"Networking-MPSSVC-Rules-UltimateEdition-Package~31bf3856ad364e35~amd64~~6.1.7600.16385"="3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~0.0.0.0]
"Networking-MPSSVC-Rules-BusinessEdition-Package~31bf3856ad364e35~amd64~~6.1.7600.16385"="3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~0.0.0.0]
"Networking-MPSSVC-Rules-HomePremiumEdition-Package~31bf3856ad364e35~amd64~~6.1.7600.16385"="3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~0.0.0.0]
"Networking-MPSSVC-Rules-HomePremiumEdition-Package~31bf3856ad364e35~amd64~~6.1.7601.17514"="3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~0.0.0.0]
"Networking-MPSSVC-Rules-BusinessEdition-Package~31bf3856ad364e35~amd64~~6.1.7601.17514"="3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~0.0.0.0]
"Networking-MPSSVC-Rules-UltimateEdition-Package~31bf3856ad364e35~amd64~~6.1.7601.17514"="3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Networking-MPSSVC-Rules-BusinessEdition-Package~31bf3856ad364e35~amd64~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Networking-MPSSVC-Rules-BusinessEdition-Package~31bf3856ad364e35~amd64~~0.0.0.0]
"Networking-MPSSVC-Rules-BusinessEdition-Package~31bf3856ad364e35~amd64~~6.1.7600.16385"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Networking-MPSSVC-Rules-BusinessEdition-Package~31bf3856ad364e35~amd64~~0.0.0.0]
"Networking-MPSSVC-Rules-BusinessEdition-Package~31bf3856ad364e35~amd64~~6.1.7601.17514"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Networking-MPSSVC-Rules-HomePremiumEdition-Package~31bf3856ad364e35~amd64~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Networking-MPSSVC-Rules-HomePremiumEdition-Package~31bf3856ad364e35~amd64~~0.0.0.0]
"Networking-MPSSVC-Rules-HomePremiumEdition-Package~31bf3856ad364e35~amd64~~6.1.7600.16385"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Networking-MPSSVC-Rules-HomePremiumEdition-Package~31bf3856ad364e35~amd64~~0.0.0.0]
"Networking-MPSSVC-Rules-HomePremiumEdition-Package~31bf3856ad364e35~amd64~~6.1.7601.17514"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Networking-MPSSVC-Rules-UltimateEdition-Package~31bf3856ad364e35~amd64~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Networking-MPSSVC-Rules-UltimateEdition-Package~31bf3856ad364e35~amd64~~0.0.0.0]
"Networking-MPSSVC-Rules-UltimateEdition-Package~31bf3856ad364e35~amd64~~6.1.7600.16385"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Networking-MPSSVC-Rules-UltimateEdition-Package~31bf3856ad364e35~amd64~~0.0.0.0]
"Networking-MPSSVC-Rules-UltimateEdition-Package~31bf3856ad364e35~amd64~~6.1.7601.17514"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Networking-MPSSVC-Rules-BusinessEdition-Package~31bf3856ad364e35~amd64~~6.1.7600.16385]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Networking-MPSSVC-Rules-BusinessEdition-Package~31bf3856ad364e35~amd64~~6.1.7600.16385]
"InstallName"="Networking-MPSSVC-Rules-BusinessEdition-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Networking-MPSSVC-Rules-BusinessEdition-Package~31bf3856ad364e35~amd64~~6.1.7601.17514]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Networking-MPSSVC-Rules-BusinessEdition-Package~31bf3856ad364e35~amd64~~6.1.7601.17514]
"InstallName"="Networking-MPSSVC-Rules-BusinessEdition-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Networking-MPSSVC-Rules-HomePremiumEdition-Package~31bf3856ad364e35~amd64~~6.1.7600.16385]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Networking-MPSSVC-Rules-HomePremiumEdition-Package~31bf3856ad364e35~amd64~~6.1.7600.16385]
"InstallName"="Networking-MPSSVC-Rules-HomePremiumEdition-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Networking-MPSSVC-Rules-HomePremiumEdition-Package~31bf3856ad364e35~amd64~~6.1.7601.17514]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Networking-MPSSVC-Rules-HomePremiumEdition-Package~31bf3856ad364e35~amd64~~6.1.7601.17514]
"InstallName"="Networking-MPSSVC-Rules-HomePremiumEdition-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Networking-MPSSVC-Rules-UltimateEdition-Package~31bf3856ad364e35~amd64~~6.1.7600.16385]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Networking-MPSSVC-Rules-UltimateEdition-Package~31bf3856ad364e35~amd64~~6.1.7600.16385]
"InstallName"="Networking-MPSSVC-Rules-UltimateEdition-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Networking-MPSSVC-Rules-UltimateEdition-Package~31bf3856ad364e35~amd64~~6.1.7601.17514]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Networking-MPSSVC-Rules-UltimateEdition-Package~31bf3856ad364e35~amd64~~6.1.7601.17514]
"InstallName"="Networking-MPSSVC-Rules-UltimateEdition-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-admin.resources_31bf3856ad364e35_en-us_d6888571be75c515]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-admin_31bf3856ad364e35_none_c8bcb3a132919e26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-netsh.resources_31bf3856ad364e35_en-us_624510a40616af78]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-netsh_31bf3856ad364e35_none_a00aafd0803fc097]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-r..medition-deployment_31bf3856ad364e35_none_da04d156c89cb1a7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-collab_31bf3856ad364e35_none_a53c268ff100eda0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-corenet_31bf3856ad364e35_none_ff8ebef0ab3009a3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-fps_31bf3856ad364e35_none_e70f423a1a38125a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-mcx_31bf3856ad364e35_none_e6b61d1c1a7d0cab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-msdtc_31bf3856ad364e35_none_4761b54bbcc898ba]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-msiscsi_31bf3856ad364e35_none_959fd6a153bee864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-netdis_31bf3856ad364e35_none_933257143f53a70a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-netpres_31bf3856ad364e35_none_c004e4e52cbf24fc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-pla_31bf3856ad364e35_none_e6a0bbea1a8af716]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-pnrpmnrs_31bf3856ad364e35_none_81fc74df487ed075]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-remoteassistance_31bf3856ad364e35_none_c75a643cc217f82d]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-remoteevntlogsvc_31bf3856ad364e35_none_6eb8db4be1cf8e46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-remotefwadmin_31bf3856ad364e35_none_21fd384fa17988d5]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-remotesvcadmin_31bf3856ad364e35_none_4deef60265059a28]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-remotetask_31bf3856ad364e35_none_5c5819c1fe7843b0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-remotevolmgmt_31bf3856ad364e35_none_994fa1d89c3297ed]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-rras_31bf3856ad364e35_none_582763e1f0345dbd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-winrm_31bf3856ad364e35_none_0d16fd1ce8827bd0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-wmi_31bf3856ad364e35_none_e65556801ac3a10c]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules-wpdmpt_31bf3856ad364e35_none_318e6a5d61454b91]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-rules_31bf3856ad364e35_none_451be20ce6a9a524]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-svc.resources_31bf3856ad364e35_en-us_59f8642e31297bc0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc-svc_31bf3856ad364e35_none_cb6ac029b901dd4f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc.resources_31bf3856ad364e35_en-us_dec64a5527731c75]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_networking-mpssvc_31bf3856ad364e35_none_9c86a8a79e321936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\wow64_networking-mpssvc-svc_31bf3856ad364e35_none_d5bf6a7bed629f4a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-admin.resources_31bf3856ad364e35_en-us_7a69e9ee061853df]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-admin_31bf3856ad364e35_none_6c9e181d7a342cf0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-netsh.resources_31bf3856ad364e35_en-us_062675204db93e42]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-netsh_31bf3856ad364e35_none_43ec144cc7e24f61]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-rules_31bf3856ad364e35_none_e8fd46892e4c33ee]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc-svc.resources_31bf3856ad364e35_en-us_fdd9c8aa78cc0a8a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc.resources_31bf3856ad364e35_en-us_82a7aed16f15ab3f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_networking-mpssvc_31bf3856ad364e35_none_40680d23e5d4a800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{37945dc2-899b-44d1-b79c-dd4a9e57ff98}]
"ResourceFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{37945dc2-899b-44d1-b79c-dd4a9e57ff98}]
"MessageFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{37945dc2-899b-44d1-b79c-dd4a9e57ff98}]
"ParameterFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{50bd1bfd-936b-4db3-86be-e25b96c25898}]
"ResourceFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{50bd1bfd-936b-4db3-86be-e25b96c25898}]
"MessageFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{50bd1bfd-936b-4db3-86be-e25b96c25898}]
"ParameterFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{5444519f-2484-45a2-991e-953e4b54c8e0}]
"ResourceFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{5444519f-2484-45a2-991e-953e4b54c8e0}]
"MessageFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{5444519f-2484-45a2-991e-953e4b54c8e0}]
"ParameterFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{d1bc9aff-2abf-4d71-9146-ecb2a986eb85}]
"ResourceFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{d1bc9aff-2abf-4d71-9146-ecb2a986eb85}]
"MessageFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{d1bc9aff-2abf-4d71-9146-ecb2a986eb85}]
"ParameterFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e595f735-b42a-494b-afcd-b68666945cd3}]
"ResourceFileName"="%SystemRoot%\System32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{e595f735-b42a-494b-afcd-b68666945cd3}]
"MessageFileName"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"LocalServiceNoNetwork"="DPS
PLA
BFE
mpssvc
WwanSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-Firewall]
"EventMessageFile"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc\Parameters]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"MPSSVC-1"="V2.0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"MPSSVC-2"="V2.0
 
====== End of Search ======

 

 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:39 AM

Posted 22 August 2016 - 06:50 AM


Try the Automatic fix suggested on this page.

https://support.microsoft.com/en-us/kb/943996

Keep me posted.

#11 FIA007

FIA007
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 22 August 2016 - 10:51 PM

still same result, problem found windows firewall service is not started - not fixed



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:39 AM

Posted 23 August 2016 - 08:17 AM



Try this.

Run the CMD.EXE as an Administrator.

At the DOS prompt execute the command in bold.

C:\>sc config mpssvc start= Auto

You should see this message.
[SC] ChangeServiceConfig SUCCESS

Restart the computer normally.

How is it now?

p.s.
If the message is different let me know what you got.

#13 FIA007

FIA007
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 23 August 2016 - 08:50 PM

I have run the command,  and got the same success msg.

 

But still can't turn on the windows firewall. 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:39 AM

Posted 24 August 2016 - 08:34 AM


This issue is not caused by malware.

I suggest you start a new topic in the Windows 7 Forum.

http://www.bleepingcomputer.com/forums/f/167/windows-7/

An expert with that operating system should be able to help you better than I can.
This is not my forte.

I will leave this topic open for 6 days. If you need to return please do.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users