also @ TechSpot: Windows 8 Release Preview leaked, Microsoft may raise OEM prices

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Inactive] [A] Security Center problems

Discussion in 'Virus and Malware Removal' started by frogpelt, Jan 5, 2012.

Thread Status:
Not open for further replies.
Page 2 of 2

  1. Broni Malware Annihilator

    No problem....

    ....
    Broni, Jan 6, 2012
    #21

  2. frogpelt Newcomer, in training

    ESET No threats found

    The ESET scan revealed no threats.

    I installed the Pc Tools Firewall because the Windows Firewall seemed to be having issues.

    I'm not sure about System Restore.

    Do you think the weird problems might have been related to having too many AV and firewall tools on the computer?
    frogpelt, Jan 6, 2012
    #22

  3. Broni Malware Annihilator

    No.

    Please check if you can create new restore point manually.

    Then we'll try to fix your Windows firewall (just in case you need it in the future).

    Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
    Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
    Right-Click Root and select Permissions...
    Click Advanced.
    Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PC\Farbar)
    Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
    Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
    Click Apply and OK.
    Download Vista.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    You'll find several files inside.
    Double-click mpssvc.reg and confirm the prompt.
    Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.
    Restart computer, post new FSS log.
    Broni, Jan 6, 2012
    #23

  4. frogpelt Newcomer, in training

    I WAS able to create a new system restore point.

    ==================================


    Farbar Service Scanner
    Ran by Gregory (administrator) on 06-01-2012 at 21:46:43
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.
    Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.


    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll
    [2009-09-17 17:57] - [2009-04-11 00:28] - 0061440 ____A (Microsoft Corporation) 1CA6C40261DDC0425987980D0CD2AAAB

    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll
    [2009-09-17 17:58] - [2009-04-11 00:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

    C:\Windows\system32\es.dll
    [2009-09-17 17:58] - [2009-04-11 00:28] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F

    C:\Windows\system32\cryptsvc.dll
    [2009-09-17 17:58] - [2009-04-11 00:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
    frogpelt, Jan 6, 2012
    #24

  5. Broni Malware Annihilator

    Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
    Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
    Right-Click Root and select Permissions...
    Click Advanced.
    Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PC\Farbar)
    Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
    Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
    Click Apply and OK.

    Download following registry key: http://www.filedropper.com/legacympssvc
    Double-click legacy_mpssvc.reg and confirm the prompt.

    Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.

    Restart computer, post new FSS log.
    Broni, Jan 7, 2012
    #25

  6. frogpelt Newcomer, in training

    legacy_mpssvc would not import.

    Windows says it is not a valid reg file.
    frogpelt, Jan 9, 2012
    #26

  7. Broni Malware Annihilator

    Broni, Jan 9, 2012
    #27
Page 2 of 2
Thread Status:
Not open for further replies.