Over 1 million tech questions and answers.

Windows Firewall Error, Threats found in MSE

Q: Windows Firewall Error, Threats found in MSE

Hi guys,

Hopefully someone can point me in the right direction.
I've got an ACER 5750 laptop with Win7 Home Premium with a couple of problems.
- I can't turn the windows firewall on (error 0x80070424)
- MSE has picked up:
* Trojan:Win64/Sirefef.Y
* Trojan:Win32/Sirefef.AB
* Trojan:Win64/Sirefef.U
* Trojan:Win32/Alureon.FP
* Trojan:Win64/Sirefef.P
* Program:Win32/CoinMiner
- Malware Bytes has picked up:
* RiskWare.Tool.CK

So, sadly its a bit of a mess...

I have run MSE to remove the above which states a successful removal but when completing the requested restart Win7 wont boot and pops up a repair program which will only let the system run if I complete a restore in which case the whole lot starts over. I've also run Malware Bytes which sometimes clears the problem but on restart the problem still exists.

It seems to be a very similar problem to TommyC11's issue here: Link

I have run TDSSKiller.exe which doesn't return any threats.

Many thanks
Stu

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Sarah and Stu at 17:26:25 on 2012-05-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.3948.1654 [GMT 12:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Windows Server\Bin\WhsMcClient.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Server\Bin\Launchpad.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.nz/
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{919F6D23-E81E-4F18-9CDB-F24121975643} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{919F6D23-E81E-4F18-9CDB-F24121975643}\140707C65602E4564777F627B602735316464353 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{919F6D23-E81E-4F18-9CDB-F24121975643}\2456C6B696E6F5E413F575962756C6563737F5646383246444 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{919F6D23-E81E-4F18-9CDB-F24121975643}\24967605F6E646032333536364 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{919F6D23-E81E-4F18-9CDB-F24121975643}\25F646965627D456E65716E64644963707C61697 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{919F6D23-E81E-4F18-9CDB-F24121975643}\64255454027594649402269702548505544494140262023595440246C6 : DhcpNameServer = 172.17.64.1
TCP: Interfaces\{919F6D23-E81E-4F18-9CDB-F24121975643}\E4544574541425 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
mRun-x64: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sarah and Stu\AppData\Roaming\Mozilla\Firefox\Profiles\muna5klr.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109130&babsrc=adbartrp&mntrId=625675ed0000000000008a9ffaa30287&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109130
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 625675ed0000000000008a9ffaa30287
FF - user.js: extensions.BabylonToolbar_i.hardId - 625675ed0000000000008a9ffaa30287
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15380
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:41:59
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-4 63928]
R2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2011-3-2 79744]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-1-20 76448]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-1-27 313424]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-1-27 868224]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-9 23584]
R2 HealthAlertsSvc;Windows Server Health Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-27 13336]
R2 LANConfig;Windows Server LAN Configuration;C:\Program Files\Windows Server\Bin\LANConfigSvc.exe [2011-3-2 27520]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-3 654408]
R2 NotificationsProviderSvc;Windows Server Notifications Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-1-5 256536]
R2 providers_system;Windows Server Download Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 ServiceProviderRegistry;Windows Server Service Provider Registry;C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2012-1-12 40832]
R2 SqmProviderSvc;Windows Server SQM Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2011-9-1 2025336]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-24 2656280]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-1-27 243232]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2009-6-26 119296]
R2 WhsMcClient;Windows Server Media Center Client Service;C:\Program Files\Windows Server\Bin\WhsMcClient.exe [2011-3-2 111488]
R2 WSConnectorUpdate;Windows Server Connector Update;C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe [2011-3-2 228736]
R2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\system32\DRIVERS\b57xdbd.sys --> C:\Windows\system32\DRIVERS\b57xdbd.sys [?]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\system32\DRIVERS\b57xdmp.sys --> C:\Windows\system32\DRIVERS\b57xdmp.sys [?]
R3 BackupReader;BackupReader;C:\Windows\system32\DRIVERS\BackupReader.sys --> C:\Windows\system32\DRIVERS\BackupReader.sys [?]
R3 bScsiMSa;bScsiMSa;C:\Windows\system32\DRIVERS\bScsiMSa.sys --> C:\Windows\system32\DRIVERS\bScsiMSa.sys [?]
R3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys --> C:\Windows\system32\DRIVERS\bScsiSDa.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 dxrgvpig;dxrgvpig;\??\C:\Windows\system32\drivers\dxrgvpig.sys --> C:\Windows\system32\drivers\dxrgvpig.sys [?]
S1 qdhuigqk;qdhuigqk;\??\C:\Windows\system32\drivers\qdhuigqk.sys --> C:\Windows\system32\drivers\qdhuigqk.sys [?]
S1 xyoakpyy;xyoakpyy;\??\C:\Windows\system32\drivers\xyoakpyy.sys --> C:\Windows\system32\drivers\xyoakpyy.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-6 136176]
S2 initMonitor;Windows Server Initialization Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 257696]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-6 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\system32\DRIVERS\btblan.sys --> C:\Windows\system32\DRIVERS\btblan.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
SUnknown alnxnpau;alnxnpau; [x]
SUnknown iyjeagkk;iyjeagkk; [x]
SUnknown jfhjcltk;jfhjcltk; [x]
SUnknown lhpjgmvr;lhpjgmvr; [x]
SUnknown sgtnpufw;sgtnpufw; [x]
SUnknown truoavej;truoavej; [x]
SUnknown zgrdihyq;zgrdihyq; [x]
.
=============== Created Last 30 ================
.
2012-05-07 22:14:36 50000 ----a-w- C:\Windows\System32\drivers\xyoakpyy.sys
2012-05-07 11:39:07 50000 ----a-w- C:\Windows\System32\drivers\dxrgvpig.sys
2012-05-07 11:38:27 50000 ----a-w- C:\Windows\System32\drivers\qdhuigqk.sys
2012-05-07 11:37:41 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{26D9B133-6F2B-4B62-B4A2-57E72192C2BD}\offreg.dll
2012-05-07 11:29:50 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{26D9B133-6F2B-4B62-B4A2-57E72192C2BD}\mpengine.dll
2012-05-07 10:59:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-07 08:30:20 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-07 08:20:11 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{2199B0C3-0551-4778-A062-C6F523023A6E}
2012-05-07 08:19:59 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{15F5CCBB-8073-42FB-BD9B-7B6D521290EC}
2012-05-05 00:20:32 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{B19EAA99-699A-4AA3-9555-A5E38306F284}
2012-05-05 00:20:21 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{65D77053-E496-45D1-A2FA-7EAB310A9DEF}
2012-05-04 21:11:22 50000 ----a-w- C:\Windows\System32\drivers\ntcyhlrp.sys
2012-05-03 10:44:17 -------- d-----w- C:\Users\Sarah and Stu\AppData\Roaming\Malwarebytes
2012-05-03 10:43:41 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-03 10:43:39 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-03 10:43:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-03 10:38:18 50000 ----a-w- C:\Windows\System32\drivers\cmusjqhb.sys
2012-05-03 09:44:55 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6868C60A-86D9-4BF9-9073-D2EFB889F5C4}\gapaengine.dll
2012-05-03 08:17:00 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-03 08:16:53 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-03 08:10:51 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{F5B0998B-7FAB-4771-8681-F10F791AB125}
2012-05-03 08:10:39 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{EF673401-C6AE-4845-BD7B-97C5DADB5466}
2012-05-02 07:55:22 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{5397D8BF-7522-4E68-A3A2-8BB33E7F6912}
2012-05-02 07:55:10 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{DADAB31F-EE1E-4F34-978D-AE16B632362F}
2012-04-28 22:17:36 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-28 22:00:29 -------- d-----we C:\Windows\system64
2012-04-28 06:28:30 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{2AAE75F5-9110-40BD-82FD-B2F8940D7E56}
2012-04-28 06:28:19 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{5360C377-7A9B-4895-BA00-3DCF5858ECA2}
2012-04-26 09:28:44 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{3B5E97F8-89E1-4302-A00E-74C0B3428C92}
2012-04-26 09:28:32 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{8F642709-F5E2-4504-B390-49D8C9D00676}
2012-04-25 10:10:08 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-04-25 10:10:08 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-04-25 08:52:12 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{D228159B-14EF-445E-8DF9-5CA9A9CAF538}
2012-04-25 08:51:58 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{6FF39063-AF05-4830-A171-CA676E820587}
2012-04-19 10:43:33 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{F673290E-A3EB-4749-A5C0-F52AB4508AF0}
2012-04-19 10:43:18 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{00941849-2C3F-49AB-812B-15262FC0C3AF}
2012-04-18 05:34:03 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{894D359A-2817-4F66-A6A5-EE1D888960AC}
2012-04-18 05:33:52 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{440E30F7-14F1-43B8-8C9C-2B7A5B474E91}
2012-04-17 09:09:37 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{AA7BD459-7E58-4754-8FB7-15C95B0A607C}
2012-04-17 09:09:26 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{D8499B77-F564-4596-AA30-787FC673D0E6}
2012-04-16 11:02:12 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-16 08:31:47 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{7F9BE7A7-ED8A-4CA8-9647-C0F2C6EA2267}
2012-04-16 08:31:35 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{0EB04CB4-69B6-4198-8AEC-F2D26C6EC1EC}
2012-04-15 07:02:33 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{2B6209C9-52EA-47C8-A6C9-6283718ABF42}
2012-04-15 07:02:22 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{10D688F1-D967-4150-B44F-C25AA43AFA13}
2012-04-15 06:57:53 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{333E3C01-FA3F-428A-A8D7-792995983CE6}
2012-04-15 06:57:41 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{469DD1CF-F78B-499B-9CA5-73B5FAABC76D}
2012-04-14 23:13:29 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{AADCCFD2-D93D-4093-BDCA-30C4BE51FCDE}
2012-04-12 08:14:08 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-12 08:09:10 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{03B0AF45-ABA8-4BB6-BD56-857DD5B65744}
2012-04-12 08:08:10 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 08:08:09 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 08:08:08 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 08:02:37 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 08:02:36 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 08:02:35 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 08:02:34 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 08:02:34 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 08:02:33 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 08:02:33 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 09:34:03 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{C45298C0-9875-4FF6-83F6-C10DE11458DB}
2012-04-10 08:42:37 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{E4C068F6-5BFE-4416-8544-94F4D13238E2}
2012-04-09 07:51:57 -------- d-----w- C:\Users\Sarah and Stu\AppData\Local\{0E141853-419B-4BB9-94D3-5BD5ABBF1627}
.
==================== Find3M ====================
.
2012-05-08 00:03:24 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 00:03:24 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-20 08:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 08:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-09 14:12:44 138360 ----a-w- C:\Windows\SysWow64\drivers\AnyDVD.sys
2012-03-09 14:12:44 138360 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys
2012-03-08 06:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2006-05-18 04:58:57 385024 ----a-w- C:\Program Files\projectGSC.exe
2004-08-16 05:12:41 397312 ----a-w- C:\Program Files\projectGSCresUS.dll
2004-08-16 05:11:14 393216 ----a-w- C:\Program Files\projectGSCresJP.dll
2001-06-06 04:23:08 4094 ----a-w- C:\Program Files\USER_W.BIN
.
============= FINISH: 17:27:20.71 ===============

RELEVANCY SCORE 200
Preferred Solution: Windows Firewall Error, Threats found in MSE

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Windows Firewall Error, Threats found in MSE

Hi Stu!!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.____________________________________________________Do you happen to have access to a USB flash drive that we could utilize?-----------It appears you're infected with an infection known as ZeroAccess.ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:Dissecting the ZeroAccess RootkitZeroAccess / Max++ / Smiscer Crimeware RootkitMAX++ sets its sights on x64 platformsZeroAccess (Max++) RootkitZeroAccess Gets Another UpdateZeroAccess ? an advanced kernel mode rootkitNEXT: One or more of the identified infections is a backdoor trojan and password stealer.This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.It would also be wise to contact those same financial institutions to appraise them of your situation.I highly suggest you take a look at the two links provided below:1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?2. When should I re-format? How should I reinstall?We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.NEXT:Running aswMBR.exeDownload aswMBR.exe (4.5mb) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply NEXT:Farbar Service ScannerPlease download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.NEXT:Running OTLWe need to create a New FULL OTL ReportPlease download OTL from here if you have not done so already:
Main MirrorMirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "SafeList"Copy and Paste the following code into the textbox.
msconfig
safebootminimal
activex
drivers32
netsvcs
CreateRestorePoint
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
atapi.sys
explorer.exe
winlogon.exe
wininit.exe
tdx.sys
afd.sys
netbt.sys
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
Push the button.Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be openedExtras.txt <-- Will be minimizedNEXT:Please make sure you include the following items in your next post:1. Any comments or questions you may have that you'd like for me to answer in my next post to you.2. aswMBR log.3. Farbar Service Scanner log.4. OTL.txt & Extras.txt logs.5. An update on how your computer is currently running.It would be helpful if you could answer each question in the order asked, as well as numbering your answers.Please let me know how the above scans go.Kindest Regards,ST.

Read other 26 answers
RELEVANCY SCORE 96.4

Hi guys,Hopefully someone can point me in the right direction.I've got an ACER 5750 laptop with Win7 Home Premium with a couple of problems.- I can't turn the windows firewall on (error 0x80070424)- MSE has picked up: * Trojan:Win64/Sirefef.Y * Trojan:Win32/Sirefef.AB * Trojan:Win64/Sirefef.U * Trojan:Win32/Alureon.FP * Trojan:Win64/Sirefef.P * Program:Win32/CoinMiner- Malware Bytes has picked up: * RiskWare.Tool.CKSo, sadly its a bit of a mess...I have run MSE to remove the above which states a successful removal but when completing the requested restart Win7 wont boot and pops up a repair program which will only let the system run if I complete a restore in which case the whole lot starts over. I've also run Malware Bytes which sometimes clears the problem but on restart the problem still exists.It seems to be a very similar problem to TommyC11's issue here: LinkI have run TDSSKiller.exe which doesn't return any threats.Should I follow on with the process outlined in TommyC11's thread?Many thanksStu

A:Windows Firewall Error, Threats found in MSE

No,dont follow the instructions given to another user.

We need advanced tools to remove this infection

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

Read other 3 answers
RELEVANCY SCORE 64.8

If malwarebytes found threats and i delete all the threats will it broke my pc?

A:If malwarebytes found threats and i delete all the threats will it bro

Hi,
Depends it doesn't look like it did yet ?
See this,
Malwarebytes Anti-Malware Free

Read other 7 answers
RELEVANCY SCORE 60

Paste your log into this section.
I got some virus in my computer yesterday; It's troijan and some rootkits.
After that my windows defender won't work; I can't put it into action-> it keeps saying it isn't active and when I try to active it-> error-code comes.Same thing happens with the firewall.
I tried to get the viruses cleaned from the computer by AVG and then with Malware; both finds those and puts them in caranteen, but can't delete them. Overall 8 threats was yesterday and now is 6 threats; 2 troijans and 4 rootkits.
I tried to fix windows defender and firewall with window's fix it- exes, but those didn't fix the problem and some site said that computer must be clean from troijans and etc. after those can be fixed.
AVG is alerting of threats and the windows defender+firewall isn't working and Malware can't delete Troijan or rootkits.
I wish to have Troijan+rootkits deleted and windowsdefender+firewall to work right again.
Here is the DDS.txt.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Jenni at 21:41:48 on 2012-08-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.358.1035.18.3326.2131 [GMT 3:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
=... Read more

A:AVG is alerting of threats and the windows defender+firewall isn't working and Malware can't delete Troijan or rootkits

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 22 answers
RELEVANCY SCORE 54.4

Hello MSE has found three Severe threats on my machine. They are:

Exploit:Java/CVE-2010-0842.AL
Trojan:Java/Agent.A
Exploit:Java/CVE-2010-0840.MA

All three files were located in the Temp folder in AppData. MSE sucessfully removed the three threats however I am concerned that there may be further infections on my machine and I would be grateful if somebody could instruct me how to check thoroughly. Thanks in advance.

A:Threats found by MSE

Downloadhttp://www.techspot.com/downloads/4716-malwarebytes-anti-malware.htmlInstall,update and run a full scan Remove infections and Post the clean logDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Please download GMER from here(doesnot work on 64 bit OS)http://www2.gmer.net/download.phpTemporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply. DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here

Read other 7 answers
RELEVANCY SCORE 54.4

I use AVG 2012 and the software detected threats. It has to do with tracking cookies. I ran malwarebytes. That's as far as I gotten. Can anyone help me get rid of these threats. They are also in Documents and Settings. I use windows xp professional. 2.0GB
 

A:AVG found threats

Get rid of AVG 2012 and then replace it with Microsoft Security Essentials 2.1.1116.0.

Also install SUPERAntiSpyware 5.0.0.1144 so it can work with Malwarebytes Anti-Malware 1.60.1.1000(which you apparently already have installed) in keeping the "nasties" out of your computer.

MSE will run in the background and do its own thing.

Run a quick scan with SAS and MBAM once a week after you first update their definition files, then select and remove everything they find.

---------------------------------------------------------
 

Read other 3 answers
RELEVANCY SCORE 54.4

I need to clarify a doubt on security. I am using Windows 8 Pro and the antivirus software Kaspersky. My Firewall protection is 100 percent. I don't take any chances. I research online a lot, so want to be safe from all malware and virus. Recently, I came across this article on various IT threats. Biggest Threats To IT Security | NCI . It's a brief article about different kinds of viruses. I am familiar with worm and Trojan. One unfamiliar name is logic bombs. I am confused it with Trojans. How does it work?
Does win 8 Firewall along with the antivirus software prevent attacks of the malicious softwares? Is the system really safe if the Firewalls are on?
I am hearing more and more news about online threats, that I am beginning to feel that most antivirus protections are just vacuum.

Read other answers
RELEVANCY SCORE 54

Hi can anyone help me out?.I noticed since I installed spy bot 1.4 every single scan result says, Congratulations no immediate threats were found!.But I know this is not right.Does anyone know what to do?.Thanks.
 

A:Spy Bot 1.4 No threats found every scan

Read other 16 answers
RELEVANCY SCORE 54

RogueKiller found 32 threats;  all the threats are registry related except one.  I'm not sure if I should delete it.  I've attached the log which shows the threats it found.  Please let me know if I should delete it or ignore it.  Thanks.

A:RogueKiller found 32 threats

Attachments aren't allowed in this forum....as you can see.
 
Use the programs below to clean, find and remove adware and malware.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove Selected button.
MBAM will now delete all of the files... Read more

Read other 3 answers
RELEVANCY SCORE 54

Hi @ all!
I am running Windows 7 64-bit Home Edition
My Malwarebytes found 2 threats on my PC. It's been the second time it showed me those threats, even though I told the program to remove it.
I tried to uninstall it via the "Control Panel" - "Programs & Features", but it will not uninstall it. I attached a pic of the 2 threats.
I just want it removed from my PC

A:Malwarebytes found 2 threats

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first t... Read more

Read other 9 answers
RELEVANCY SCORE 54

Hi -----For the past week or so Spybot S&D no longer finds any new threats on my puter. I just uninstalled and then reinstalled Spybot. Ran a new search and it still finds no threats. AdAware, which always found fewer threats than Spybot is still working. Are there any known issues re Spybot? Any suggestions or thoughts?
 

A:No threats found with Spybot

Read other 12 answers
RELEVANCY SCORE 54

Hello guys,

I have been using Spybot Search & Destroy for quite a long time, and it always found between 15 and 35 threats (Ad Revolver, Double Click, etc) which I always deleted.

About 4 weeks ago I upgraded to the later version, and also 'immunised' my system at the same time (which hadn't been done before). However, since this upgrade, whenever I run Spybot it always comes up with "No Threats Found". Yesterday, I uninstalled Spybot and reinstalled it, ran it again, but it still came up with "No Threats Found". How come the old version always found some threats/spyware, but this new version doesn't? Could it be because my system is now "immunised" which is not allowing any of these threats in, or is Spybot not working properly? When it was downloading, a file looked to have a gobbledegook name, but I have read about such filenames and I think they are ok.

Also, is it OK to run your spyware check (at top of your screen) even though Spybot is installed?

I have Windows 98SE and free AVG on this computer.
I would welcome your advice. Thank you in advance.

(Like many others, I also have a problem with computer slowing down drastically after being on for 2-3 hours. Am currently trying to sort it following reading relevant threads, but if no luck will be asking another question!)
 

Read other answers
RELEVANCY SCORE 54

So I recently upgraded to AVG free 2013. On it's first scan through my computer it found 2 threats. When I tried to "address the issue" it would let me select the files, but not repair them. I'm not 100% sure they are even virus files. I get conflicting results searching online for the names. The threats were listed as follows:

"";"The file is signed with a broken digital signature, issued by: Microsoft Corporation., D:\I386\Apps\APP03978\src\INSNTMSI.EXE";"Infected"

and

"";"The file is signed with a broken digital signature, issued by: Microsoft Corporation., D:\I386\Apps\APP08668\src\3rdPartyApp\HHUPD.EXE";"Infected"
Any ideas? Are these files dangerous to my system? What can I do to get a clean scan from AVG? Below are the requested logs. Thanks in advanced.

MJ

____________________
HijackThis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:56:16 PM, on 11/4/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG2013\avgid... Read more

A:AVG found threats it can't repair

ignore those error messages
Some time during the next 6 months or so Microsoft update will replace those files with versions with the correct digital signatures
It was all down to a digitally signed certificate being withdrawn by Microsoft recently, so a lot of files that were signed using that certificate, flag as invalid by some antiviruses & scanning tools
They are fine so don't do anything
 

Read other 2 answers
RELEVANCY SCORE 54

I posted a hjt log file a few days ago but between then my computer got completely filled with infections and i couldnt use the internet for days. I finaly got rid of them and got firefox working but could some one have a look at scan results in case there are still some problems that couldnt be fixed

Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:44:22, on 25/04/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wes... Read more

A:Over 3,000 threats found on computer!

Thanks in advance if some one is able to give me some advice!
 

Read other 1 answers
RELEVANCY SCORE 54

I have all these pop ups and I would really appreciate if you could help me pinpoint the virus. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 4:10:53 PM, on 1/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Pharos\Bin\CTskMstr.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\V... Read more

A:Threats found from HIJACK

Hi dre1514 and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.


Show Hidden Files
Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the Hide protected operating system files option.



Downloads
Please download Cleanup! or use this Alternate Link if the main link does not work and install it. You will use this later.
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW!


Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"... Read more

Read other 1 answers
RELEVANCY SCORE 54

First I will attempt to explain what has happened. I had been letting my two nephews (Ages 14 and 16) use my desktop pc (they live with me). At first, I let them on the admin account which resulted in me having to do a restore. Then I did as you folks suggested and made each of them a Standard account, and let them use the desktop while I used my laptop. The boys are gone this week spending time with their Dad so I got on the desktop because my laptop doesn't handle my games very well. I got on this morning and the computer was lagging and freezing so I ran Malwarebytes and it found 286 threats and told me to restart to remove the threats. I ran all the scans that you requested and will post them in multiple posts.

System Info:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 8
RAM: 12270 Mb
Graphics Card: AMD Radeon HD 6700 Series, 1024 Mb
Hard Drives: C: Total - 1418215 MB, Free - 1334384 MB;
Motherboard: Dell Inc., 0Y2MRG
Antivirus: Microsoft Security Essentials, Updated and Enabled
 

A:Malwarebytes Found Threats

Read other 16 answers
RELEVANCY SCORE 53.6

Split from here: http://www.bleepingcomputer.com/forums/t/436093/windows-7-firewall-error-code-0x80070424-windows-firewall-service-missing/ ~ OB
 
Can u help me please 
 
Farbar Service Scanner Version: 03-03-2013
Ran by Anda (administrator) on 05-04-2013 at 20:51:47
Running from "C:\Users\Anda\Desktop"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
 
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
wscsvc Service is no... Read more

A:Split from: WIndows 7 Firewall Error Code 0x80070424 Windows Firewall Service Missing

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters
Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now
Click Start Scan and allow the scan process to runIf threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue
Click Reboot computerPlease post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your replyDue to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient===================================================RKILLPlease download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:Link 1Link 2In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.A black screen will appear and then disappear. Please do not worry, that is normal... Read more

Read other 1 answers
RELEVANCY SCORE 53.2

I want a 100% clean system and want verification if the threats detected by Avast Free Antivirus 6 are harmful or not. I performed a custom scan and included the following All harddisks,System drive,CD-ROM and DVD drives,Memory,Auto-start programs (all users)Note:I have only one user on this laptop myself. The last thing I had it scan for was(potentially unwanted programs). When this scan finished the following 17 threats were detected. Screenshot of scan log, sorry not great quality but readable I think.If you could interpret if these process threats are real I would greatly appreciate this. Avast will not allow me to move these to chest or delete them. So I need your help I downloaded combofix but don't want to do the wrong thing and mess up my laptop because it seems to be working very well. I use Advanced SystemCare 4, CCleaner, Hitman Pro 3.5 Note: I ran default scan and NO THREATS were found at all. I have Spybot - Search & Destroy,Malwarebytes' Anti-Malware currently Pro version still on free trial. I have done A LOT of scans with many programs. I use COMODO Firewall maximum protection to go with my chosen Antivirus as previously stated. Avast Free Antivirus 6 with current updated engine and virus definitions. If you need any further info to resolve my issue please post and I can provide it thank you for reading this, and for any help I receive. I included my system spec below in case you need it. System SpecsWindows 7 Home Premium 64-bit (6.1, Build 7601)... Read more

A:Avast found 17 threats how can I remove them?

The last thing I had it scan for was(potentially unwanted programs). When this scan finished the following 17 threats were detected.If these detections only appeared when doing that, please be aware that a Potentially Unwanted Program (PUP) is a very broad threat category which can include any number of different programs to include those which are benign as well as malicious. They may also be defined somewhat differently by various security vendors.Lavasoft: What are Potentially Unwanted Programs (PUPS)?Eset FAQs: What are Potentially Unwanted Programs and Potentially Unsafe Applications?McAfee White Paper: Potentially Unwanted ProgramsSophos: Potentially unwanted applicationsAVG FAQ 2340: Potentially Unwanted ProgramsSome programs falling into the PUP category have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files (compressed, packed) that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software. These detections do not necessarily mean the file is mal... Read more

Read other 5 answers
RELEVANCY SCORE 53.2

My system is Microsoft Windows XP Version 2002 Service Pack 3. When I restart my computer I receive the following: 1785 Multibay incorrectly instqalled. The multibay must be attached to the IDE controller as device 0. No other IDE device may be attached to the same controller.

I recently did 2 things that may be affecting my computer installed two 1000gbits Ram & connected a portable USB device into one of the USB slots in the back of the computer to save a document. I've never done that before and was unsuccessful.

Installation of the RAM did not seem to affect anything, but plugging in the USB PNY 8G device seemed to be when the problem started.

I now receive the above start up error message and my computer is running very slow, and glitching frequently meaning pages that I close out of appear as a white box before they disappear.

I thought it might be a virus so ran a Malwarebytes scan and saw that 47 files were infected. I removed the infected files and then did a disc clean up and defragmented.

Here is my dds file. I have attached the .ark & attach.txt file as you requested. I do not have access to window install disc or boot CD.


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by Girls at 9:51:56 on 2011-11-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3063.1658 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CC... Read more

A:Sluggish computer, & threats found

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

It appears you attached a shortcut to Attach.txt, instead of the actual Attach.txt log, to your initial post, which I cannot access.

Go to Start > Run and copy/paste the following into the Run box and click OK:

... Read more

Read other 10 answers
RELEVANCY SCORE 53.2

Hi Hope you can help, I regularly scan with malware bytes last scan a few days back found PUP and deleted it rescan and nothing found ran it again this morning and it found loads of threats, which it deleted  I then ran adware and rogue killer adware ran okay and deleted what it found went to run rogue killer which ran up to the scan but then a message popped up to say that it had stopped working  and needed to close I tried to get my computer to run in safe mode to retry RK but could not, I have posted the log for malware bytes the only thing I added to the scan was an old hdd (Drive I). which I store my photos on and only switch on when downloading photos (Drive D is recovery drive)
 
Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org
Database version: v2013.12.04.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Tony :: TONY-PC [administrator]
04/12/2013 10:14:03
mbam-log-2013-12-04 (10-14-03).txt
Scan type: Full scan (C:\|D:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 347314
Time elapsed: 40 minute(s), 4 second(s)
Memory Processes Detected: 1
C:\Program Files\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> 1980 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 3
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Condu... Read more

A:Malwarebytes Found numerous threats

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

Read other 25 answers
RELEVANCY SCORE 53.2

My computer has been hijacked by many security threats. I ran our security scan and anti-spyware scan and found the following:
Tesllar A-Trojan
WinAntispyware2007-unknown
ISM A-adware
Matcash-downloader
AVSystemcare-Rogue Security
Web Buying-adware
Matcash BG-downloader
Abetear A-Adware
ISM C-adware
SillyDi DBI-trojan
MatcashY-downloader
I do have antispyware on my computer but it is unable to delete these. I also have hijack this but I am unsure of what to delete from the log.
PLEASE HELP
Thank you in advance,
pullgrl
 

A:Multiple Security Threats Found

Read other 8 answers
RELEVANCY SCORE 53.2

Hello I have AVG installed.
 
Today it found threats and after a restart it is no longer displayed on the tray.
 
Also it looks like permissions have been gone, for example I was trying to install malwarebytes anti malware and an error occured "Failed to get path of 64-bit Program Files" which I found out it was due to not having permissions to access registry keys (only SYSTEM account had access).
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17054  BrowserJavaVersion: 10.65.2
Run by MTS at 10:51:06 on 2014-09-10
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.gr/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\... Read more

A:AVG found threats. Now having permission problems

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/547584 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 3 answers
RELEVANCY SCORE 53.2

RogueKiller found 601 threats;  all the threats are registry related except one.  I'm not sure if I should delete it.  I've attached the log which shows the threats it found.  Please let me know if I should delete it or ignore it.  Thanks.

Read other answers
RELEVANCY SCORE 53.2

Dear TSF staff,

C:\WINDOWS\system32\acleditq.dll
C:\WINDOWS\system32\acleditq.dll.bak

Virus identified Obfustat.ADXW

was scanned with AVG free antivirus and healed. But still the virus is still in my computer. Currently, the computer cannot access the internet in which i believe may due to the virus.

Based on DSS main.txt :

Deckard's System Scanner v20071014.68
Run by Dilla on 2008-01-13 21:34:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-01-13 13:34:49 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-01-13 12:43:41 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 496 MiB (512 MiB recommended).


-- HijackThis (run as Dilla.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:42 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WIND... Read more

Read other answers
RELEVANCY SCORE 53.2

I never had a problem prior to about a week ago but lately I have been having problems with my system freezing up, especially when playing WOW with nothing else running. I have run adaware spybot superantispyware bitdefender. Nothing is turning up any threats. Can someone check my logs and tell me if anything looks out of place?


Here is a Deckard Scan.


Deckard's System Scanner v20071014.68
Run by Joe on 2008-04-14 01:56:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Joe.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:42 AM, on 4/14/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Apoint2K\... Read more

Read other answers
RELEVANCY SCORE 53.2

Hi,

Recently my computer has been running really slowly and when I try to open Taskmanger it says: "The application failed to initialize properly (0xc000012d). Click on OK to terminate the application."

When I try to open firefox the top part of the window will be missing along with text that should be appearing on the screen.When I reopen firefox after closing it, it say: "C;\Program Files\Mozilla Firefox\ xul.dull is not a valid Windows image. Please check this against your installation diskette"

Also, When I go to shut down my computer the START text will be missing and the icons for restart, shutdown, or logoff will be missing text. Even if I click on the icon the computer will not shut down So I have to force shutdown.

I am using Windows XP and I ran an ActiveScan with Panda, ran Malwarebytes Anti-Malware, and full Avast scans.
I have included the logs except MbAM because it did not detect anything.
I just do not know what actions to take for the infected files found with AVast! or how to fix these problems.

Thanks in advance!

;***********************************************************************************************************************************************************************************
ANALYSIS: 2011-06-06 17:16:43
PROTECTIONS: 1
MALWARE: 29
SUSPECTS: 0
;******************************************************************************************************************************************************... Read more

A:Actions to take for Threats found by Avast

Hello.Please try the following.Please download fixexe.reg by Grinler to your Desktop. This utility will reverse changes to your system made by the infection.Once downloaded, please execute the utility by double clicking on it. Windows will ask you if you wish to merge information with the Registry. You should allow it to do so.***************************************************Please try running MBAM this way.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply***************************************************Make sure you are connected to the Internet.Launch Malwarebytes' Anti-MalwareClick on the Update tab and click the button Check for UpdatesIf you encounter any problems while downloading the definition updates, manually download them from http://data... Read more

Read other 10 answers
RELEVANCY SCORE 53.2

My Security keeps complaining about Security threats but everything seems to be in working order. Have done multiple full computer scans and no kind of malware showed up. Anyone know what is up?

A:Multiple Security Threats Found

Welcome
If you did not scan with malwarebytes do so now. Make a full scan and be sure it is updated.
If you AV comes up with threats, it should, also, identify, and possibly remove.

Read other 12 answers
RELEVANCY SCORE 53.2

my symantec antivirus backround scanner is perpetualy finding threats as is deleting them. after a restart, within the first 5 min im already at 1600 threats.

here is my HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 11:34:27 AM, on 11/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
E:\programs\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common F... Read more

A:infiet threats found by symantec- HJT log

Ah! one more thing that i realized i should have mentioned before, all the threats seem to be varients of the win32/metabot trojan

Read other 3 answers
RELEVANCY SCORE 53.2

Hello,

We bought this Dell Inspirion Laptop about a year ago at a local Fred Meyer. I just noticed when I ran SuperAntiVirus it found some 486 Threats. When I clicked the 'Remove Threats' button I noticed that /Fred Meyer/ was listed in all the threats. However I couldn't quite see the path.

I also now just noticed when I go to File Explorer. I see two different paths to "My Documents".

One path shows: C/Users/fred meyer/Documents
The other path shows: C/This PC/Documents

I checked the files in some of the folders and they are the same and tested trying to delete a Document out of the Fred Meyer path but noticed it was also removed from C/This PC/Documents path as well. Or on the same note, if I add a folder or Document to C/This PC/Documents, it also get added to the fred meyer/Documents folder.

Can this be part of the 486 threats and how can I fix this? Every few days I am getting quite a number of threats detected..

Thanks in advance for any help...
 

Read other answers
RELEVANCY SCORE 53.2

Hello,
TrendMicro and ESET found and cleared some threats but I am still not sure the computer is clean. Startup programs keep changing, Chrome behaves strangely. Any help will be appreciated. Here is the FRST log. 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-01-2015
Ran by Raj (administrator) on RAJ-PC (07-01-2016 09:17:55)
Running from C:\Users\Raj\Downloads
Loaded Profiles: Raj (Available Profiles: Raj)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHWatchdog.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files\Vodafone K4203I\Vodafone K4203I.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Progra... Read more

A:Found few threats, still not completely cured

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR Extension: (uBlock) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2015-11-22]
CHR Extension: (Leapforce Extension) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\belncckcaakhmonmcfmegbglccbjlebc [2015-12-03]
CHR Extension: (NM Examples) - C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jhbidnpflpccdoffamdgpmgilfbpigdh [2016-01-06]
S3 eapihdrv; \??\C:\Users\Raj\AppData\Local\Temp\ehdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
Task: {66F68DCA-290E-4325-82A9-0C46046CEEE1} - \UpdateTask -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:4BE698E6
C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojd... Read more

Read other 12 answers
RELEVANCY SCORE 53.2

Recently had a virus infection and noticed that the windows firewall service is missing. When trying to reset to recommended settings by using control panel received error code 0x80070424. Cannot access other computers or shared files/folders on home network. Saw a previous post dated 12-17 that appears to be the same problem.

A:WIndows 7 Firewall Error Code 0x80070424 Windows Firewall Service Missing

Welcome aboard Had the infection been cleaned since?Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.

Read other 21 answers
RELEVANCY SCORE 52.8

So the first problem started by slow desktop about which I posted here http://www.techsupportforum.com/foru...ml#post3539358

After this post, I ran CCleaner again, and found two unfamiliar things are starting at startup of my pc... tkbell.exe and NSU_agent...
To be safe about them, I downloaded the norton 360 trial, and after updating it blocked an attack and showed me this (see the screenshot)....
The red-marked area was an ip address, which was pretty much similar (the first two set of numbers) to my own ip address. Not sure it was my own or not.
I don't know what the hell is going on...Please help.
Thank you.

Right now full scan is going on.

A:[SOLVED] Strange problems and threats found

Norton full scan detected 9 risks. 7 tracking cookies, 2 virus. among them 8 fixed and 1 unresolved

Read other 13 answers
RELEVANCY SCORE 52.8

Since I've been having browser re-direction issues and lots of popups, I figured I would install 
something that had been recommended to uninstall WSE Taplika.  I found WSE Taplika in 
my Control Panel > Program and Features.
I uninstalled WSE Taplika, but noticed that SpyHunter found some other hidden files of
WSE Taplika.
 
I found some issues when I went to register and purchase SpyHunter.
At the registration site, it's marked as costing 29.99 but then the total 
comes to 39.99 yet I don't see where that's coming from.
 
I've noticed here that folks are saying beware of SpyHunter.
I tried another anti-malware software feature called SuperAnti-Spyware Remover but
it found no where near what SpyHunter found.
 
Is there a free anti-malware remover better than SpyHunter?
 

A:SpyHunter Found 1251 Threats on my Computer

SpyHunter by Enigma Software Group USA, LLC is a program that was previously listed as a rogue product on the Rogue/Suspect Anti-Spyware Products List because of the company's history of employing aggressive and deceptive advertising 1. It has since been delisted but some users have reported they still engage in deceptive advertising 2. Newer versions of SpyHunter apparently install it's own "Compact OS" and uses Grub4Dos loader 3 to execute on boot up. The user no longer sees the normal Windows boot menu but instead sees the GRUB menu. In some cases this has caused the computer goes into a continuous loop when attempting to boot. 4,Unfortunately, AV-Test has not included SpyHunter in their comprehensive testing analysis. If Enigmasoftware's SpyHunter was included, which we hope they attempt to do so, we would get a much clearer picture as to how it compares to other anti-spyware programs in terms of protection, detection, repair and usability.While there are mixed reviews for SpyHunter, some good and some bad, our main concern is the reports by customers of deceptive pricing, continued demands for payment after requesting a refund, lack of adequate customer support, removal (uninstall) problems and various other issues with their computer as a result of using this product 6. For example, some users are not aware that when purchasing SpyHunter, they have agreed to a subscription service with an automatic renewal policy 6. This information is in fine print at the bottom of the... Read more

Read other 12 answers
RELEVANCY SCORE 52.8

I've used the full scan option with Spybot Search & Destroy, Malwarebytes and Avast! 2014 (free versions) and all said that there were no threats found. Is that a good sign? Is there any way I could check any further?
 
 

A:No threats found by 3 different scans, a good sign?

Hello -
Is there a special reason for you to think that you may have a problem ??
 
There are about 100 tools that will always find something, what are you looking for ?
 
Sorry, but your post is a bit vague in the details of why you posted this -
 
Thank You -

Read other 9 answers
RELEVANCY SCORE 52.8

Ok... I admit it... I am way over my head here. About a week ago, it became obvious by how my computer was acting that I had picked up a virus. My virus program of choice for years was McAfee, but it would not detect any threats and would freeze up when running a full system scan. I ran both McAfee Internet Security and Stinger... both would freeze before detecting any threats.

I did some experimenting with other programs and I am currently running Kaspersky Internet Security 2010 (trial version) because it was the first virus scan that would actually pick up threats. So far it had detected and fixed 6 Trojans.....
However, herein is where the problem lies.... the original problem I had with McAfee is still happening with Kaspersky. When I attempt to run a full system scan, it will start and run normally until about 23%. While running normally the scanner and specifically one of the instances of avp.exe will slowly eat up every available byte of RAM.

So I don't know if all threats have been removed because I have not been able to complete a full scan. Last week when I first installed Kaspersky it found 5 of the 6 Trojans. At that time my computer seemed to return to normal. I figured I was in the clear until I attempted the scan again this morning. Thats when I found the 6th and last Trojan.

So, again I am over my head.... is the inability to run a full scan related to more unseen threats on my machine? Is it a separate issue? How do I correct it?

Thank you for any h... Read more

A:Threats Found, but full virus scan will not run

Closing duplicate since it's been reposted.
 

Read other 1 answers
RELEVANCY SCORE 52.8

I did a Malwarebyte's (Licensed) scan yesterday, and it came up with these 2 threats:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu)

c:\system volume information\_restore{0c16e88b-c8d3-4b88-a534-8d600b484eb3}\RP48\A0007577.exe (Dont.Steal.Our.Software.A)

I obviously deleted them, but they are still in my quarantine folder. The thing is, before I did the scan I noticed something was up because I was unable to right click on the start menu. It would just be a brief flash on the screen. It still can't right-click on the start menu (except for down the bottom of the menu to click properties) even when enabling drag-'n'-drop.

Thanks TSF

A:[SOLVED] Two threats found, causing other problems too...

Bump, no replies

Read other 2 answers
RELEVANCY SCORE 52.8

Hello all,

Recently I have been having an issue with IE 9. I mainly use Firefox as my browser, but occasionally I will use IE. When I search something in Google and click on a result, I will randomly be redirected to a different page. Most of the times it is this "click get answers fast" website. It is only every so often though. I can click on links for the most part and everything goes through, but occasionally I will get a redirect. Firefox is not having this issue at all, I am getting no redirects using Firefox. I have scanned with AVG, I have scanned with MBAM, and I have scanned with TDSSKiller. None of them are showing anything. I have cleared out cookies and temporary Internet files with no luck. I am hoping I could get some help, if someone would be so kind as to guide me through finding the problem and resolving it that would be great. There are no other symptoms, too, which is kind of weird as the redirects are only occasional (but still worrysome!)

OS - Windows 7 Home Premium 64-bit, using IE 9.

Thanks!

A:IE 9 Redirects - MBAM, AVG, TDSSKiller Found No Threats

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 13 answers
RELEVANCY SCORE 52.8

I'm new here after screwing up my computer a few days ago using an anti-malware cleaner called RogueKiller.  While deleting the files in RogueKiller didn't initially cause problems, my computer eventually became disconnected from the internet after a "blue Screen event" and I had to restore my windows 10 to an earlier date.  I just ran AdwCleaner and here's the log file - I hesitate to delete ANYTHING after I had done so before and lost internet connection.  Please advise me the safest way to deal with these "threats" because I am not computer savvy when it comes to registry files - obviously after I screwed up settings that were needed to get online. I don't want to screw up again. 
 AdwCleanerS0.txt   17.15KB
  2 downloadsEdit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

Read other answers
RELEVANCY SCORE 52.8

Here is my log, panda scanner closed and could not get scan results.
please help, thank you!


Deckard's System Scanner v20070611.50
Run by Owner on 2007-07-06 at 21:45:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
34: 2007-07-07 01:45:38 UTC - RP257 - Deckard's System Scanner Restore Point
33: 2007-07-06 21:02:16 UTC - RP256 - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
32: 2007-07-06 21:01:06 UTC - RP255 - Removed Microsoft Windows Theme Ontario
31: 2007-07-04 18:27:35 UTC - RP254 - Ad-Aware Restore Point 2007-07-04 14:27:31
30: 2007-07-04 17:00:46 UTC - RP253 - Installed Ad-Aware 2007


-- First Restore Point --
1: 2007-04-18 22:41:01 UTC - RP224 - Software Distribution Service 2.0


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-06 21:46:45
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16473)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WIND... Read more

A:New to TSF. Check-up, STOPzilla found threats but have to buy to remove, please help!

Bump

Read other 12 answers
RELEVANCY SCORE 52.8

I was having some problems with my laptop (Dell Inspiron 9400 running Win XP), so I ran a Malwarebytes scan. It reported 6 "threats": 4 files and 2 folders. (How can a folder be a threat?)
 
What puzzles me is that it seems to be recommending that I ignore the threats. The message is "Scan Complete -- Non-Malware Detected". Then for each threat, the default action is "Ignore once".
 
I have a screen shot, but I can't figure out how to attach it. I have pasted the log text below.
 
I am inclined to override the default and quarantine them all. Is that the right course of action?
 
Thanks
 
-------------------------- scan log ----------------------------
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 07-31-14
Scan Time: 18:42:54
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.31.09
Rootkit Database: v2014.07.17.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 436196
Time Elapsed: 44 min, 35 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items de... Read more

A:Malwarebytes found 6 threats, recommends I ignore them

I uploaded the image file (jpg) to DropBox. Here's the link:
 
https://www.dropbox.com/sh/rspf3s6ns518b0y/AADrwft_1GE49MNfobJvesxQa
 

Read other 5 answers
RELEVANCY SCORE 52.8

RogueKiller found 601 threats;  all the threats are registry related except one.  I'm not sure if I should deleted it.  I've attached the log which shows the threats it found.  Please let me know if I should delete it or ignore it.  Thanks.

Read other answers
RELEVANCY SCORE 52.8

here is the HJT LOg

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:52 PM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\1126917364\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\11269173... Read more

A:HJT log please help diagnose over 63000 threats found on avg before it freezes

Ohh yeah 99.9% of the threats according to avg are trogans and all start with ODCSA.dll hope this will be of some help.

Read other 19 answers
RELEVANCY SCORE 52.8

Norton has indicated my laptop has this virus. 
I have include the 'Norton Scan' text file
Norton can't remove the virus
 
I executed the FRST program and attached the frst.txt and addition.txt
 

 Addition.txt   27.41KB
  4 downloads

 Norton Scan.txt   2.63KB
  4 downloads

 FRST.txt   25.79KB
  2 downloads
 
frst.txt pasted here
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Satellite (administrator) on SATELLITE-PC on 10-05-2015 19:46:40
Running from C:\Users\Satellite\Downloads
Loaded Profiles: Satellite (Available profiles: Satellite)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Symantec Corporat... Read more

A:Norton found Unresolved Threats:W64.Viknok.B!inf

Hi & to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.
Before we move on, please read the following points carefully:
My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
If I don't reply within 24 hours please PM me!
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
Start FRST with Administrator privileges.
Write the following text into the Searc... Read more

Read other 25 answers
RELEVANCY SCORE 52.4

Hey BC community,Note: I have never had a problem like this before, it has just started this week.I play maplestory, and this program detected something wrong with my firewall. So I proceeded to my security settings and attempted to edit my firewall settings: turn it on/off and then this error code popped up:So I tried to edit the other settings and the same error code came up each time.After that came up SEVERAL TIMES, I went to a microsoft and other forums to search for help. They told me to go to this window:And said to go to: Windows firewall and do something with it...but it's not there to do anything to? I really have NO IDEA what to do! It isn't effecting me that much, but when i start my Maplestory file up to reinstall it, it closes and it says this:[04/08 01:54:15] Install Start[04/08 01:54:16] User Temp Directory : C:\Users\Devin\AppData\Local\Temp[04/08 01:54:16] Use CRC : false[04/08 01:54:16] File Name : C:\Users\Devin\Desktop\MSSetupv108.exe[04/08 01:54:16] Game Code : 33563155[04/08 01:54:16] Cannot Regitster Firewall(C:\ProgramData\NexonUS\NGM\NGM.exe,Nexon Game Manager)[04/08 01:54:16] ErrCode : 14000 - 404 - 0[04/08 01:54:17] Install Path : C:\Nexon\MapleStoryI have downloaded microsoft anti virus things and they "cleaned up" my computer, but it still hasn't changed anything. Help?Sincerely,Devin

A:Windows 7 Firewall error code: 0x80070424 as well as Firewall Service being Removed

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here

Read other 15 answers
RELEVANCY SCORE 52

I just Ran ESET Online Scan On my Windows 7 machine and it has detected a Win32/Olmarik.AIZ trojan. How do I clean this up? here is a log of the results
 
C:\TDSSKiller_Quarantine\23.10.2014_01.30.07\tdlfs0000\tsk0005.dta    a variant of Win32/Olmarik.AIZ trojan    cleaned by deleting - quarantined
C:\Users\Admin\Downloads\Setup.exe    a variant of Win32/SoftPulse.O potentially unwanted application    deleted - quarantined

A:Threats found after using ESET Online Scan. Trojan

G'day CashmereCattt, and Welcome to BC.
 
Go to THIS page, click on    [Download Olmarik / Olmasco Cleaner ]
 
Save to your desktop, and then Run the cleaner.
 
(Your computer should be clean anyway because the Online scanner has deleted and quarantined the threat....this will make sure )
 
The second item in your list is only a pup (potentially unwanted program) and has been deleted and quarintined.
 
 
 

Read other 10 answers
RELEVANCY SCORE 52

Hello to all readers. This has happened 2 times in less than 24 hours.I tried to go online and a message says the proxy is not conected, the internet worked just a few minutes ago but the antivirus detected threats.I had to contact my provider twice to fix the proxy point and a got the impression that more of this is likely to happen as I use the internet to buy at times.The threats seem to have been removed.Another point Is that I recently started trading forex online and I think this may be attracting predatory influences yet unknown.I understand this comes as a very unclear subject but any directions or advice?

Read other answers