Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall not starting - error code 0x8007042c


  • This topic is locked This topic is locked
12 replies to this topic

#1 thevalliant

thevalliant

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 10 July 2013 - 04:14 AM

Good morning to all of you!

 

I've discovered this treasure vault of helping tools and good advice through Google, after searching for the n-th time for a solution to my persisting problem.

Specifically I found -and read!- this thread here as the symptoms are ~99.9% similar to what I have too. The first indication that something was wrong was when the other PCs in my home network 'lost touch' with me. I found that the firewall was down and that it was impossible to start it (getting the message on the Topic Title). Then some, not all, windows updates started to fail to install -if I'm not mistaken, all of them were related to fixes to the NetFramework libraries.

 

Now, before I start going step-by-step through the list of actions you adviced user 'scorcher' to perform, I thought it would be useful if you had a picture of the current state my system is in. Perhaps there is something a bit different, calling for a special intermediate action. Below I append the contents of DDS.txt and I also attached file "Attach.txt" (renamed, for my convinience "1-Attach.txt").

 

------------------------- DDS.txt -------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 1.6.0_27
Run by Raniko at 11:46:18 on 2013-07-10
Microsoft Windows 7 Ultimate   6.1.7601.1.1253.30.1032.18.8190.6135 [GMT 3:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\hasplms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"  /DoAction
mRun: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{A82A9D57-2622-45A5-9630-C5D590304314} : NameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Raniko\AppData\Roaming\Mozilla\Firefox\Profiles\mg9r0zk4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.dragonseason.com/Home.aspx|http://gr.yahoo.com/
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Raniko\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Raniko\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Users\Raniko\AppData\Roaming\RCKR\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 30568]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2011-11-24 78208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 hasplms;HASP License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-10 2984832]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 rzjoystk;Razer VJoystick;C:\Windows\System32\drivers\rzjoystk.sys [2011-3-24 19968]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-4-10 164528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-8-10 36328]
S3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-11-15 20552]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-24 1431888]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2012-12-30 32152]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-4-13 20992]
S3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-7-14 157184]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2011-8-10 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2011-8-10 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2011-8-10 161280]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-8-10 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-8-10 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-8-10 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-8-10 146920]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2011-8-10 16392]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-13 59392]
S3 vpcuxd;Υπηρεσία στελέχους λειτουργίας αναπαράστασης USB;C:\Windows\System32\drivers\vpcuxd.sys [2011-4-13 16384]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-06-30 12:01:11    --------    d-----w-    C:\Users\Raniko\AppData\Local\DOSBox
2013-06-29 12:05:59    --------    d-----w-    C:\Users\Raniko\AppData\Roaming\Malwarebytes
2013-06-29 12:05:36    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-23 19:30:45    --------    d-----w-    C:\Users\Raniko\AppData\Roaming\Mumble
2013-06-22 07:50:06    --------    d-----w-    C:\Program Files (x86)\NCWest
2013-06-12 18:31:10    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-12 18:31:08    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-06-12 18:31:08    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-06-12 18:31:05    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-06-12 18:31:05    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-06-12 18:31:05    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-06-12 18:31:05    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-06-12 18:31:05    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-06-12 18:31:05    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-06-12 18:31:04    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-06-12 18:31:04    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-06-12 18:31:04    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-06-12 18:31:04    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-06-11 12:15:41    --------    d-----w-    C:\Users\Raniko\AppData\Roaming\Awesomium
.
==================== Find3M  ====================
.
2013-06-12 20:08:50    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 20:08:50    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-05-14 13:14:01    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 09:23:31    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 11:46:35,80 ===============
 

I took the liberty to run FSS on my PC, as it provides useful info about the general picture.

Please note that It was in this txt report that I noticed a tiny difference to the respective report by 'scorcher'. Specifically I have this:

 

Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

 

under section 'Action Center'.

 

I already feel I should thank you for taking the time to look into my problem.

Nik.

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:12 AM

Posted 10 July 2013 - 05:51 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Please post up the logfile from FSS.

 

also run the following tool:

 

 

 

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-***.txt . Please attach that to your next reply.


My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#3 thevalliant

thevalliant
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 11 July 2013 - 03:14 AM

Hello Marius, pleased to meet you!

Thank you for your immediate reply. One thing to get out of the way: my first language is not english either, so I'll be as plain and straightforward as I can. No Oxfordian english from me :)

 

------------------- Contents of FSS (first scan) -------------------

 

Farbar Service Scanner Version: 27-06-2013
Ran by Raniko (administrator) on 10-07-2013 at 12:04:19
Running from "D:\2short\appz from BleepingComputer forum"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

MBAR logfile attached.

 

Nik.

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:12 AM

Posted 11 July 2013 - 03:20 AM

Fix with Malwarebytes Anti-Rootkit

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.

When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.

Send the mbar-log.txt along with an update on machine behavior.

 

 

Reboot and create a new FSS log.


Edited by TB-Psychotic, 11 July 2013 - 03:20 AM.

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#5 thevalliant

thevalliant
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 11 July 2013 - 04:08 AM

I cannot believe your speedy reply and, most importantly, how easy it was! Everything seems to be in working order now!!!

Look at these:

 

--------------  FSS after cleanup ------------------

 

Farbar Service Scanner Version: 27-06-2013
Ran by Raniko (administrator) on 11-07-2013 at 11:44:31
Running from "D:\2short\appz from BleepingComputer forum"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

Note that after I did the CleanUp I was not asked to reboot or did it reboot automatically, so I did it manually. I re-scanned after logging in again and MBAR reported no infections.

I launched the Windows Action Center and all elements were on OK and running :)

Below I attach the MBAR logfile after the second scan.

 

Before you decide that my problem is indeed solved and lock this thread, I want to have the opportunity to say a HUGE THANK YOU Marius, you've been amazing!

 

Nik.

Attached Files


Edited by thevalliant, 11 July 2013 - 04:13 AM.


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:12 AM

Posted 11 July 2013 - 04:30 AM

We´re not finished yet!

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#7 thevalliant

thevalliant
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 11 July 2013 - 07:17 AM

I was pretty certain -and afraid!- you were going to say that.

 

I started the ESET Online Scan but, as I haven't selected what to scan, it begun scanning all my discs/partitions. You understand that this is totally redundant; it will take a LOT of time to look through mp3, photos etc which is not necessary. Moreover, there are some files which are always considered 'trojans' - I don't think I need to provide examples of such. Now, is there an option to exclude folders and/or discs from this scan? It'd already been running for 1,5 hours and only 1 of the 34 identified infections was truly one.



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:12 AM

Posted 11 July 2013 - 07:20 AM

We need to get a full system scan to almost ensure that no malware is hiding within for example a boot sector or even injected into mp3 files.


Edited by TB-Psychotic, 11 July 2013 - 07:21 AM.

My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#9 thevalliant

thevalliant
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 11 July 2013 - 08:06 AM

Alright, fair enough. I'll leave my pc scanning overnight and will post here tomorrow.

Thank you Marius.

 

Nik.



#10 thevalliant

thevalliant
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 12 July 2013 - 01:42 AM

Good morning, here goes:

 

---------- ESET Online Scan Results ----------

C:\ProgramData\IBUpdaterService\ibsvc.exe    a variant of Win32/InstallBrain.A application
C:\Users\All Users\IBUpdaterService\ibsvc.exe    a variant of Win32/InstallBrain.A application
J:\UTILITIES (28GB)\1-Audio-Video and DVD Tools\AudioConverterSetup.exe    a variant of Win32/InstallCore.AV application
J:\UTILITIES (28GB)\1-Audio-Video and DVD Tools\MediaInfo_GUI_0.7.47_Windows_x64.exe    Win32/OpenCandy application
J:\UTILITIES (28GB)\1-Audio-Video and DVD Tools\The_KMPlayer_1435.exe    a variant of Win32/Bundled.Toolbar.Ask.A application
J:\UTILITIES (28GB)\1-Audio-Video and DVD Tools\VLCVideoConverterSetup.exe    a variant of Win32/Somoto.A application
J:\UTILITIES (28GB)\1-Audio-Video and DVD Tools\ConvertXtoDVD 3.1.3.40 (plus guide)\Keygen.exe    a variant of Win32/Keygen.AS application
J:\UTILITIES (28GB)\1-Audio-Video and DVD Tools\Easy_DVD_Creator_v1.7.8\keygen.exe    probably a variant of Win32/Agent.NWKJYZN trojan
J:\UTILITIES (28GB)\1-Audio-Video and DVD Tools\MediaCoder 0.7.1.4490\MediaCoder-0.7.1.4490.exe    Win32/OpenCandy application
J:\UTILITIES (28GB)\1-Audio-Video and DVD Tools\MediaMonkey Gold 3.0.3.1183\keygen.exe    a variant of Win32/Keygen.AG application
J:\UTILITIES (28GB)\1-Audio-Video and DVD Tools\Sorenson Squeeze v5.0.2.8 (Incl Patch And Keymaker-AGAiN)\Keygen.exe    a variant of Win32/Keygen.AF application
J:\UTILITIES (28GB)\1-Audio-Video and DVD Tools\Ulead_Video_Studio_Plus_v11.5\Keygen.exe    a variant of Win32/Keygen.BH application
J:\UTILITIES (28GB)\1-Audio-Video and DVD Tools\VSO ConvertXtoDVD 3.0.0.16\Keygen.exe    a variant of Win32/Keygen.AS application
J:\UTILITIES (28GB)\10-Modification and Customization\cnet2_dexpot_1514_r1777_exe.exe    a variant of Win32/InstallCore.D application
J:\UTILITIES (28GB)\10-Modification and Customization\3D Planesoft Screensavers (plus keygen!)\keygen.exe    Win32/Keygen.FJ application
J:\UTILITIES (28GB)\10-Modification and Customization\Windows Blinds 6 Enhanced\Stardock WindowBlinds v6.0 Enhanced Patcher.exe    a variant of Win32/HackTool.Patcher.J application
J:\UTILITIES (28GB)\10-Modification and Customization\Windows Blinds-6.1-100Themes\WindowBlinds 6.10.55 Enhanced\FIX\PATCH.exe    a variant of Win32/HackTool.Patcher.J application
J:\UTILITIES (28GB)\11-Portable appz\portable Ashampoo Burning Studio 2008\2-keygen.exe    a variant of Win32/Keygen.AM application
J:\UTILITIES (28GB)\11-Portable appz\portable Norton Ghost + Ghost Explorer 11.5 x86 and x64\Ghost32.Exe    Win32/TrojanDropper.Agent.OPA trojan
J:\UTILITIES (28GB)\2-Daemon Tools and Cracks\AIO KeyGens 2007.exe    a variant of Win32/Keygen.AF application
J:\UTILITIES (28GB)\2-Daemon Tools and Cracks\Crackz and Serials\Microsoft Products (Windows, Office)\Genuine XP by Dragon-Style\keyfinder.exe    multiple threats
J:\UTILITIES (28GB)\2-Daemon Tools and Cracks\Crackz and Serials\Microsoft Products (Windows, Office)\K???? ?????? ?? Windows & Office\?????? ??? ?? ?????? ?????? ?? Windows\RockXP4.exe    multiple threats
J:\UTILITIES (28GB)\2-Daemon Tools and Cracks\Crackz and Serials\Microsoft Products (Windows, Office)\WinXp SP2 activation crack\WPA_Kill.exe    a variant of Win32/HackTool.Patcher.O application
J:\UTILITIES (28GB)\2-Daemon Tools and Cracks\Daemon Tools series\DT_PRO_v4.10.0218\Patch\daemon.tools.pro.patch.exe    a variant of Win32/HackTool.Patcher.A application
J:\UTILITIES (28GB)\2-Daemon Tools and Cracks\Game Jackal Pro v3.0.1.6\crack\keygen.exe    a variant of Win32/Keygen.AE application
J:\UTILITIES (28GB)\2-Daemon Tools and Cracks\MagicISO_Maker_5.5_Build_259_FULL\patch.exe    a variant of Win32/HackTool.Patcher.A application
J:\UTILITIES (28GB)\2-Daemon Tools and Cracks\Recover lost Wi-Fi keys and WinXP or Vista passwords\netpass_setup.exe    a variant of Win32/NetPass.AA application
J:\UTILITIES (28GB)\3-File and HDD Management\unlocker1.8.7.exe    Win32/Adware.ADON application
J:\UTILITIES (28GB)\3-File and HDD Management\Acronis True Image Home Ver.11 Build 8027\Acronis_Keygen.exe    Win32/Keygen.FS application
J:\UTILITIES (28GB)\3-File and HDD Management\Dead Disk Doctors By Denis\Dead Disk Doctor 1.29 By Denis.exe    probably a variant of Win32/Agent.WAPGGV trojan
J:\UTILITIES (28GB)\3-File and HDD Management\Dead Disk Doctors By Denis\Patch\patch.exe    a variant of Win32/HackTool.Patcher.A application
J:\UTILITIES (28GB)\3-File and HDD Management\File Recovery Tools -30in1 MaxGrab (Warning for Virus)\AIO-Recovery.exe    probably a variant of Win32/Agent.JIAOKYZ trojan
J:\UTILITIES (28GB)\3-File and HDD Management\HP USB Multiboot\MULTI_CONTENT\wintools\othertools\ProduKey.exe    Win32/PSWTool.ProductKey.126 application
J:\UTILITIES (28GB)\3-File and HDD Management\Total Commander Ultima Prime v3.8+Frigate Pro v3.3 {MUST HAVE} [h33t][migel]\Total Commander Ultima Prime v3.8\Total Commander Ultima Prime v3.8.exe    multiple threats
J:\UTILITIES (28GB)\4-Internet\P_LimeWire_4.18.8_Pro_by_yd.exe    probably a variant of Win32/Spy.Agent.FFRKOVC trojan
J:\UTILITIES (28GB)\4-Internet\SweetImSetup.exe    a variant of Win32/SweetIM.A application
J:\UTILITIES (28GB)\4-Internet\CryptLoad_1.1.6_greek\CryptLoad_1.1.6\CryptLoad_1.1.6\router\FRITZ!Box\nc.exe    Win32/RemoteAdmin.NetCat application
J:\UTILITIES (28GB)\5-Office and Productivity\AutoCAD_2012_x64\keygen\xf-a2012-64bits\xf-adesk2012x64.exe    Win32/Keygen.BL application
J:\UTILITIES (28GB)\5-Office and Productivity\CutePDF Writer (plus converter)\2-CuteWriter.exe    a variant of Win32/Bundled.Toolbar.Ask application
J:\UTILITIES (28GB)\5-Office and Productivity\Magenta Gold + crack +?????\MgDE_7.2.0.139_patch.exe    probably a variant of Win32/Agent.KCBVSLV trojan
J:\UTILITIES (28GB)\5-Office and Productivity\Photoshop CS2 v9.0 + working KeyGen\Photoshop.CS2.KeyGen.exe    a variant of Win32/Keygen.CW application
J:\UTILITIES (28GB)\6-Optimization & Security\Anti-spyware etc cleaners\smitRem.exe    Win32/PrcView application
J:\UTILITIES (28GB)\8-System Info and Benchmarking\cpu-z_1.62-setup-en.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
J:\UTILITIES (28GB)\8-System Info and Benchmarking\siw-setup.exe    Win32/OpenCandy application
J:\UTILITIES (28GB)\8-System Info and Benchmarking\Recover lost Wi-Fi keys and WinXP or Vista passwords\netpass_setup.exe    a variant of Win32/NetPass.AA application
K:\Users\All Users\IBUpdaterService\ibsvc.exe    a variant of Win32/InstallBrain.A application
 

---------- end of logfile ----------

 

Nik.



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:12 AM

Posted 12 July 2013 - 03:17 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, BC does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here at BC but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 


#12 thevalliant

thevalliant
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 12 July 2013 - 03:38 AM

I am fully aware of both the risks and the legal frame associated with cracked programs. Having said that, you understand that I could easily select not to have this specific drive (J) scanned.

 

If you are only going to continue helping me on the provision that I first remove "all cracked software and illegally obtained copyrighted material" from my system, then I'm afraid I'm going to have to thank you for your most precious assistance so far.

 

Nik.



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 4,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:12 AM

Posted 12 July 2013 - 03:53 AM

you´re welcome!


My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users