Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall and Security Center Issues


  • Please log in to reply
16 replies to this topic

#1 Firain

Firain

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 28 September 2012 - 03:43 PM

Hey there. I'm in dire need of help.

I recently found some malware on my computer; after clearing it off with Trend Micro Titanium, Windows Firewall with Advanced Security will not work. When I open up the program, it says "There was an error opening the Windows Firewall with Advanced Security snap-in. Error Code: 0x6D9." When looking through the Control Panel, I also found that Windows Firewall is not using the recommeded settings to protect my computer. When I click "Use Recommended Settngs", it says "Windows Firewall can't chane some of your settings. Error Code 0x80070424."

Microsoft Security Center will also not work. It says the service is turned off, but when I go to click turn on, it says the Windows Security Service can't be started.

These are all of the oddities that I have noticed. Do any of you have any suggestions for these or know of any other way to look for any other possible problems?

Edited by hamluis, 28 September 2012 - 03:56 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:26 AM

Posted 28 September 2012 - 03:51 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,076 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:26 PM

Posted 28 September 2012 - 03:53 PM

Hi,

Download Farbar Service Scanner
- Check all the options
- click Scan

Post the generated log on your reply.

Edit: Me and Narenxp post at same time, follow his instructions and at the end run FSS to generate the log, it will help determining the services state.

Edited by SleepyDude, 29 September 2012 - 05:37 AM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#4 Firain

Firain
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 29 September 2012 - 06:52 PM

Alright, I followed all of your suggestions, but the last link for the ESET online scanner leads me to a Google 404 page saying "The requested URL /special/eos/esetsmartinstaller_enu.exe was not found on this server. That’s all we know." Thanks for the help! What's next?

TDSSkiller log

Spoiler


aswMBR log

Spoiler


Farbar Service Scanner log

Spoiler


#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:26 AM

Posted 29 September 2012 - 07:00 PM

Alright, I followed all of your suggestions, but the last link for the ESET online scanner leads me to a Google 404 page saying "The requested URL /special/eos/esetsmartinstaller_enu.exe was not found on this server. That’s all we know."


Run it in safemode with networking

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.


Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it and scan should start running.After scan gets completed,post the generated log here.

NOTE:For vista and windows 7,right click on the tool and select run as administrator

#6 Firain

Firain
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 29 September 2012 - 07:45 PM

Is it alright if I do the steps you listed above all under Safe Mode with networking? My computer has really started to act up in regular mode.

So... does the computer have to be in regular mode for me to complete these steps?

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:26 AM

Posted 29 September 2012 - 08:31 PM

Do them in safemode with networking now.

Reboot the PC after removing infections.Run ESET and malwarebytes scan once again in normal mode and post the new log

#8 Firain

Firain
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 30 September 2012 - 03:32 PM

ESET Online Scanner log

Spoiler


Malwarebytes log

Spoiler


Minitoolbox log

Spoiler


Adware Cleaner log

Spoiler


Junkware Removal Tool log

Spoiler


I tried to redo ESET and Malwarebytes in regular mode afterwards as you suggested, but it kept freezing up. I had to hard reset because Microsoft Windows became unresponsive for like twenty minutes. Now everything's running pretty slow.

EDIT: Well, it's not so slow anymore. Everything's running pretty much up to speed.

Also, I don't know if this is worth mentioning, but whenever I browse with Chrome, I'll occasionally get an error box like the one below:

Spoiler

Edited by Firain, 30 September 2012 - 06:14 PM.


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:26 AM

Posted 30 September 2012 - 09:41 PM

Please run the malwarbytes and ESET scanner in normal mode and post the logs.

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#10 Firain

Firain
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 03 October 2012 - 04:12 PM

No log was generated from the ESET Online Scanner when I ran it in regular mode because no threats were found.

Malwarebytes log (ran in regular mode)

Spoiler


RKill log

Spoiler


Autoruns log

Spoiler


What's next?

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:26 AM

Posted 03 October 2012 - 04:17 PM

Now run RKILL given in previous instructions and post the new log

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log

Edited by narenxp, 03 October 2012 - 04:38 PM.


#12 Firain

Firain
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 03 October 2012 - 04:22 PM

I ran the scan in RogueKiller and pressed delete. A new tab opened up in my browser to here:

http://tigzyrk.blogspot.com/2011/09/rootkit-zeroaccess-max.html

Following this, a pop-up window appeared saying that the Recycle Bin in the C drive is corrupted. It's asking me whether I would like to empty it. Should I click yes or no?

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:26 AM

Posted 03 October 2012 - 04:24 PM

Following this, a pop-up window appeared saying that the Recycle Bin in the C drive is corrupted. It's asking me whether I would like to empty it. Should I click yes or no?


Click YES

Post the RKILL log together with farbar service scanner

#14 Firain

Firain
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 03 October 2012 - 04:37 PM

RKill log

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/03/2012 04:26:23 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/03/2012 04:26:37 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

===

FSS log

Farbar Service Scanner Version: 19-09-2012
Ran by Owner (administrator) on 03-10-2012 at 16:36:09
Running from "C:\Users\Owner\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:26 AM

Posted 03 October 2012 - 04:39 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users