Ten days ago I followed advice in a closed post from mid-December (forum topic 482067) to remove two Sirefefs and a rootkit, and have had good help in my own follow-up post to restore Action Center (forum topic 481646). After rewriting portions of the registry (successfully merging mpssvc.reg, bfe.reg, start_sevices.bat, wscsvc.reg, windefend.reg, wuauserv.reg, SharedAccess.reg and iphlpsvc.reg ; none of the corresponding legacy_*.reg files could be imported, however), Action Center is back but crippled. I still have trouble running backups and both Windows and McAfee Firewalls are OFF and cannot not be reset. I uninstalled McAfee long enough to see if the Sirefef.P had corrupted its settings and to check whether McAfee was preventing a restart of the Windows Firewall. It was not. So I downloaded a clean reinstall of McAfee and still cannot get either firewall to respond to attempts to change or restart them.
In the above processes I ran newest versions of Microsoft Safety Scanner x32 and x64 (which found the Sirefef!cfg and Sirefef.P), sfc/scannow (no interity violations), Screen371 (after which I updated to Java 7 update 11, and Adobe Reader XI), ADWcleaner (removed minor spybots and adware), Ccleaner (excellent tool), Microsoft Malicious Removal Tool (found nothing), TDSSKiller (found nothing), Malwarebytes (found/quarantined Rogue rootkit attached to registry and settings and two broken.open), Prevxfreeware (which I am currently using for a temporary firewall). My Creative Suites programs use Java but I have since denied it access to both browsers, IE9 and Firefox v18; plus I raised the security level to Very High.
I began to suspect that I wasn't completely clear of a virus. While working in Safe Mode to diagnose the problem, several McAfee pop-ups alerted to a problem. I didn't click anything because of prior problems associated with the Sirefef.P and McAfee, and I think 3rd party apps can't run in Safe Mode(?). So I ran a new download of Windows Defender Offline x64 which found and removed the new Java Zero Day exploit (CVE-2013-0422). Another run of ADWcleaner and Ccleaner after all of this found an APN and an uninstall.exe in temp files which I deleted. Screen317 continues to show that "WMI entry for antivirus may not exist; attempting automatic update."Where I am now:
I've searched in the Bleeping Computer Win7 forum and a Google search of my problem sent me back to http://www.bleepingcomputer.com/forums/topic426455.html
, so all lines of inquiry bring me back to this forum.
When I attempt to turn on Windows Firewall there's this error "Update your firewall settings. Windows Firewall is not using the recommended settings to protect your computer."
So I click to use recommended settings and get no response. Ditto for Restore Defaults. Then when I try to access Advanced Settings, there's this: "The Windows Firewall with Advanced Security snap-in failed to load. Restart the Windows Firewall service on the computer that you are managing. Error code: 0x6D9."
Then in the McAfee home page Firewall initially shows ON but when I click Settings it's OFF and the Turn On button doesn't work. This was a clean install from the McAfee website 3 days ago.
I've tried unsuccessfully to reset User permissions thinking that perhaps they were changed by the viruses. I am the Administrator for this machine but log-on as a User. I cannot successfully Apply at Users>Edit>Full control and get, "An error occurred applying security information to: c:\hiberfil.sys--The process cannot access the file because it is being used by another process."
FYI: I've never used ComboFix or DDS in this process.
But I have been at this for 10 days and am at a loss. Please help.