Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Firewall Error and Windows Updater Missing


  • This topic is locked This topic is locked
14 replies to this topic

#1 fullhse

fullhse

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 27 September 2013 - 07:35 PM

Hi there, in January 2012 I removed a virus with MalwareBytes and cleaned my computer. I did not have any issues until a few weeks ago when I noticed a Trojan that kept appearing in my scans. I would remove, and it would come back. In checking how this was getting through my firewall, I noticed that my firewall was disabled as well as windows updates. I have tried restoring missing registry keys, including BITS, with some success, and have been running FSS scans per the advice I have seen in other threads. However, at this point, I have come to the end of what I can do. I still cannot turn on the firewall. Updates have just now started to work and are installing.

 

This is my latest FSS scan, Can someone help?

 

Farbar Service Scanner Version: 13-09-2013
Ran by Heather (administrator) on 27-09-2013 at 17:30:33
Running from "C:\Users\Heather\Downloads"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.



File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



BC AdBot (Login to Remove)

 


#2 fullhse

fullhse
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 28 September 2013 - 01:29 AM

This is how it is now several hours later and many other attempts to start the firewall:

 

Farbar Service Scanner Version: 13-09-2013
Ran by Heather (administrator) on 27-09-2013 at 23:27:51
Running from "C:\Users\Heather\Downloads"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-09-27 18:07] - [2013-01-03 22:41] - 1893224 ____A (Microsoft Corporation) 5CFB7AB8F9524D1A1E14369DE63B83CC

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:16 PM

Posted 29 September 2013 - 08:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===



Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair 1.9.16
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Reset file permissions
Register system files
Repair Windows Firewall.
Remove Policies Set By Infections

  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
  • ===

    Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

    Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
    2: DDS.pif
    3: DDS.COM

    Double click on the DDS icon, allow it to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    Notepad will open with the results.
    Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run.

    dds_scr.gif

    Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

    Please let me know what problem persists.
  • [/list]


#4 fullhse

fullhse
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 03 October 2013 - 04:17 AM

Thank you. Here is the results of the DDS.txt (I have resolved all issues except not all Windows Updates have been successful, and I cannot print to my wireless printer even though I have uninstalled and reinstalled it).

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476
Run by Heather at 9:10:24 on 2013-10-01
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3836.1672 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\VPDAgent_x64.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
C:\windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\windows\system32\Dwm.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\ProgramData\Mattel\Watcher\jpjWatcher.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>;*.local
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [JPJWatcher] C:\ProgramData\Mattel\Watcher\jpjwatcher.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Conime] C:\windows\System32\conime.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
dRunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} -
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{EB070ECA-9DC9-4E95-9D88-DB4AB3DA6F72} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{EB070ECA-9DC9-4E95-9D88-DB4AB3DA6F72}\241637563616D6070284F64756C6 : DHCPNameServer = 50.57.44.67 50.57.47.168
TCP: Interfaces\{EB070ECA-9DC9-4E95-9D88-DB4AB3DA6F72}\B456D6D656C6D656965627 : DHCPNameServer = 192.168.2.1
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\5vgnpcm9.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-09-28 00:21; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\5vgnpcm9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2010-4-30 55280]
R2 AESTFilters;Andrea ST Filters Service;C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-3-16 89600]
R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2013-3-15 148480]
R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-4-30 202752]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 Neat Startup Service;Neat Startup Service;C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [2013-2-23 5632]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-7-3 1228504]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-4-30 656624]
R3 BcmVWL;Broadcom Virtual Wireless;C:\windows\System32\drivers\bcmvwl64.sys [2010-4-30 20984]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2010-4-30 172704]
R3 PSI;PSI;C:\windows\System32\drivers\psi_mf_amd64.sys [2013-7-3 18456]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-3-16 325152]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-7-3 660184]
S3 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
S3 usbrndis6;USB RNDIS6 Adapter;C:\windows\System32\drivers\usb80236.sys [2013-9-27 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-7-9 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-10-01 01:45:09    --------    dc----w-    C:\Program Files\Canon
2013-10-01 01:17:57    39424    ----a-w-    C:\windows\System32\CNMN6UI.DLL
2013-10-01 01:17:57    359936    ----a-w-    C:\windows\System32\CNMN6PPM.DLL
2013-10-01 00:34:20    --------    dc----w-    C:\Users\Heather\AppData\Local\ElevatedDiagnostics
2013-09-29 11:22:08    --------    d-----w-    C:\windows\rescache
2013-09-29 09:00:52    --------    d-----w-    C:\windows\System32\SPReview
2013-09-29 08:27:43    --------    d-----w-    C:\windows\System32\EventProviders
2013-09-29 08:16:33    --------    d-----w-    C:\windows\Logs
2013-09-29 06:09:38    --------    dc----w-    C:\Users\Heather\AppData\Local\Hardcoded Software
2013-09-29 05:58:35    --------    dc----w-    C:\Program Files\CCleaner
2013-09-28 17:34:23    --------    dc----w-    C:\Program Files\Bonjour Print Services
2013-09-28 17:32:39    --------    dc----w-    C:\Program Files\Bonjour
2013-09-28 17:32:39    --------    dc----w-    C:\Program Files (x86)\Bonjour
2013-09-28 07:58:56    --------    dc----w-    C:\Users\Heather\AppData\Roaming\Registry_Alert
2013-09-28 07:03:49    --------    dc----w-    C:\Users\Heather\AppData\Local\Secunia PSI
2013-09-28 07:02:47    --------    dc----w-    C:\Program Files (x86)\Secunia
2013-09-28 03:01:20    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{713940EF-D3ED-430E-B7D0-ADDD99426216}\offreg.dll
2013-09-28 02:10:08    9694160    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{713940EF-D3ED-430E-B7D0-ADDD99426216}\mpengine.dll
2013-09-28 02:10:07    278800    ------w-    C:\windows\System32\MpSigStub.exe
2013-09-28 01:15:04    --------    d-----w-    C:\windows\System32\MRT
2013-09-28 01:10:52    46080    ----a-w-    C:\windows\System32\atmlib.dll
2013-09-28 01:10:52    367616    ----a-w-    C:\windows\System32\atmfd.dll
2013-09-28 01:10:52    34304    ----a-w-    C:\windows\SysWow64\atmlib.dll
2013-09-28 01:10:52    295424    ----a-w-    C:\windows\SysWow64\atmfd.dll
2013-09-28 01:08:53    19968    ----a-w-    C:\windows\System32\drivers\usb80236.sys
2013-09-28 01:08:53    19968    ----a-w-    C:\windows\System32\drivers\usb8023.sys
2013-09-28 01:08:30    3138048    ----a-w-    C:\windows\System32\mstscax.dll
2013-09-28 01:08:29    44032    ----a-w-    C:\windows\System32\tsgqec.dll
2013-09-28 01:08:29    36864    ----a-w-    C:\windows\SysWow64\tsgqec.dll
2013-09-28 01:08:29    2691072    ----a-w-    C:\windows\SysWow64\mstscax.dll
2013-09-28 01:08:29    158208    ----a-w-    C:\windows\System32\aaclient.dll
2013-09-28 01:08:29    131072    ----a-w-    C:\windows\SysWow64\aaclient.dll
2013-09-28 01:08:16    220160    ----a-w-    C:\windows\System32\wintrust.dll
2013-09-28 01:08:16    172544    ----a-w-    C:\windows\SysWow64\wintrust.dll
2013-09-28 01:08:02    1653096    ----a-w-    C:\windows\System32\drivers\ntfs.sys
2013-09-28 01:03:06    295792    ----a-w-    C:\windows\System32\drivers\volsnap.sys
2013-09-28 01:00:51    182272    ----a-w-    C:\windows\System32\cryptsvc.dll
2013-09-28 01:00:51    1462784    ----a-w-    C:\windows\System32\crypt32.dll
2013-09-28 01:00:51    140288    ----a-w-    C:\windows\System32\cryptnet.dll
2013-09-28 01:00:51    139264    ----a-w-    C:\windows\SysWow64\cryptsvc.dll
2013-09-28 01:00:51    1157632    ----a-w-    C:\windows\SysWow64\crypt32.dll
2013-09-28 01:00:51    103936    ----a-w-    C:\windows\SysWow64\cryptnet.dll
2013-09-13 06:44:00    --------    dc----w-    C:\Users\Heather\AppData\Local\Programs
2013-09-05 14:04:02    209272    -c--a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-09-30 21:06:40    328704    ----a-w-    C:\windows\System32\services.exe
2013-09-29 09:46:13    175104    ----a-w-    C:\windows\System32\msclmd.dll
2013-09-29 09:46:13    152064    ----a-w-    C:\windows\SysWow64\msclmd.dll
2013-09-20 06:39:37    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-20 06:39:37    692616    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-09-15 20:21:41    3766    -csha-w-    C:\ProgramData\KGyGaAvL.sys
2013-09-13 06:35:25    868264    ----a-w-    C:\windows\SysWow64\npDeployJava1.dll
2013-09-13 06:35:25    790440    ----a-w-    C:\windows\SysWow64\deployJava1.dll
.
============= FINISH:  0:37:42.17 ===============
 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:16 PM

Posted 03 October 2013 - 08:15 AM

Download this program to your desktop.
Tweaking.com - Windows Repair 1.9.16
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

Make sure thes options are marked.

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
Let me know what problem persists.

#6 fullhse

fullhse
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 06 October 2013 - 12:26 AM

I ran Repair_Windows.exe and it restarted the computer. Then I tried to install my Windows update which failed again, and now I have a twain error when I log into my account. I still cannot print wirelessly.



#7 fullhse

fullhse
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 06 October 2013 - 12:48 AM

Correction, I can now print wirelessly. Is this Service Pack One for Windows 7 necessary? This is the update that will not install.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:16 PM

Posted 06 October 2013 - 09:04 AM

It's recommended that SP 1 be installed.

You can download the installer to your computer.
Close all running programs, browsers and security software
Install the application.

Follow the instructions on this page.
http://windows.microsoft.com/installwindows7sp1#

p.s.
Make sure you have created a restore point as suggested in post No. 3.
If anything goes wrong you can restore that state.

#9 fullhse

fullhse
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 07 October 2013 - 01:34 AM

It still will not install.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:16 PM

Posted 07 October 2013 - 08:39 AM

Go to Start > Run, and type in:

sc stop BITS

Go to Start > Run, once again, and type in: cmd
At the prompt, copy/paste the following commands inside the code box, one at a time: Hit the Enter key.

del /q "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
del /q "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"


Now, go back to: Start > Run, and type in:

sc start BITS

Restart the computer normally.

Execute the Windows update not the local installation.

How is it now?

#11 fullhse

fullhse
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 07 October 2013 - 01:16 PM

The process cannot access the file because it is being used by another process.



#12 fullhse

fullhse
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 07 October 2013 - 04:34 PM

I was able to install SP1 today after following the advice pasted below:

 

Make sure you aren't using a proxy ....
1) Under “Tools” in the browser tool bar select “Internet Options”.
2) In the “Internet Options” window that pops up, click the “Connections” tab at the top.
3) Click “LAN Settings” near the bottom of the “Connections” section.
4) If the “Proxy server” checkbox is marked with a check, click it to deselect/uncheck it.
5) Click “Ok” to close the “Local Area Network (LAN) Settings” window.
6) Click “Ok” to close the “Internet Options” window.
IF the proxy box was checked, and you unchecked it, you will need to reboot.

You may have some adware, let's take a look:download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Using AdwCleaner v3: Scan & Clean:
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

See if you can download SP1 now.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:16 PM

Posted 08 October 2013 - 07:47 AM


Thank you for the information.

You DDS log was clean so I assumed that your BITS service was the culprit.

I suspect that fixing the setting in your first paragraph and the cleaning with TFC by Old Timer did the trick.

===

One last check.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Let me know if you have any other issues with this computer.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:16 PM

Posted 14 October 2013 - 09:14 AM

Are you still with me?

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:16 PM

Posted 20 October 2013 - 07:59 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users