New
#1
WIN7 virus.. Need help windows firewall is missing and my windows secu
So i have been all over the net to find a solution, and found many.. But i am not sure i have my doors complete lock..
I know my windows firewall is missing and my windows security center service cant be turn on (both are missing from the service logs) :-(
so i have run malwarebytes + some other programs to clean out my computer and the the last one i tried was Rkill. Its says this
ALERT: ZEROACCESS rootkit symptoms found!
* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\Windows\assembly\GAC_32\Desktop.ini [ZA File]
* C:\Windows\assembly\GAC_64\Desktop.ini [ZA File]
Checking Windows Service Integrity:
* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual
* BFE [Missing Service]
* BITS [Missing Service]
* iphlpsvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]
* MpsSvc [Missing ImagePath]
* SharedAccess [Missing ImagePath]
should i be worried here ???!!!
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-KJFCC-4MT23-MP24X
Windows Product Key Hash: NY10CXWPCAICzbCTqCW18aQD1aI=
Windows Product ID: 00371-OEM-9102144-89028
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {2BB2DEF8-1551-4FEF-95D1-2F606C78DCEE}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120503-2030
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{2BB2DEF8-1551-4FEF-95D1-2F606C78DCEE}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-MP24X</PKey><PID>00371-OEM-9102144-89028</PID><PIDType>3</PIDType><SID>S-1-5-21-2493685420-569961741-1936360722</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>To be filled by O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>F8</Version><SMBIOSVersion major="2" minor="7"/><Date>20120106000000.000000+000</Date></BIOS><HWID>EF693C07018400F2</HWID><UserLCID>0406</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Romance Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: d8e04254-f9a5-4729-ae86-886de6aa907c
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00182-021-489028-02-1030-7601.0000-1372012
Installation ID: 017681186050099524656151338820083133975150002196134704
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: MP24X
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 26-09-2012 14:57:37
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 8:16:2012 21:00
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:
HWID Data-->
HWID Hash Current: LgAAAAEAAAABAAEAAgACAAAAAQABAAEAHKIQSXDSNq2k/VrZ7hake7yJdPE0IQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA OEMMCFG.
SSDT INTEL CpuPm
MATS ALASKA A M I
MATS ALASKA A M I