[drmax]

Hello. I used to go to Pc Tech Guy forum to help with virus removal, but for some reason am not allow there anymore. My issue, is I cannot turn on windows firewall. Here is my screen shot.
It is set to automatically start. I use malware bytes and superanti spyware and a few days ago there was a trojan and was removed. Can someone point me to where I need to go? Thx

[cottonball]

drmax,

Let's find out what is going on with that service, and some others...

Please download Farbar Service Scanner

Save to the Desktop

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press: Scan
• FSS creates a log, FSS.txt, on the Desktop.

Please provide the FSS.txt in your reply.

Also, download RogueKiller:
Tlcharger RogueKiller (Site Officiel)


When you get to the website, go to where it says:
(Download link) Lien de téléchargement:
Select the 64-bit version.
Click the dark-blue button to download.

Save to the Desktop.

Close all windows and browsers
Right-click and select 'Run as Administrator'
Press: SCAN

A report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.

[drmax]

Farbar Service Scanner Version: 16-01-2013
Ran by greg (administrator) on 25-01-2013 at 17:58:22
Running from "C:\Users\greg\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Disabled. The default start type is Auto.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

[DBone]

I found a couple of links:

[Solved] Windows Firewall not in the services list, and not working - security - windows-7 (through this link I found the below link)

Error Code 0x80070424 with Windows Firewall and "Base Filtering Engine Service" Not available in services database list. - Microsoft Reduce Customer Effort Center - Site Home - TechNet Blogs

[drmax]

Cottonball had me run that program. It found BFE was not turn on. Went in a enabled it. Now firewall active.
Weird. Will run the other program to check for trojans/viruses. You know, I never did disable that function.

[drmax]

Now I am unable to turn on windows defender. Am running the RogueKiller prog. and submitting findings here.

[drmax]

RogueKiller V8.4.3 _x64_ [Jan 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : RogueKiller
Blog : tigzy-RK
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : greg [Admin rights]
Mode : Scan -- Date : 01/25/2013 18:21:18
| ARK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[TASK][SUSP PATH] AmiUpdXp.job : C:\Users\greg\AppData\Local\SwvUpdater\Updater.exe -> FOUND
[TASK][SUSP PATH] AmiUpdXp : C:\Users\greg\AppData\Local\SwvUpdater\Updater.exe -> FOUND
[TASK][SUSP PATH] {08C1F234-568C-4E01-A173-0CE24EC7480E} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {0AE7B435-789A-4706-B760-CEBE58093B40} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {4338847E-E938-4FF6-8CC0-5D7332A25EE5} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {4C915BC5-464F-45D1-8DAC-5EBD614BE23F} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {6FE37CCF-0EB5-4144-8DDE-A628D33493C0} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {9051A283-39ED-4164-BFD2-F9AA48668EF0} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {B94F491E-0B54-4E4E-A7A6-19FA3F5FA826} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {F9BEEBEA-4C20-45DC-B6AE-35302F8A99E4} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$1e9339da09b7843ff081d435102d9026\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2872747093-637173786-3556813959-1000\$1e9339da09b7843ff081d435102d9026\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$1e9339da09b7843ff081d435102d9026\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2872747093-637173786-3556813959-1000\$1e9339da09b7843ff081d435102d9026\L --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD204UI ATA Device +++++
--- User ---
[MBR] 7dc8ed4fba1d6234107389db834b6c05
[BSP] cac14c49d7f039a9758c50803549fbbd : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: ST3160812AS ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: TigerJet HardDisk USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_01252013_02d1821.txt >>
RKreport[1]_S_01252013_02d1821.txt

[DBone]

On top of the good help cotton has given you, I would add that you run Hitman Pro as well. It is free to scan for life and if it finds something, you can activate a free 30 day full working trial to remove whatever it finds. It is among the best.

Downloads - SurfRight

[drmax]

   Quote: Originally Posted by DBone

On top of the good help cotton has given you, I would add that you run Hitman Pro as well. It is free to scan for life and if it finds something, you can activate a free 30 day full working trial to remove whatever it finds. It is among the best.

Downloads - SurfRight

I can try that. I also seen that RK found that zeroaccess thing, and I can not even follow the terrible video that is supplied to get rid of that issue. (from their website) I have ran Kaspersky and nothing found. Unsure now how to get rid of zeroaccess, unless RK has a tool built in for a onestep clean. I won't do anything until i hear from you people. I will run hitman now and report back.

[drmax]

Hitman found nothing. Zeroaccess is the issue at hand. Also, I use Micro Sercurity Essentials. It is supposedly running, however there is not Green box in bottom of my desktop anymore. Weird.