Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: possible virus, which forum to go to for help


25 Jan 2013   #1

W7 premium 64
 
 
possible virus, which forum to go to for help

Hello. I used to go to Pc Tech Guy forum to help with virus removal, but for some reason am not allow there anymore. My issue, is I cannot turn on windows firewall. Here is my screen shot.
It is set to automatically start. I use malware bytes and superanti spyware and a few days ago there was a trojan and was removed. Can someone point me to where I need to go? Thx



Attached Thumbnails
possible virus, which forum to go to for help-screenshot.png  
My System SpecsSystem Spec
.

25 Jan 2013   #2

Windows 7 Home Premium
 
 

drmax,

Let's find out what is going on with that service, and some others...

Please download Farbar Service Scanner

Save to the Desktop
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply.

Also, download RogueKiller:
Tlcharger RogueKiller (Site Officiel)


When you get to the website, go to where it says:
(Download link) Lien de téléchargement:
Select the 64-bit version.
Click the dark-blue button to download.

Save to the Desktop.

Close all windows and browsers
Right-click and select 'Run as Administrator'
Press: SCAN

A report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.
My System SpecsSystem Spec
25 Jan 2013   #3

W7 premium 64
 
 

Farbar Service Scanner Version: 16-01-2013
Ran by greg (administrator) on 25-01-2013 at 17:58:22
Running from "C:\Users\greg\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Disabled. The default start type is Auto.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
My System SpecsSystem Spec
.


25 Jan 2013   #5

W7 premium 64
 
 
figured it out

Cottonball had me run that program. It found BFE was not turn on. Went in a enabled it. Now firewall active.
Weird. Will run the other program to check for trojans/viruses. You know, I never did disable that function.
My System SpecsSystem Spec
25 Jan 2013   #6

W7 premium 64
 
 

Now I am unable to turn on windows defender. Am running the RogueKiller prog. and submitting findings here.
My System SpecsSystem Spec
25 Jan 2013   #7

W7 premium 64
 
 
RK report

RogueKiller V8.4.3 _x64_ [Jan 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : RogueKiller
Blog : tigzy-RK
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : greg [Admin rights]
Mode : Scan -- Date : 01/25/2013 18:21:18
| ARK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[TASK][SUSP PATH] AmiUpdXp.job : C:\Users\greg\AppData\Local\SwvUpdater\Updater.exe -> FOUND
[TASK][SUSP PATH] AmiUpdXp : C:\Users\greg\AppData\Local\SwvUpdater\Updater.exe -> FOUND
[TASK][SUSP PATH] {08C1F234-568C-4E01-A173-0CE24EC7480E} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {0AE7B435-789A-4706-B760-CEBE58093B40} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {4338847E-E938-4FF6-8CC0-5D7332A25EE5} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {4C915BC5-464F-45D1-8DAC-5EBD614BE23F} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {6FE37CCF-0EB5-4144-8DDE-A628D33493C0} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {9051A283-39ED-4164-BFD2-F9AA48668EF0} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {B94F491E-0B54-4E4E-A7A6-19FA3F5FA826} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[TASK][SUSP PATH] {F9BEEBEA-4C20-45DC-B6AE-35302F8A99E4} : C:\Users\greg\Desktop\abgx360_v1.0.5_setup.exe -> FOUND
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$1e9339da09b7843ff081d435102d9026\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2872747093-637173786-3556813959-1000\$1e9339da09b7843ff081d435102d9026\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$1e9339da09b7843ff081d435102d9026\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2872747093-637173786-3556813959-1000\$1e9339da09b7843ff081d435102d9026\L --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD204UI ATA Device +++++
--- User ---
[MBR] 7dc8ed4fba1d6234107389db834b6c05
[BSP] cac14c49d7f039a9758c50803549fbbd : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: ST3160812AS ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: TigerJet HardDisk USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_01252013_02d1821.txt >>
RKreport[1]_S_01252013_02d1821.txt
My System SpecsSystem Spec
25 Jan 2013   #8

Windows 7 Home Premium x64 SP1
 
 

On top of the good help cotton has given you, I would add that you run Hitman Pro as well. It is free to scan for life and if it finds something, you can activate a free 30 day full working trial to remove whatever it finds. It is among the best.

Downloads - SurfRight
My System SpecsSystem Spec
25 Jan 2013   #9

W7 premium 64
 
 

Quote   Quote: Originally Posted by DBone View Post
On top of the good help cotton has given you, I would add that you run Hitman Pro as well. It is free to scan for life and if it finds something, you can activate a free 30 day full working trial to remove whatever it finds. It is among the best.

Downloads - SurfRight
I can try that. I also seen that RK found that zeroaccess thing, and I can not even follow the terrible video that is supplied to get rid of that issue. (from their website) I have ran Kaspersky and nothing found. Unsure now how to get rid of zeroaccess, unless RK has a tool built in for a onestep clean. I won't do anything until i hear from you people. I will run hitman now and report back.
My System SpecsSystem Spec
25 Jan 2013   #10

W7 premium 64
 
 

Hitman found nothing. Zeroaccess is the issue at hand. Also, I use Micro Sercurity Essentials. It is supposedly running, however there is not Green box in bottom of my desktop anymore. Weird.
My System SpecsSystem Spec
Reply

 possible virus, which forum to go to for help




Thread Tools



Similar help and support threads for2: possible virus, which forum to go to for help
Thread Forum
Solved how to fix / clean windows from ramnit virus and virut virus? System Security
I have a virus and unable to run/download anti-virus software System Security
Want ideas for Virus removal if virus shows up in safemode CMD System Security
Partition Virus/Non-system Drive Virus System Security
Solved Is there a Forum issues Forum Chillout Room
Virus On Forum, Or...? General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 11:49 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33