Windows Firewall errors 8007042c and 1068

Bill48

New member
Local time
1:26 AM
Messages
57
Don't know how long my laptop has had this problem but Windows Firewall will not allow settings to be reset, giving the first error code 8007042c. I have tried all online fixes I can find, which have been many, including batch files.

SFC/SCANNOW did not find any integrity problems.

Services will not allow firewall to be turned on - it is Stopped.
netsh advfirewall reset, or set on, give an error reading to make sure the service is turned on. It reads - Usage: state on | off not configured.

I cannot recall exactly where in all these proceedings but I have also got message: Error 1068. The dependency service or group failed to start.

Under Services, accessed under administrator, the Base Filtering Engine is stopped and trying to start it gets Error 5: Access is denied.

Under Services - Windows Firewall, I cannot also see listed the Windows Firewall Authorization Driver except as a Dependency of Windows Firewall.

I hope the above is enough to go on. Is this a known problem? The only antivirus installed is MSE.

Bill
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD V120
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium 64 bit
CPU
AMD V120
Antivirus
MSE
Browser
IE 10
Welcome to the forum, Bill48!

Please use the following diagnostic tool. It has a powerful detection mechanism, and may help us get to the cause of your issues:

:info: Please use the Farbar Recovery Scan Tool.
Download: Farbar Recovery Scan Tool Download
Select the version that applies to your system 64-bit
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.
At the program's console, press the Scan button.

When done, the tool produces a log, FRST.txt, in the same directory from which the tool is run (Desktop).
:ar: Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt
:ar: Also post the Addition.txt in your reply.


:info: Also, use the Farbar Service Scanner.
Download: Downloading Farbar Service Scanner

We will get a view of all services and dependencies scoped by the tool...

Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender

Press: Scan
When done, FSS creates a log, FSS.txt, on the Desktop.

:ar: Please provide the FSS.txt in your reply.

Thank you.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
farbar scans done. Hope reports attached. Thanks.
 

Attachments

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD V120
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium 64 bit
CPU
AMD V120
Antivirus
MSE
Browser
IE 10
No wonder you have problems!!

ZeroAccess using RLO (right-to-left override), creating junctions, and playing havoc with services.

Will need to do a careful review of your reports, and provide you the means for fixing the problems.
I am about to sign off for tonight, but, will get back with you tomorrow.

It is Wed Feb 26, 2:34PM AEDT for you and Tuesday Feb 25, 9:34PM CST here, so we have a 17 hour time difference.

Please try not to use the infected computer in the meantime.

Thank you for your patience.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Here goes round 1...

:info: Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below to Notepad. (Do not copy the word 'code')
Save it to the Desktop, where FRST is located, and name it: fixlist.txt

Code:
start
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  
HKU\S-1-5-21-732495969-821207150-1202094883-1000\...\Run: [Google Update*] 
HKU\S-1-5-21-732495969-821207150-1202094883-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-732495969-821207150-1202094883-1000\...\MountPoints2: {2fa2a0e9-dad2-11e1-a84a-c80aa9fafa16} - G:\AutoRun.exe
HKU\S-1-5-21-732495969-821207150-1202094883-1000\...\MountPoints2: {4bb12b67-ef36-11e1-849e-c80aa9fafa16} - G:\AutoRun.exe
HKU\S-1-5-21-732495969-821207150-1202094883-1000\...\MountPoints2: {4bb12b72-ef36-11e1-849e-c80aa9fafa16} - G:\AutoRun.exe
HKU\S-1-5-21-732495969-821207150-1202094883-1000\...\MountPoints2: {4bb12b7e-ef36-11e1-849e-c80aa9fafa16} - G:\AutoRun.exe
HKU\S-1-5-21-732495969-821207150-1202094883-1000\...\MountPoints2: {549e319d-2066-11e1-90ed-c80aa9fafa16} - G:\AutoRun.exe
HKU\S-1-5-21-732495969-821207150-1202094883-1000\...\MountPoints2: {6329fef5-dac3-11e1-805b-001e101f82a7} - G:\AutoRun.exe
HKU\S-1-5-21-732495969-821207150-1202094883-1000\...\MountPoints2: {72f59203-d563-11e1-8b78-c80aa9fafa16} - G:\AutoRun.exe
HKU\S-1-5-21-732495969-821207150-1202094883-1000\...\MountPoints2: {72f5920f-d563-11e1-8b78-c80aa9fafa16} - G:\AutoRun.exe
HKU\S-1-5-21-732495969-821207150-1202094883-1000\...\MountPoints2: {7d34f052-2686-11e1-85ca-c80aa9fafa16} - G:\AutoRun.exe
HKU\S-1-5-21-732495969-821207150-1202094883-1000\...\MountPoints2: {b8fd0cb7-1628-11e1-858a-c80aa9fafa16} - G:\AutoRun.exe
HKU\S-1-5-21-732495969-821207150-1202094883-1000\...\MountPoints2: {b8fd0cc5-1628-11e1-858a-c80aa9fafa16} - G:\AutoRun.exe
HKU\S-1-5-21-732495969-821207150-1202094883-1000\...\MountPoints2: {b8fd0cf8-1628-11e1-858a-c80aa9fafa16} - G:\AutoRun.exe
HKU\S-1-5-21-732495969-821207150-1202094883-1000\...\MountPoints2: {c62be58e-de79-11e1-a4d9-c80aa9fafa16} - G:\AutoRun.exe
HKU\S-1-5-21-732495969-821207150-1202094883-1000\...\MountPoints2: {d345db4c-94fe-11e1-bc18-c80aa9fafa16} - G:\setup.exe -a
URLSearchHook: HKCU - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKCU - No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{f8f0f10f-4f17-6d7b-d4c3-90b2305077a0}\   \...\???\{f8f0f10f-4f17-6d7b-d4c3-90b2305077a0}\GoogleUpdate.exe" 
C:\Program Files (x86)\Google\Desktop\Install
S1 fsqwxfuj; \??\C:\Windows\system32\drivers\fsqwxfuj.sys [X]
C:\Users\Bill\AppData\Local\Google\Desktop\Install
C:\$Recycle.Bin\S-1-5-21-732495969-821207150-1202094883-1000\$f8f0f10f4f176d7bd4c390b2305077a0
C:\$Recycle.Bin\S-1-5-18\$f8f0f10f4f176d7bd4c390b2305077a0
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
CMD: ipconfig /flushdns
end

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press the Fix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt
:ar: Please post the Fixlog.txt in your reply.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Fixlog.txt attached hopefully. Talk tomorrow. Thanks. Bill
 

Attachments

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD V120
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium 64 bit
CPU
AMD V120
Antivirus
MSE
Browser
IE 10
Good job!!

Let's see if the following tool can take care of the issues. If not, we will need to go at it manually.


:info: Since the following steps involve editing the Registry, please create new restore point before proceeding.
System Restore Point - Create
Select: Option Two


:info: Now, please download the ESET ServiceRepair tool:
http://kb.eset.com/library/ESET/KB%2...icesRepair.exe
(Direct link only available)
Save to the Desktop.
Double-click to run the downloaded file.

When the program runs, a prompt appears asking if you want to proceed.
Click: Yes
When the Services routine is Completed, you are asked to Reboot.
Click Yes to allow the reboot.

The tool creates a folder named CC Support on the Desktop.

:ar: Please provide the CC Support\Logs\SvcRepair.txt in your reply.


:ar: Next, please run the Farbar Service Scanner once again, and provide the FSS.txt in your reply.

Thanks!
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Done, thanks. Named new FSS as FFS2.txt. Bill
 

Attachments

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD V120
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium 64 bit
CPU
AMD V120
Antivirus
MSE
Browser
IE 10
Getting better!! :)

:info: Please download the following files and save them to your Desktop:
(Direct links only available)

PolicyAgent:
http://download.bleepingcomputer.com/win-services/7/PolicyAgent.reg

RemoteAccess:
http://download.bleepingcomputer.com/win-services/7/RemoteAccess.reg

Now double-click on the PolicyAgent.reg file.
A prompt appears asking if you want to merge the information contained in the file into the Registry.
Confirm the prompt to merge to your Registry.
Click: OK

Next, double-click on the RemoteAccess.reg file.
Also confirm the prompt to merge to your Registry.
Click: OK


:info: Last, let's merge a missing Action Center key into the Registry:

Please open Notepad by pressing the Windows key and the R key at the same time.
In the Open area, type: notepad
Copy and paste all the text inside the code box below to Notepad:

Code:
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
"AutoStart"=""

In Notepad, go to File > Save As
Save the file to: Desktop
Save the file as: fixac.reg
Save type as needs set to: All files

On the Desktop, double-click: fixac.reg
Confirm the prompt to merge to your Registry.
Click: OK

:info: Restart the computer.

:info: On the Desktop, right-click fixac.reg, and select: Delete
Do the same for PolicyAgent.reg and the RemoteAccess.reg

Also empty the Recycle Bin.

:info: Now, once again press the Windows key and the R key at the same time.
In the Open area, type: services.msc

In the Services console, make sure Security Center is there, and:
Startup Type is set to: Automatic (Delayed Start)
Service Status is set to: Started

:ar: When done, please run the Farbar Service Scanner once again, and post its new FSS.txt report.


.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Again thanks. Attachment hopefully as FSS3.txt. Bill
 

Attachments

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD V120
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium 64 bit
CPU
AMD V120
Antivirus
MSE
Browser
IE 10
Let's make sure all is well...

:info: Please use Malwarebytes Anti-Rootkit (MBAR)
Download > http://downloads.malwarebytes.org/file/mbar
Save to the Desktop
Double-click the downloaded file to run the program.

Follow the instructions to update and press: Next
Press Scan to allow the program to check your computer for threats.

If no threats are found, please stop here. :warn:

If threats are found, click the Cleanup button to remove them, and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.

Perform a second scan to verify that no threats remain.
If they do, click Cleanup once again, and repeat the process.

:ar: When done, please post the two logs produced: mbar-log.txt and system-log.txt
(The logs are found in the MBAR folder located on the Desktop)
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
No problems found. Text files hopefully attached.
What a process. Can you tell me in plain language what had happened, and the culprits if known.
Amazing. Thanks, Bill
 

Attachments

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD V120
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium 64 bit
CPU
AMD V120
Antivirus
MSE
Browser
IE 10
Bill48,

In plain terms, you got infected by a Rootkit. It is devious unwanted code used to gain control of your computer by hiding deep inside the system.

Rootkits may piggyback on software you install, inserting a process that waits silently in the background.
Since to give permission for a program to install you need administrative access, this means that your rootkit is already in a sensitive location on the computer.

Rotkits may also come through shared disks and drives with infected web content.

Rootkits may even infect the part of your computer that is independent of the Operating System, making them harder to remove.

Once in your system, Rootkits provide access to your folders to a remote user who can do 'whatever' with your computer.

The types of information that may be accessed are, account IDs and passwords (such as PayPal, Hotmail, gmail, Facebook accounts, etc.), credit card information (PIN numbers, expiration dates and card numbers), and banking information (account numbers, passwords, PINs etc.).

If you conducted any activities or transactions of the nature described above on the infected computer, would strongly recommend you change passwords, IDs, PINs, etc., using another computer.

This is not meant to make you paranoid, but, if you notice any unusual behavior on the previously infected computer, make sure you get back here.

Also, since the Rootkit got through, let's take a look at your present security setup...

Please download Security Check:
http://screen317.spywareinfoforum.org/
Save to your Desktop.
Double-click: SecurityCheck.exe

Follow the onscreen instructions inside the black box.

When done, a Notepad report opens automatically, called: checkup.txt

:ar: Please post the checkup.txt in your reply.
(Do not take any corrective actions!)
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Think only recent additions to this computer have been updates and newly installed Dropbox. But as you say, could have been in background for some time. Checkup report attached.
 

Attachments

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD V120
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium 64 bit
CPU
AMD V120
Antivirus
MSE
Browser
IE 10
There are a few issues to take care of, as shown by Security Check:

:warn: Windows 7 Service Pack 1 x64 (UAC is disabled!)

Windows 7 has the built-in ability to automatically reduce the potential of security breaches and malware from compromising the operating system. It does so by automatically enabling the User Account Control (UAC).

Recommend you select the Default setting:
http://www.sevenforums.com/tutorials/299-user-account-control-uac-change-notification-settings.html

:warn: Internet Explorer 10 Out of date!

The latest version of Internet Explorer is IE11.

You can download Internet Explorer 11 from Microsoft, here:
Download Internet Explorer 11 - Internet Explorer

In most cases, however, the newest version of Internet Explorer will automatically install at some point after its release via Windows Update. Internet Explorer will update automatically, keeping all of your favorites, cookies, form history, and saved passwords intact.

:warn: Java(TM) 6 Update 38 Java version out of Date!
If you decide to keep Java, then, let's take care of some details, you do not need any vulnerabilities...

Please update your version of Java:
java.com: Java + You

Also, uninstall all older versions of Java from your system.
They present a serious security risk.
Why should I uninstall older versions of Java from my system?
Why should I uninstall older versions of Java from my system?

:warn: Adobe Flash Player 12.0.0.70 Flash Player out of Date!

Download and install the latest Flash Player version > Adobe - Install Adobe Flash Player
Additional Info/Flash Player Help > Flash Player Help | Flash Player Help

:warn: Adobe Reader 10.1.9 Adobe Reader out of Date!

Adobe Reader, latest version:
Adobe - Adobe Reader download - All versions
(If presented, uncheck the following: Yes, install McAfee Security Scan Plus)

When done, go to Start > Control Panel > Programs and Features > Uninstall List
Look for, and remove any older Adobe Reader versions.


:info: Post back when you are done, and we will wrap up.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
OK. Done all of that. IE will take its own course - no hurry. Likewise Adobe Flash - Reader is current. Java updated and the only old version uninstalled. Adobe says it is up to date, done on 25 Feb.

But lastly, UAC set to default but, on restarting, get Error Code: 0x80073b01. Wording: Microsoft Security Client. An error has occurred in the program during initialization. If this problem continues please contact your system administrator.

I restarted again and again got the same error message.

Sorry for this last little annoyance.
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD V120
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium 64 bit
CPU
AMD V120
Antivirus
MSE
Browser
IE 10
Better have it show up now, than later...

:info: Let's use the following to make sure the malware is not lurking in the Master Boot Record...

Please go to the TDSSKiller Download:
TDSSKiller Download
Select the .exe version
Double-click on TDSSKiller.exe to run the program.

When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK

Press: Start Scan

If a suspicious object is detected by this program, the default action is Skip. Leave this action as is, and click on: Continue

If malicious objects are found, they show in the Scan results.
Ensure Cure (the default action) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip. Do not select: Delete

When done, the tool creates a log on the disk with the Windows Operating System, normally C:\
Logs have a name like:
C:\TDSSKiller.X.X.X_15.10.2013_15.31.43_log.txt

:ar: Also provide the TDSSKiller report in your reply.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Hmm. Don't think anything found. Log hopefully attached. Bill
 

Attachments

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD V120
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium 64 bit
CPU
AMD V120
Antivirus
MSE
Browser
IE 10
Good!! :)

Can you uninstall Microsoft Security Essentials from Control Panel > Programs and Features > Uninstall Programs

When done, restart the Computer.

Then, install MSE again, and see if you get the error.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Uninstalled MSE, restarted with no error message.

Downloaded and Reinstalled MSE and same initialization error message reappears.

Bill
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64 bitAMD V120
Computer type
Laptop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Home Premium 64 bit
CPU
AMD V120
Antivirus
MSE
Browser
IE 10
Back
Top