Desperately need help! My firewall will not turn on.

**jholland1964** · 06-30-2012, 12:28 PM

Go ahead and run another DDS scan, post both logs it produces.

**the.avon.lady1** · 06-30-2012, 12:51 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Frances at 9:47:53 on 2012-06-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.3023 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3DCE3A66-67B5-4F25-8080-51526A209FBC} : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\P rofiles\h5zou2lk.default\
FF - prefs.js: browser.startup.homepage - hxxp://g.msn.com/USCON/1
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHl pa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-19 136176]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-5 13336]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-19 136176]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsus bflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-2-3 517632]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-27 23:46:56 -------- d-----w- C:\Users\Frances\AppData\Roaming\Malwarebytes
2012-06-27 23:46:53 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-27 23:46:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-27 23:46:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-27 21:29:14 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-27 20:53:32 98816 ----a-w- C:\Windows\sed.exe
2012-06-27 20:53:32 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-27 20:53:32 256000 ----a-w- C:\Windows\PEV.exe
2012-06-27 20:53:32 208896 ----a-w- C:\Windows\MBR.exe
2012-06-27 19:20:09 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2012-06-27 18:09:45 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-26 04:58:53 -------- d-----w- C:\ProgramData\AVAST Software
2012-06-26 04:58:53 -------- d-----w- C:\Program Files\AVAST Software
2012-06-26 01:50:02 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-06-25 23:17:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-23 18:23:24 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-23 18:23:19 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-23 18:23:13 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-23 18:23:13 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-18 15:05:51 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-18 15:05:51 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-16 23:29:04 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-16 23:29:03 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-16 23:29:03 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-06 21:11:51 -------- d-----w- C:\Users\Frances\AppData\Local\{D3B37241-D129-4D8D-8FB8-67FCA312787B}
2012-05-30 23:13:13 244416 ----a-w- C:\Windows\SysWow64\Msflxgrd.ocx
2012-05-30 23:13:13 209192 ----a-w- C:\Windows\SysWow64\TABCTL32.OCX
2012-05-30 23:13:13 203976 ----a-w- C:\Windows\SysWow64\RICHTX32.OCX
2012-05-30 23:12:42 -------- d-----w- C:\Users\Frances\AppData\Roaming\pchc
2012-05-30 22:49:19 -------- d-----w- C:\Program Files (x86)\ATT
.
==================== Find3M ====================
.
2012-06-25 23:17:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
.
============= FINISH: 9:48:43.73 ===============

**the.avon.lady1** · 06-30-2012, 12:53 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/9/2011 1:48:44 PM
System Uptime: 6/29/2012 9:46:03 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 018D1Y
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz | CPU 1 | 1185/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 415.756 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP109: 5/19/2012 5:25:52 PM - Scheduled Checkpoint
RP110: 5/27/2012 10:50:37 AM - Scheduled Checkpoint
RP111: 6/4/2012 11:40:22 AM - Windows Update
RP112: 6/18/2012 10:00:18 AM - Windows Update
RP113: 6/18/2012 10:54:04 AM - Windows Modules Installer
RP114: 6/18/2012 11:08:06 AM - Windows Update
RP115: 6/23/2012 2:22:57 PM - Windows Update
RP116: 6/26/2012 12:58:41 AM - avast! Free Antivirus Setup
RP117: 6/26/2012 11:26:34 AM - Windows Update
RP118: 6/27/2012 1:55:40 PM - avast! Free Antivirus Setup
RP119: 6/27/2012 7:31:59 PM - Removed Java(TM) 6 Update 23 (64-bit)
RP120: 6/27/2012 7:33:05 PM - Removed Java(TM) 6 Update 24
.
==== Installed Programs ======================
.
3600_Help
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Alphabet Express
ArcSoft Print Creations
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Calendar
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CCScore
Compatibility Pack for the 2007 Office system
Consumer In-Home Service Agreement
Coupon Printer for Windows
CRI-Resizer
D3DX10
Destinations
DeviceDiscovery
DirectX 9 Runtime
DocProc
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Fax
File Type Assistant
Google Chrome
Google Update Helper
GoToAssist Corporate
GPBaseService2
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
Intel(R) Control Center
Intel(R) Rapid Storage Technology
Internet Explorer
J3600
Junk Mail filter update
kgchday
kgckids
kgcmove
kgcvday
Kid Pix Deluxe 4
Kodak EasyShare software
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft Office 2000 Professional
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OfotoXMI
PhotoShowExpress
ProductContext
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
SFR
SHASTA
skin0001
SKINXSDK
SolutionCenter
Sonic CinePlayer Decoder Pack
SpywareBlaster 4.6
staticcr
Status
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VPRINTOL
WebReg
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WIRELESS
.

**the.avon.lady1** · 06-30-2012, 12:54 PM

==== Event Viewer Messages From Past Week ========
.
6/29/2012 9:46:16 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/29/2012 9:46:16 AM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed.
6/29/2012 9:46:14 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
6/28/2012 8:38:28 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/28/2012 8:38:24 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
6/28/2012 10:06:12 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The service has returned a service-specific error code.
6/27/2012 9:54:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/27/2012 9:54:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/27/2012 9:54:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/27/2012 9:54:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/27/2012 9:54:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/27/2012 9:54:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/27/2012 9:54:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf ws2ifsl
6/27/2012 9:54:37 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/27/2012 9:54:37 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/27/2012 9:54:37 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/27/2012 9:54:37 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/27/2012 9:54:37 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/27/2012 9:54:36 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/27/2012 9:54:36 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/27/2012 9:54:36 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/27/2012 9:54:36 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/27/2012 9:54:36 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/27/2012 9:54:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/27/2012 5:19:53 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
6/27/2012 5:19:24 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/27/2012 5:19:04 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/27/2012 5:14:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
6/27/2012 4:49:02 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
6/27/2012 4:49:02 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
6/27/2012 3:24:57 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/27/2012 3:24:57 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/27/2012 3:18:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6
6/27/2012 10:09:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/27/2012 10:09:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/27/2012 10:09:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/27/2012 1:43:37 PM, Error: Service Control Manager [7003] - The McAfee Network Agent service depends the following service: MfeFire. This service might not be installed.
6/27/2012 1:43:37 PM, Error: Service Control Manager [7000] - The McAfee VirusScan Announcer service failed to start due to the following error: The system cannot find the file specified.
6/27/2012 1:43:37 PM, Error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The system cannot find the file specified.
6/27/2012 1:41:31 PM, Error: Service Control Manager [7003] - The McAfee Proxy Service service depends the following service: MfeFire. This service might not be installed.
6/27/2012 1:41:31 PM, Error: Service Control Manager [7003] - The McAfee Anti-Spam Service service depends the following service: MfeFire. This service might not be installed.
6/26/2012 9:29:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Frances-PC\Frances SID (S-1-5-21-862105705-1313804406-1711163474-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/26/2012 9:29:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Frances-PC\Frances SID (S-1-5-21-862105705-1313804406-1711163474-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/26/2012 12:31:02 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Security with the following error: Access is denied.
6/26/2012 12:30:49 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
6/26/2012 10:12:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache SASDIFSV SASKUTIL spldr Wanarpv6
6/26/2012 10:01:41 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/26/2012 10:01:41 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================

**jholland1964** · 06-30-2012, 01:06 PM

Well the good news is McAfee is gone. Only dead listings in the log so we know it's not running or installed. Bad news, the infection, which was the Zero Access Rootkit really does a number on things for sure, one of them is to make sure the Windows Firewall cannot work and possibly would not allow other firewalls either.
Now you can try Checkdisk and see if damaged files can be repaired or you can try a repair install or you can reformat the computer. I am willing to work with you on any of those but the choice is yours. Do you have Recovery Disks? Do you have the Driver disk that normally comes with Dell computers?

**the.avon.lady1** · 06-30-2012, 01:19 PM

Okay, at least we know what we are dealing with. I am thankful that you are staying with me on this. I will be checking to see exactly what Dell sent me. After I received the computer and they wanted me to make my own recovery disks I called them complaining and the next week received a lot of things which got put in a drawer. I will take a survey of what I have and report back. In the mean time I guess start with the less extensive and move down the list as needed. If we can find a fix short of wiping everything and starting over that would be great. However, if that becomes the only option left, well all I can say is I need to get this fixed so when we run out of options and get to that point just let me know we are there. I am guess ing that Checkdisk would be the first step. If so let me know how is the best way to proceed. I have run checkdisk in the past but there may be a more effecient way to do it that I don't know of other than just telling the computer to do it.

**the.avon.lady1** · 06-30-2012, 01:27 PM

This is what I have from Dell on disk:
2 disks that say "Drivers and Utilities"
1 disk thatsays "Drivers and documentation"
1 disk "Operating System"
1 disk "Application"
1 disk "Microsoft Works9"
1 disk "Easy CD & DVD burning 10.3"
that is it.

**the.avon.lady1** · 06-30-2012, 01:30 PM

Okay, I am ready just tell me when to start the checkdisk and how is the best way to do it.

**jholland1964** · 06-30-2012, 01:38 PM

Sound to me like you likely will find all you need in those disks that Dell sent to you. So you know what you are looking for you would need a disk that either says Windows 7 or something like Windows 7 Restoration Disk, something along that line, it will have to say Windows 7 though. You will also need one that says Drivers and Utilities Disk. Those two would get you back to just like it was when it was installed at the Factory. The one that says Operating System...does it say Windows 7?
But here are the instructions for running checkdisk, can't hurt to try that first.

Click on the Computer
Right click the hard disk drive that you want to check, this would be "C", and choose Properties.
Click on the Tools tab, and click on the Check now button under Error-checking.
You will now see this window shown in my print screen. Check the Automatically fix file system errors box as shown in my print screen.
Cllick on the Start button, however since the disk is in use you will get a box like the one in my other print screen telling you that and asking if you wish to schedule this when you boot the computer. Click on the Schedule disk check button

Then all you do is reboot the computer. Check disk will begin immediately. Do nothing else and do not attempt to stop it. Allow this to run. It will take awhile to complete. Once it is complete you may be shown a report and then the full boot process will complete as normal.

Once that is finished and the computer is fully booted up then see if you can turn on the Windows Firewall.

Click image for larger version.

Name: checkdisk.jpg
Views: 10
Size: 18.1 KB
ID: 2127

Click image for larger version.

Name: schedule disk check.jpg
Views: 9
Size: 13.6 KB
ID: 2128

**the.avon.lady1** · 06-30-2012, 01:46 PM

Ok, I am leaving to try the checkdisk. Should I run another DDS scan and post after it finishes so you can see if it fixed anything or will i get a report from them. I guess my question really is, how will i know if it is fixed?

Thread: Desperately need help! My firewall will not turn on.

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions