Page 2 of 16 FirstFirst 123412 ... LastLast
Results 11 to 20 of 151

Thread: Desperately need help! My firewall will not turn on.

  1. #11
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Anytime you have results and make a post I will receive notification. Take your time, do each step completely before you proceed to the next. Do nothing else on that computer except complete those steps.

  2. #12
    Join Date
    Jun 2012
    Posts
    113

    Tasks Finished

    Okay I went through all of the steps of all the tasks that you have listed above and here are the results:
    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    C:\Windows\Installer\{e441ce7e-349f-bf8b-ecee-2afcda9520f2}\U\00000001.@ Win64/Sirefef.AI trojan cleaned by deleting - quarantined
    C:\Windows\Installer\{e441ce7e-349f-bf8b-ecee-2afcda9520f2}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined

    New DDS log run after finishing everything you told me to do:
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by Frances at 15:25:32 on 2012-06-27
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2677 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{3DCE3A66-67B5-4F25-8080-51526A209FBC} : DhcpNameServer = 192.168.1.254
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\P rofiles\h5zou2lk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://g.msn.com/USCON/1
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHl pa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-2-3 517632]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-19 136176]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-5 13336]
    S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-19 136176]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsus bflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-06-27 19:20:09 -------- d-s---w- C:\Windows\SysWow64\Microsoft
    2012-06-27 18:09:45 -------- d-----w- C:\Program Files (x86)\ESET
    2012-06-26 04:58:53 -------- d-----w- C:\ProgramData\AVAST Software
    2012-06-26 04:58:53 -------- d-----w- C:\Program Files\AVAST Software
    2012-06-26 01:50:02 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    2012-06-25 23:17:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-23 18:23:24 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-23 18:23:19 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-23 18:23:13 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-23 18:23:13 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-18 15:05:51 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-06-18 15:05:51 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-06-16 23:29:04 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-16 23:29:03 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-16 23:29:03 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-06 21:11:51 -------- d-----w- C:\Users\Frances\AppData\Local\{D3B37241-D129-4D8D-8FB8-67FCA312787B}
    2012-05-30 23:13:13 244416 ----a-w- C:\Windows\SysWow64\Msflxgrd.ocx
    2012-05-30 23:13:13 209192 ----a-w- C:\Windows\SysWow64\TABCTL32.OCX
    2012-05-30 23:13:13 203976 ----a-w- C:\Windows\SysWow64\RICHTX32.OCX
    2012-05-30 23:12:42 -------- d-----w- C:\Users\Frances\AppData\Roaming\pchc
    2012-05-30 22:49:19 -------- d-----w- C:\Program Files (x86)\ATT
    .
    ==================== Find3M ====================
    .
    2012-06-25 23:17:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ============= FINISH: 15:26:22.30 ===============
    DDS Text log:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/9/2011 1:48:44 PM
    System Uptime: 6/27/2012 3:24:43 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 018D1Y
    Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz | CPU 1 | 3203/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 452 GiB total, 416.064 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP109: 5/19/2012 5:25:52 PM - Scheduled Checkpoint
    RP110: 5/27/2012 10:50:37 AM - Scheduled Checkpoint
    RP111: 6/4/2012 11:40:22 AM - Windows Update
    RP112: 6/18/2012 10:00:18 AM - Windows Update
    RP113: 6/18/2012 10:54:04 AM - Windows Modules Installer
    RP114: 6/18/2012 11:08:06 AM - Windows Update
    RP115: 6/23/2012 2:22:57 PM - Windows Update
    RP116: 6/26/2012 12:58:41 AM - avast! Free Antivirus Setup
    RP117: 6/26/2012 11:26:34 AM - Windows Update
    RP118: 6/27/2012 1:55:40 PM - avast! Free Antivirus Setup
    .
    ==== Installed Programs ======================
    .
    3600_Help
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.1
    Alphabet Express
    ArcSoft Print Creations
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Calendar
    BPD_Scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    CCScore
    Compatibility Pack for the 2007 Office system
    Consumer In-Home Service Agreement
    Coupon Printer for Windows
    CRI-Resizer
    D3DX10
    Destinations
    DeviceDiscovery
    DirectX 9 Runtime
    DocProc
    ESET Online Scanner v3
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    Fax
    File Type Assistant
    Free File Viewer 2011
    Google Chrome
    Google Update Helper
    GoToAssist Corporate
    GPBaseService2
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    Intel(R) Control Center
    Intel(R) Rapid Storage Technology
    Internet Explorer
    J3600
    Java Auto Updater
    Java(TM) 6 Update 24
    Junk Mail filter update
    kgchday
    kgckids
    kgcmove
    kgcvday
    Kid Pix Deluxe 4
    Kodak EasyShare software
    Lernout & Hauspie TruVoice American English TTS Engine
    Malwarebytes Anti-Malware version 1.61.0.1400
    Mesh Runtime
    Messenger Companion
    Microsoft Office 2000 Professional
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 11.0 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    OfotoXMI
    PhotoShowExpress
    ProductContext
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    SFR
    SHASTA
    skin0001
    SKINXSDK
    SolutionCenter
    Sonic CinePlayer Decoder Pack
    SpywareBlaster 4.6
    staticcr
    Status
    Toolbox
    TrayApp
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VPRINTOL
    WebReg
    WildTangent Games
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WIRELESS
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/27/2012 3:24:57 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    6/27/2012 3:24:57 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
    6/27/2012 3:24:57 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    6/27/2012 3:24:57 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    6/27/2012 3:24:55 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    6/27/2012 3:18:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    6/27/2012 3:18:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    6/27/2012 3:18:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/27/2012 3:18:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/27/2012 3:18:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/27/2012 3:18:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6
    6/27/2012 3:18:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/27/2012 3:18:28 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    6/27/2012 1:43:37 PM, Error: Service Control Manager [7003] - The McAfee Network Agent service depends the following service: MfeFire. This service might not be installed.
    6/27/2012 1:43:37 PM, Error: Service Control Manager [7000] - The McAfee VirusScan Announcer service failed to start due to the following error: The system cannot find the file specified.
    6/27/2012 1:43:37 PM, Error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The system cannot find the file specified.
    6/27/2012 1:41:31 PM, Error: Service Control Manager [7003] - The McAfee Proxy Service service depends the following service: MfeFire. This service might not be installed.
    6/27/2012 1:41:31 PM, Error: Service Control Manager [7003] - The McAfee Anti-Spam Service service depends the following service: MfeFire. This service might not be installed.
    6/26/2012 9:29:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Frances-PC\Frances SID (S-1-5-21-862105705-1313804406-1711163474-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    6/26/2012 9:29:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Frances-PC\Frances SID (S-1-5-21-862105705-1313804406-1711163474-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    6/26/2012 12:31:02 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Security with the following error: Access is denied.
    6/26/2012 12:30:49 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
    6/26/2012 10:12:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache SASDIFSV SASKUTIL spldr Wanarpv6
    6/26/2012 10:01:41 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    6/26/2012 10:01:41 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    6/20/2012 11:02:48 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The authentication service is unknown.
    .
    ==== End Of File ===========================

    Other information:
    I still can not turn on my fire wall I am getting a message "Windows Security Center Service can't be started". I have a feeling this is not good.
    I am eagerly awaiting your response of where I am and where I go from here. Do I reinstall Avast? Because unless I am wrong I don't think I have any anti-virus protection and I have no idea what is going on with my firewall I hope you do.

  3. #13
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    The logs still show McAfee as on the computer, the firewall for sure.

    Run this tool and post back with the log.

    http://screen317.spywareinfoforum.org/SecurityCheck.exe

  4. #14
    Join Date
    Jun 2012
    Posts
    113
    I have bad news I reran the Eset scanner and even though I checked for it to delete the trojans upon closing it found them again.
    Win64Sirefef.AE trojan
    Win64Sirefef.Al trojan
    I also reran the program to uninstall the McAfee parts but nothing is changing on the DDS log and I can't get the firewall to come on, so I am afraid that the trojans are not going away and blocking the changes that I am trying to make. Just my fear what is your call and what do I do about it?

  5. #15
    Join Date
    Jun 2012
    Posts
    113
    I ran the above and here is the requested log:
    Results of screen317's Security Check version 0.99.42
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    McAfee Anti-Virus and Anti-Spyware
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    SpywareBlaster 4.6
    Malwarebytes Anti-Malware version 1.61.0.1400
    Java(TM) 6 Update 24
    Java version out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox 11.0 Firefox out of Date!
    Google Chrome 19.0.1084.52
    Google Chrome 19.0.1084.56
    ````````Process Check: objlist.exe by Laurent````````
    ESET ESET Online Scanner OnlineScannerApp.exe
    ESET ESET Online Scanner OnlineCmdLineScanner.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````

  6. #16
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Unless you are told to specifically run something, please don't. Many times this can cause problems. This will not be a fast process. So please have patience.
    We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

  7. #17
    Join Date
    Jun 2012
    Posts
    113
    Okay, sorry, I am trying to be patient but I am on the verge of panic. So, I am going to take a deep breath and do only what you suggest, when you suggest and try to hold off the panic until you say it is time to panic. Thank you for putting things so nicely while putting up with me. I am so thankful to you for taking the time to help me because I know this is taking a lot of your time too.

  8. #18
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    no problem. One step at a time will do it. No giant steps. Plus if you run tools and I don't know about them then a step I may give you either will not work or cause damage.

    Here is your next step:

    Please download ComboFix by sUBs from

    http://www.bleepingcomputer.com/down...virus/combofix

    Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you donít click within ten minutes after reaching the page you will need to refresh the page.


    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When ComboFix has finished running, you will see a screen stating that it is preparing the log report
    • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
    • Re-enable all the programs that were disabled during the running of ComboFix..


    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!

    Post back with the Combofix log when complete.

  9. #19
    Join Date
    Jun 2012
    Posts
    113
    I have a problem Combofix is requesting that I turn off the realtime scanner of McAffee off. However, since it is not showing up anywhere on my computer and I can not find where it is hiding what so I do?

  10. #20
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Run Combofix in Safe Mode.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •