• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

  • Due to the complexity and risks involved our formally trained malware staff will be the only ones allowed to help with malware removal advice. Thank you.

Windows firewall service cannot start (solved)

asmoeone

Free PC Help Contributor
Joined
Jul 1, 2010
Messages
21
Location
UK
PC Experience
Some Experience
#21
Doh.
Let's try this one...
----------------------
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chunky
->Temp folder emptied: 48966 bytes
->Temporary Internet Files folder emptied: 552062 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22037488 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 2286 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2089 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2258 bytes

Total Files Cleaned = 22.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Chunky
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.7.0 log created on 07032010_165308

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 

asmoeone

Free PC Help Contributor
Joined
Jul 1, 2010
Messages
21
Location
UK
PC Experience
Some Experience
#23
Indeed it does. As far as I can see things are completely back to normal. It looks like our work here is finished?
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,436
Location
Midlands, UK
PC Experience
Very Experienced
#24
Hi asmoeone,

Indeed it does. As far as I can see things are completely back to normal.
If you can bare with me a little longer.
I'd like to double check things.
MBAM has been updated 9 times since your last report.

Please update MBAM and run another scan:
Start MBAM
Click on the Update tab



Click Check for Updates



If it says that MBAM needs to close to update it... let it close and then restart.
Then click the Scan button.

Don't forget:
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
If the report comes back clean, we'll finish off the cleaning process.

Thanks
 

asmoeone

Free PC Help Contributor
Joined
Jul 1, 2010
Messages
21
Location
UK
PC Experience
Some Experience
#25
I can, of course, bear with it. And I'm glad you can too.

When trying to update MBAM, I get the error message - "An error has occurred. Please report this error code to our support team. MBAM_ERROR_UPDATING (12007,0,WinHttpSendRequest)".

I suppose this could be malware related.

I tried disabling MS Security Essentials, but this made no difference.

What do you reckon?
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,436
Location
Midlands, UK
PC Experience
Very Experienced
#26
Hi asmoeone

12007 error usually means that the download is being blocked by a security program.

My guess is that's probably the Firewall ( as we've just started it again)
Simple way to test this is to turn off the Firewall and then try the update again.
If it works like this, you'll have to add an exception to the firewall rules to allow MBAM.
 

asmoeone

Free PC Help Contributor
Joined
Jul 1, 2010
Messages
21
Location
UK
PC Experience
Some Experience
#27
I'd understood that having an open internet connection without a firewall was very risky, even for a short period? Well I guess I trust you because I tried it. The update gave the same error.

I checked the MBAM forums, and they seem to point to an uninstall / "mbam-clean.exe" utility / reinstall. Heard of it?
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,436
Location
Midlands, UK
PC Experience
Very Experienced
#28
I'd understood that having an open internet connection without a firewall was very risky, even for a short period?
It can be, but as we were only trying to access a well known good site to get the update.... it would have been ok.

I checked the MBAM forums, and they seem to point to an uninstall / "mbam-clean.exe" utility / reinstall. Heard of it?
I see what they are getting at with the program. Sometimes malware does block MBAM and this will clear out all the mbam entries from the registry.
It's not a program i've actually tried, but as i know 'RubbeR DuckY' fairly well and the fact that he started MBAM .... i'd say he knows a thing or 2. :)

Let's give it a try:

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from Malwarebytes Anti-Malware.
 

asmoeone

Free PC Help Contributor
Joined
Jul 1, 2010
Messages
21
Location
UK
PC Experience
Some Experience
#29
I'm embarrassed to admit that when I opened my browser I realised my wireless connection was still disabled. Could have had something to do with the update problem...

Anyway, MBAM reinstalled. Scan run. "no malicious items were detected".
 

asmoeone

Free PC Help Contributor
Joined
Jul 1, 2010
Messages
21
Location
UK
PC Experience
Some Experience
#30
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4274

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/07/2010 14:17:19
mbam-log-2010-07-04 (14-17-19).txt

Scan type: Full scan (C:\|)
Objects scanned: 163170
Time elapsed: 50 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,436
Location
Midlands, UK
PC Experience
Very Experienced
#31
I'm embarrassed to admit that when I opened my browser I realised my wireless connection was still disabled. Could have had something to do with the update problem...
it certainly didn't help.

At least you found the problem.

Everything looks good now.
But like i said before, there's no 100% guarantee with these backdoor trojans.
We may have got everything, but we can only remove what we can see in the scans.
Let's finish off the cleaning process now:

Step 1
  • Please double-click OTL.exe to run it.
  • You should see a CleanUp! button, press that button,


  • This will remove any programs we have asked you to download along with there associated folders.. plus itself.

Note:
MBAM will not be removed


Step 2
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Select the drive for cleaning then click OK (usually 'C' drive)
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.


To find out how you may have been infected....read this topic:
So how did i get infected?

Not all of the following information will be applicable to you, but it's still best to read it all.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Use an AntiVirus Software
    Note*:
    Upon installation MS Security Essentials will check that your OS is a legal copy.

    Only install one AntiVirus program
  • Update your AntiVirus Software regularly
  • Use a 3rd party Firewall NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option.

    Only install one software Firewall

    Some 3rd party Firewalls will turn off the windows firewall when they are installed.
    It's always best to check that the Windows Firewall is turned off:

    How to turn off Windows Firewall:
    Start ... Control Panel ...click on 'Classic View'.
    now select Windows Firewall.
    When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok
  • Scan regularly with a 'Stand Alone' Anti-Malware scanner:
    Installing another scanner that you can run once or twice a week is always beneficial.
    Something like:
    Malwarebytes Anti-Malware
    SUPERAntiSypware
    Remember to update these programs each time before running.
    You can install more than one of these if you only run them as stand alone programs.
  • Use an alternative browser:
    Some excellent alternatives to MS Internet Explorer are:

    Firefox
    For added security, add the NoScript extension to this browser:
    Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks
    also consider adding:
    WOT - Safe Browsing Tool

    Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.
    Btw: you don't have to make a contribution.

    Opera

    They offer better security, more stability, and better speed.
  • Keep a backup of your registry
    Keeping a regular backup of your registry will help when something goes wrong.
    Use a program like:
    Erunt

    A full tutorial on how to set up and use Erunt can be found here:
    Erunt tutorial
  • Keep your system clean of temp files etc, using a 'Cleaner':

    Cleaners are programs that will help to clean out your:
    Windows temp files
    Current user temp files
    Cookies
    Temporary Internet flies
    Browser history
    Recycle bin
    Etc.......
    In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.
    Programs like:
    CCleaner
    TFC by OldTimer
    ATF Cleaner
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:
    Using and installing SpywareBlaster
  • Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Safe surfing.
 

asmoeone

Free PC Help Contributor
Joined
Jul 1, 2010
Messages
21
Location
UK
PC Experience
Some Experience
#32
Done.

Many, many thanks for your help. The process has been a pleasure for me and I'm frankly amazed to have received such professional and timely assistance, all volunteered for nothing. I shall be visiting the donation page for the site.
 

Starbuck

Admin & Security Team
Joined
Feb 19, 2010
Messages
4,436
Location
Midlands, UK
PC Experience
Very Experienced
#33
Hi asmoeone,

Many thanks for the nice comments.
The staff here do take a lot of pride in their work and we know that most members will want their computer problems sorted as quickly as possible.
All the staff here were once newbies, so we know what it's like to have problems you can't sort out.
Yes, we do offer our time for nothing... a lot of this is because of the belief we have in the site and the members.

Once again, i'm glad to have been of help and many thanks for the nice comments.
 
Top Bottom