Security service keeps disabeling

[BluerjB]

What browser are you using? Try download it with this method.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

I got it i think the site was down when i was trying to download it... but ill run it right now....

[BluerjB]

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 . (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Disabled !
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 4.0.1 (en-US)
.
C:\  [Fixed-NTFS] .. ( Total:232 Go - Free:117 Go )
D:\  [CD_Rom]
E:\  [CD_Rom]
F:\  [CD_Rom]
.
Scan : 20:32.44
Path : C:\Users\Jermaine\Desktop\Rooter.exe
User : Jermaine ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ??–? (240)
______ ??–? (384)
______ ??–? (456)
______ ??–? (476)
______ ??–? (516)
______ ??–? (560)
______ ??–? (576)
______ ??–? (584)
______ ??–? (700)
______ ??–? (764)
______ ??–? (804)
______ ??–? (868)
______ ??–? (944)
______ ??–? (976)
______ C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (1008)
______ ??–? (716)
______ ??–? (1096)
______ ??–? (1164)
______ ??–? (1176)
______ ??–? (1372)
______ ??–? (1396)
______ ??–? (1508)
______ ??–? (1520)
______ ??–? (1568)
______ ??–? (1644)
______ C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (1764)
______ C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (1808)
______ ??–? (1880)
______ C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe (1980)
______ ??–? (2036)
______ C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (1284)
______ ??–? (1260)
______ ??–? (2076)
______ ??–? (2160)
______ ??–? (2168)
______ ??–? (2176)
______ ??–? (2252)
______ C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (2588)
______ C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (2636)
______ ??–? (2676)
______ ??–? (2960)
______ ??–? (2364)
______ ??–? (2620)
______ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (2788)
Locked audiodg.exe (3208)
______ ??–? (2304)
______ ??–? (1960)
______ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe (248)
______ ??–? (2416)
______ C:\Users\Jermaine\Desktop\Rooter.exe (2792)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:250057064448)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\AWC AutoSweep.job
C:\Windows\Tasks\AWC Startup.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\Users\Jermaine\Downloads\half-life\Half-Life_CD_Keygen\Half Life CDkeygen.exe
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 20:32.57
.
C:\Rooter$\Rooter_1.txt - (27/05/2011 | 20:32.57).c

[SuperDave]

Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.
Downloads\half-life\Half-Life_CD_Keygen
**************************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[BluerjB]

Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.
Downloads\half-life\Half-Life_CD_Keygen
**************************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

When i try to use this it tries to update then it say's that it "cannot get the update, is proxy configured?"

[BluerjB]

nevermind i got it to work, but it didnt find anything... so no log.

[SuperDave]

Good. If there are no other issues, we can do some cleanup.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
************************************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection.  If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection.  If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
******************************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
************************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
***************************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[BluerjB]

Sorry but the issue has still not been resolved. Microsoft Secrurity Essentials is still not monitoring my system, and Windows Defender still dont start. This is due to the Virus that i got that you helped me remove. It might be the damage that it left but is there anyway i can fix these issues.

Note: When i try to open windows Defender it gives me the same message as the picture in post #2

Thanks for what you've dome but i still need some more help.

[SuperDave]

I don't have Windows 7 so I've never had a chance to try this.

Open the Windows Update troubleshooter by clicking the Start button , and then clicking Control Panel. In the search box, type troubleshooter, and then click Troubleshooting. Under System and Security, click Fix problems with Windows Update. These errors can happen if your computer runs out of memory while installing an update. If the Windows Update troubleshooter didn't fix the problem, try the following:

•Close all programs, including ones that run in the background, such as firewalls, antispyware software, web accelerators, Internet security or antivirus programs, or proxy servers, and then run Windows update again.

If you turned off your firewall, antivirus, or other security programs, turn them on once the update has been installed. You can restart any other programs you closed, as well. This error will also occur if the system is out of memory.

There is also a program on Windows 7 called Action Center You can learn more about by clicking the link.

This problem is because BITS is not running. Here's a link that may help analyze and fix this problem

[BluerjB]

Fixed!

Steps To fix it according to SuperDave:

1: Remove Viruses
2: Enforce Security
3:Fix Problems

I'm going to add two more steps that i did to completely fix it.

4: After Fixes, Run Windows Defender
5: Uninstall and reinstall Microsoft Security Essentials

And Done, Everything works and I have enforced Security.

Thanks SuperDave For all the for all the help, Hope this will help other people that encounder this problem.

Note: Can a Moderator rename this to "Security Center service keeps disabeling"? So it comes up on serch engines.

[SuperDave]

I'm going to add two more steps that i did to completely fix it.

4: After Fixes, Run Windows Defender
5: Uninstall and reinstall Microsoft Security Essentials

And Done, Everything works and I have enforced Security.

Great. Good moves.

Can a Moderator rename this to "Security Center service keeps disabeling"? So it comes up on serch engines.

It's already named although I don't recommend anyone to follow this cleaning guide. It was created for your computer and could have adverse effects on another computer. Also, some programs are very powerful and if not used correctly, could permanently damage a computer.

Fixed!

I'm curious. Which method in Reply # 22 did the trick so I'll know the next time I encounter this.

Thanks SuperDave For all the for all the help

You're welcome.

[BluerjB]

Great. Good moves.It's already named although I don't recommend anyone to follow this cleaning guide. It was created for your computer and could have adverse effects on another computer. Also, some programs are very powerful and if not used correctly, could permanently damage a computer. I'm curious. Which method in Reply # 22 did the trick so I'll know the next time I encounter this.
You're welcome.

Actually None If the things metioned in post #22 (directly) helped but aided it.

For example, if you didnt get my computer cleaned It wouldnt be able to turn on Windows Defender. And for me to by pass the Service issue for Microsoft Security Essentials (telling me it needed a service turned on), I had to reinstall the whole program again. The reinstall probably reinstalled the service Microsoft Security Essentials needed.

[SuperDave]

Thanks. I will lock this thread. If you need it re-opened, please send me a pm.