Inactive Computer is acting really weird, Icons won't save, USB not working

[Broni]

Download following firewall fix: http://www.bleepstatic.com/fhost/uploads/0/repairw7fw.bat
Right click on downloaded file, click "Run As Administrator".
Restart computer and post new FSS log.

 

[Sam Park]

Farbar Service Scanner Version: 26-07-2012
Ran by SAM (administrator) on 01-08-2012 at 18:42:19
Running from "C:\Users\SAM\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall value. The value does not exist.

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

 

[Broni]

Download Windows Repair (all in one) from this site

Install the program then run

Go to step 2 and allow it to run Disc check

Once that is done then go to step 3 and allow it to run SFC

On the the Start Repairs tab click Start button.

Please ensure that items seen in the image below are ticked as indicated:

Click on box next to the Restart System when Finished. Then click on Start

Post new FSS log.

 

[Sam Park]

I don't know if this is helpful or not, but when I try to manually start the firewall I get the error code: 0x8007043b

Farbar Service Scanner Version: 26-07-2012
Ran by SAM (administrator) on 01-08-2012 at 19:08:14
Running from "C:\Users\SAM\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall value. The value does not exist.

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

 

[Broni]

That looks better but still "MpsSvc Service is not running".
That's why you can't start Windows firewall.

Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Registry Editor will open.
Navigate to : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
Right click on SharedAccess, click "Permissions" then "Add" button, type "Everyone", click OK, tick "Full control" in "Allow" box, click OK, close registry editor.
Go to Start=>Run (alternatively use Windows key+R), type cmd and click OK.
Type:
net start mpssvc
Press Enter.
Post new FSS log.

 

[Sam Park]

I did the shareaccess part but the second part generated an error:

C:\Users\SAM>net start mpssvc
System error 1083 has occurred.
The executable program that this service is configured to run in does not implem
ent the service.

 

[Broni]

Restart computer and post new FSS log.

 

[Sam Park]

Farbar Service Scanner Version: 26-07-2012
Ran by Sachin (administrator) on 01-08-2012 at 19:48:07
Running from "C:\Users\SAM\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall value. The value does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

 

[Broni]

At this point we have three choices:

1. Try Windows repair installation (may work, may not)
2. Install 3rd party firewall (this is what I use)
3. Reinstall Windows.

Let me know what you want to do.

 

[Sam Park]

1. I'm not sure how to do a repair installation but I'll definately try that first.
2. Do you mind if I ask which firewall you use?
3. I'l try to avoid this as much as possible.

I've been searching the web and so far we've tried everything that has worked for everyone else.

Don't know if this is relevent, but if I open cmd normally it goes to C:\User\SAM>
but if I open cmd as admin I goes here by default C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Client\4.0.1>

Is that normal?

Just for my peace of mind, the zeroaccess rootkit is completely gone and we're trying to fix the damage done right?

Thanks again for all your help!
-Sam

 

[Broni]

Just for my peace of mind, the zeroaccess rootkit is completely gone and we're trying to fix the damage done right?

Yes.

Don't know if this is relevent, but if I open cmd normally it goes to C:\User\SAM>
but if I open cmd as admin I goes here by default C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Client\4.0.1>

I think your admin account may be corrupted.
Create new admin account and see if you can enable firewall from there.

2. I use Comodo firewall.
1. Do you have Windows 7 DVD?

 

[Sam Park]

1. Yes I bought my OS directly from microsoft so they mailed me a dvd. Problem is I don't have it with me, I left it with some other computer stuff in storage. I downloaded a image of windows 7 pro and burned it to a DVD for this problem.

I created a new admin user in windows 7, unfortunately I was unable to enable the firewall from there.

Is there any way to repair a damaged user profile?

 

[Broni]

Try repair installation: http://www.w7forums.com/repair-install-t1204.html

 

[Sam Park]

So I've been working at this for awhile and I'm stuck.

I followed the directions on the website and went to repair windows but before it started it said there was a possible conflict with:

USB Virtualization: USB Virtualization Stub Driver

They asked me to update it and then try the reinstall. So I tried to update it and windows said it was up to date, I checked online for instructions or fixes but couldn't find any that worked. So I preceeded anyways with the repair and it failed. So I simply just uninstalled the usb virtualization (vpcuxd.sys) and then tried to repair again and it also didn't work. Do you have any advice?

Thanks,
Sam

 

[Broni]

Well, unless you want to reinstall Windows I suggest 3rd party firewall.

 

[Sam Park]

First of all, I would like to thank you again Broni you've been a realy big help. I think I will take you up with your advice later this week and get a 3rd party firewall. I'll use it for a bit until I can get my win 7 disk out of storage and do a reformat. I've notice some other problems creeping up and I think it'll be better for the long run.

If you're still interested in this problem I'll list the symptoms:

1) When I try to do a repair install I get a warning: USB Virtualization Stub Driver
2) Firewall Can't start
3) elevated cmd prompt defaults to some weird adobe directory
4) My user profile is read only and it can't be changed
5) some registry keys won't allow me to give acces to groups like owner
6) got a shadow volume error once
7) my enviromental variables were all messed up, I though fixing them would help with the cmd prompt but it didn't not

If I could get one last piece of advice from you it would be how to do the reformat install and still keep as much settings and other stuff as possible.

Thanks!
Sam

 

[Broni]

There are too many problems.
I suspect your Windows installation is seriously corrupted.
I'd strongly suggest Windows reinstallation.