Author Topic: windows 8 firewall problems caused by bitcoin miner trojan  (Read 47462 times)

0 Members and 1 Guest are viewing this topic.

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
windows 8 firewall problems caused by bitcoin miner trojan
« on: August 10, 2013, 03:29:10 pm »
Hi,
If anyone could help I would be very grateful.  I have windows 8 and have problems with the firewall which is affecting things like skype and the store because they rely on the firewall to work.  I believe this has something to do with a 'bit coin miner' trojan that has been detected on the computer.  I have attached log reports for Tweaking Windows Repair, Rkill and Rogue Killer.

Thanks

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #1 on: August 10, 2013, 04:34:41 pm »
I have also done a Malware Bytes anti-rootkit scan and the log result is attahced here

thanks

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #2 on: August 12, 2013, 05:47:34 am »
ok so i think ive managed to get rid of the trojan but my problem with firewall and the store and skype remains

thanks

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #3 on: August 12, 2013, 12:51:34 pm »
If the infection has gone have you ran my Windows repair tool to get the firewall working?

Shane

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #4 on: August 12, 2013, 02:13:28 pm »
hi,

yes i ran it several times - i have attached the latest log here

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #5 on: August 13, 2013, 01:24:12 pm »
You may still have an infection. Those errors mean the services couldnt start and I bet if you check the registry you will see they have been deleted.

My repair tool puts those keys back in the registry, so if they are still gone then something is still deleting them.

Try running these two tools.

Malwarebytes Anti Rootkit (Different than there normal scanner)
http://www.malwarebytes.org/products/mbar/

And then combofix
http://www.bleepingcomputer.com/download/combofix/

Lets see if they find anything. :wink:

Shane

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #6 on: August 13, 2013, 01:37:43 pm »
will combofix work with windows 8?  i thought i read somewhere that it didnt - well anyway ill try them both now
thanks

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #7 on: August 14, 2013, 06:26:04 am »
Hi,

I have run malware bytes anti-root, combofix and the windows repiar tool again and the problem remains - I have attached the logs here

thanks

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #8 on: August 15, 2013, 03:58:35 pm »
They both did find a few more things.

Also I noticed you have norton internet security installed, which has its own firewall and I believe will turn off the Windows firewall.

Also lets see if the regkeys are back or if they are still being deleted.

See if you have these reg keys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
and
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS

Shane

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #9 on: August 16, 2013, 04:15:01 am »
Hi, yes I have both of those regkeys.  the problem is still there though - ive tried switching off the firewall on norton.

thanks

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #10 on: August 17, 2013, 02:33:39 am »
Check the event viewer and tell me the exact error number for it and I will research it and see what I can find :-)

Shane

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #11 on: August 17, 2013, 01:04:08 pm »
Service Control Manager - 7024

thanks

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #12 on: August 19, 2013, 03:56:13 pm »
Ah! that is the permission denied error.

And since my reset reg permissions in Windows 8 isnt allowed to run. (Because it will break the app store if you even touch permissions)

Normally my reg permissions would have fixed that error.

The virus you had change the permissions on the those reg keys for the services. You will have to manually edit the permissions for those keys and that should get it working again.

I should modify the repair to change permission just on those keys as well, that way it will work on Windows 8 :-)

Shane

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #13 on: August 19, 2013, 04:39:00 pm »
excuse the ignorance but how do you change the permisions?

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #14 on: August 19, 2013, 04:42:22 pm »
In the registry editor you can right click on the key and choose permissions.

Shane

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #15 on: August 20, 2013, 12:38:02 am »
hi.  which ones do i need to change exactly?  and for administrators or users?

Offline Willy2

  • Hero Member
  • *****
  • Join Date: Oct 2011
  • Posts: 1165
  • Karma: 18
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #16 on: August 20, 2013, 02:46:00 am »
@Pablo204: Download the file in the attachment and place it in the "files" subfolder of Windows Repair (WR). Unzip it and make sure you have 4 new files in that "files" sub-folder. Temporarily switch off Norton. Run the *.bat file with admin rights and run WR (Repair Firewall) again. Post the results in this thread. If it worked then it provides Shane (& me) a good clue of how & where WR needs to be improved.

You can switch off the MS Firewall if you want to run the Norton firewall only.
Go through this thread:
http://www.tweaking.com/forums/index.php/topic,1195.0.html
(And make sure you tick "Set Services to default ........" every time you run WR)


@Shane:
- The *.bat file changes the reg permissions for "Sharedaccess", "Mpssvc", "BFE" & "Bits". But I thought BITS had nothing to do with the MS Firewall ?
- Go through the stuff I have sent you. It contains these "change reg permissions" files as well.
« Last Edit: August 20, 2013, 03:01:10 am by Willy2 »

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #17 on: August 20, 2013, 05:31:39 am »
   Running Repair Under System Account
   Running Repair Under System Account
Starting Repairs...
   Start (10/08/2013 18:16:23)

Register System Files
   Start (10/08/2013 18:16:23)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:16:46)

Repair WMI
   Start (10/08/2013 18:16:46)
   Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

   Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

   Done (10/08/2013 18:19:50)

Repair Windows Firewall
   Start (10/08/2013 18:19:50)
   Running Repair Under Current User Account
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.

   Running Repair Under System Account
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.

   Done (10/08/2013 18:20:13)

Repair Internet Explorer
   Start (10/08/2013 18:20:13)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:20:46)

Repair MDAC/MS Jet
   Start (10/08/2013 18:20:46)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:20:55)

Repair Hosts File
   Start (10/08/2013 18:20:55)
   Running Repair Under System Account
   Done (10/08/2013 18:20:57)

Remove Policies Set By Infections
   Start (10/08/2013 18:20:57)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:21:02)

Repair Icons
   Start (10/08/2013 18:21:02)
   Running Repair Under System Account
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db
   Done (10/08/2013 18:21:04)

Repair Winsock & DNS Cache
   Start (10/08/2013 18:21:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:21:13)

Repair Proxy Settings
   Start (10/08/2013 18:21:13)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:21:17)

Repair Windows Updates
   Start (10/08/2013 18:21:17)
   Running Repair Under Current User Account
The Automatic Updates service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Automatic Updates service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Done (10/08/2013 18:21:33)

Repair CD/DVD Missing/Not Working
   Start (10/08/2013 18:21:33)
   Done (10/08/2013 18:21:33)

Repair Volume Shadow Copy Service
   Start (10/08/2013 18:21:33)
   Running Repair Under Current User Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

   Running Repair Under System Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

   Done (10/08/2013 18:21:39)

Repair MSI (Windows Installer)
   Start (10/08/2013 18:21:39)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:21:48)

Repair bat Association
   Start (10/08/2013 18:21:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:21:53)

Repair cmd Association
   Start (10/08/2013 18:21:53)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:21:57)

Repair com Association
   Start (10/08/2013 18:21:57)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:22:02)

Repair Directory Association
   Start (10/08/2013 18:22:02)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:22:06)

Repair Drive Association
   Start (10/08/2013 18:22:06)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:22:11)

Repair exe Association
   Start (10/08/2013 18:22:11)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:22:16)

Repair Folder Association
   Start (10/08/2013 18:22:16)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:22:20)

Repair inf Association
   Start (10/08/2013 18:22:20)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:22:25)

Repair lnk (Shortcuts) Association
   Start (10/08/2013 18:22:25)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:22:29)

Repair msc Association
   Start (10/08/2013 18:22:29)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:22:34)

Repair reg Association
   Start (10/08/2013 18:22:34)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:22:39)

Repair scr Association
   Start (10/08/2013 18:22:39)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:22:43)

Repair Windows Safe Mode
   Start (10/08/2013 18:22:43)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:22:48)

Repair Print Spooler
   Start (10/08/2013 18:22:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:23:01)

Restore Important Windows Services
   Start (10/08/2013 18:23:01)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:23:05)

Set Windows Services To Default Startup
   Start (10/08/2013 18:23:06)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:23:10)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (10/08/2013 18:23:10)
   Total Repair Time: 00:06:47


...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under System Account
Starting Repairs...
   Start (10/08/2013 18:43:29)

Register System Files
   Start (10/08/2013 18:43:29)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:44:07)

Repair WMI
   Start (10/08/2013 18:44:07)
   Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

   Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

   Done (10/08/2013 18:47:50)

Repair Windows Firewall
   Start (10/08/2013 18:47:50)
   Running Repair Under Current User Account
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.

   Running Repair Under System Account
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.

   Done (10/08/2013 18:48:13)

Repair Internet Explorer
   Start (10/08/2013 18:48:13)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:48:40)

Repair MDAC/MS Jet
   Start (10/08/2013 18:48:40)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:48:49)

Repair Hosts File
   Start (10/08/2013 18:48:49)
   Running Repair Under System Account
   Done (10/08/2013 18:48:51)

Remove Policies Set By Infections
   Start (10/08/2013 18:48:51)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:48:56)

Repair Icons
   Start (10/08/2013 18:48:56)
   Running Repair Under System Account
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db
   Done (10/08/2013 18:48:58)

Repair Winsock & DNS Cache
   Start (10/08/2013 18:48:58)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:49:07)

Repair Proxy Settings
   Start (10/08/2013 18:49:07)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:49:11)

Repair Windows Updates
   Start (10/08/2013 18:49:11)
   Running Repair Under Current User Account
The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Done (10/08/2013 18:49:26)

Repair CD/DVD Missing/Not Working
   Start (10/08/2013 18:49:26)
   Done (10/08/2013 18:49:26)

Repair Volume Shadow Copy Service
   Start (10/08/2013 18:49:26)
   Running Repair Under Current User Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

   Running Repair Under System Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

   Done (10/08/2013 18:49:31)

Repair MSI (Windows Installer)
   Start (10/08/2013 18:49:31)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:49:40)

Repair bat Association
   Start (10/08/2013 18:49:40)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:49:51)

Repair cmd Association
   Start (10/08/2013 18:49:51)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:49:56)

Repair com Association
   Start (10/08/2013 18:49:56)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:50:00)

Repair Directory Association
   Start (10/08/2013 18:50:00)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:50:05)

Repair Drive Association
   Start (10/08/2013 18:50:05)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:50:09)

Repair exe Association
   Start (10/08/2013 18:50:09)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:50:14)

Repair Folder Association
   Start (10/08/2013 18:50:14)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:50:19)

Repair inf Association
   Start (10/08/2013 18:50:19)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:50:23)

Repair lnk (Shortcuts) Association
   Start (10/08/2013 18:50:23)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:50:28)

Repair msc Association
   Start (10/08/2013 18:50:28)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:50:33)

Repair reg Association
   Start (10/08/2013 18:50:33)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:50:37)

Repair scr Association
   Start (10/08/2013 18:50:37)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:50:42)

Repair Windows Safe Mode
   Start (10/08/2013 18:50:42)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:50:47)

Repair Print Spooler
   Start (10/08/2013 18:50:47)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:50:59)

Restore Important Windows Services
   Start (10/08/2013 18:50:59)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:51:04)

Set Windows Services To Default Startup
   Start (10/08/2013 18:51:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 18:51:09)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (10/08/2013 18:51:09)
   Total Repair Time: 00:07:40


...YOU MUST RESTART YOUR SYSTEM...
Starting Repairs...
   Start (10/08/2013 22:11:46)

Register System Files
   Start (10/08/2013 22:11:46)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:12:06)

Repair WMI
   Start (10/08/2013 22:12:06)
   Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

   Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

   Done (10/08/2013 22:15:00)

Repair Windows Firewall
   Start (10/08/2013 22:15:00)
   Running Repair Under Current User Account
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.

   Running Repair Under System Account
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.

   Done (10/08/2013 22:15:23)

Repair Internet Explorer
   Start (10/08/2013 22:15:23)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:15:46)

Repair MDAC/MS Jet
   Start (10/08/2013 22:15:46)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:15:55)

Repair Hosts File
   Start (10/08/2013 22:15:55)
   Running Repair Under System Account
   Done (10/08/2013 22:15:57)

Remove Policies Set By Infections
   Start (10/08/2013 22:15:57)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:16:02)

Repair Icons
   Start (10/08/2013 22:16:02)
   Running Repair Under System Account
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db
   Done (10/08/2013 22:16:04)

Repair Winsock & DNS Cache
   Start (10/08/2013 22:16:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:16:13)

Repair Proxy Settings
   Start (10/08/2013 22:16:13)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:16:18)

Repair Windows Updates
   Start (10/08/2013 22:16:18)
   Running Repair Under Current User Account
The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Done (10/08/2013 22:16:32)

Repair CD/DVD Missing/Not Working
   Start (10/08/2013 22:16:32)
   Done (10/08/2013 22:16:32)

Repair Volume Shadow Copy Service
   Start (10/08/2013 22:16:33)
   Running Repair Under Current User Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

   Running Repair Under System Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

   Done (10/08/2013 22:16:39)

Repair MSI (Windows Installer)
   Start (10/08/2013 22:16:39)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:16:48)

Repair bat Association
   Start (10/08/2013 22:16:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:16:52)

Repair cmd Association
   Start (10/08/2013 22:16:52)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:16:57)

Repair com Association
   Start (10/08/2013 22:16:57)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:17:02)

Repair Directory Association
   Start (10/08/2013 22:17:02)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:17:06)

Repair Drive Association
   Start (10/08/2013 22:17:06)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:17:11)

Repair exe Association
   Start (10/08/2013 22:17:11)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:17:16)

Repair Folder Association
   Start (10/08/2013 22:17:16)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:17:20)

Repair inf Association
   Start (10/08/2013 22:17:20)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:17:25)

Repair lnk (Shortcuts) Association
   Start (10/08/2013 22:17:25)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:17:29)

Repair msc Association
   Start (10/08/2013 22:17:29)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:17:34)

Repair reg Association
   Start (10/08/2013 22:17:34)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:17:39)

Repair scr Association
   Start (10/08/2013 22:17:39)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:17:43)

Repair Windows Safe Mode
   Start (10/08/2013 22:17:43)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:17:48)

Repair Print Spooler
   Start (10/08/2013 22:17:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:18:00)

Restore Important Windows Services
   Start (10/08/2013 22:18:00)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:18:05)

Set Windows Services To Default Startup
   Start (10/08/2013 22:18:05)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 22:18:10)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (10/08/2013 22:18:10)
   Total Repair Time: 00:06:24


...YOU MUST RESTART YOUR SYSTEM...
Starting Repairs...
   Start (10/08/2013 23:50:18)

Register System Files
   Start (10/08/2013 23:50:18)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 23:50:41)

Repair WMI
   Start (10/08/2013 23:50:41)
   Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

   Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

   Done (10/08/2013 23:53:46)

Repair Windows Firewall
   Start (10/08/2013 23:53:46)
   Running Repair Under Current User Account
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.

   Running Repair Under System Account
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.

   Done (10/08/2013 23:54:09)

Repair Internet Explorer
   Start (10/08/2013 23:54:09)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 23:54:34)

Repair MDAC/MS Jet
   Start (10/08/2013 23:54:34)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 23:54:42)

Repair Hosts File
   Start (10/08/2013 23:54:42)
   Running Repair Under System Account
   Done (10/08/2013 23:54:45)

Remove Policies Set By Infections
   Start (10/08/2013 23:54:45)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 23:54:49)

Repair Icons
   Start (10/08/2013 23:54:49)
   Running Repair Under System Account
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db
   Done (10/08/2013 23:54:52)

Repair Winsock & DNS Cache
   Start (10/08/2013 23:54:52)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 23:55:04)

Repair Proxy Settings
   Start (10/08/2013 23:55:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 23:55:09)

Repair Windows Updates
   Start (10/08/2013 23:55:09)
   Running Repair Under Current User Account
The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Done (10/08/2013 23:55:24)

Repair CD/DVD Missing/Not Working
   Start (10/08/2013 23:55:24)
   Done (10/08/2013 23:55:24)

Repair Volume Shadow Copy Service
   Start (10/08/2013 23:55:24)
   Running Repair Under Current User Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

   Running Repair Under System Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

   Done (10/08/2013 23:55:31)

Repair MSI (Windows Installer)
   Start (10/08/2013 23:55:31)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 23:55:39)

Repair bat Association
   Start (10/08/2013 23:55:39)
   Running Repair Under Current User Account

Stopping, Waiting for current repair to finish...

   Running Repair Under System Account
   Done (10/08/2013 23:55:44)

Repairs Stopped By User.
   Done (10/08/2013 23:55:44)
   Total Repair Time: 00:05:26

Starting Repairs...
   Start (10/08/2013 23:56:35)

Register System Files
   Start (10/08/2013 23:56:35)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/08/2013 23:56:55)

Repair WMI
   Start (10/08/2013 23:56:55)
   Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

   Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

   Done (11/08/2013 00:00:59)

Repair Windows Firewall
   Start (11/08/2013 00:00:59)
   Running Repair Under Current User Account
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.

   Running Repair Under System Account
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.

   Done (11/08/2013 00:01:20)

Repair Internet Explorer
   Start (11/08/2013 00:01:20)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:01:37)

Repair MDAC/MS Jet
   Start (11/08/2013 00:01:37)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:01:46)

Repair Hosts File
   Start (11/08/2013 00:01:46)
   Running Repair Under System Account
   Done (11/08/2013 00:01:48)

Remove Policies Set By Infections
   Start (11/08/2013 00:01:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:01:53)

Repair Icons
   Start (11/08/2013 00:01:53)
   Running Repair Under System Account
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
The system cannot find the file specified.
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
   Done (11/08/2013 00:01:55)

Repair Winsock & DNS Cache
   Start (11/08/2013 00:01:55)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:02:04)

Repair Proxy Settings
   Start (11/08/2013 00:02:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:02:08)

Repair Windows Updates
   Start (11/08/2013 00:02:08)
   Running Repair Under Current User Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Done (11/08/2013 00:02:21)

Repair CD/DVD Missing/Not Working
   Start (11/08/2013 00:02:21)
   Done (11/08/2013 00:02:21)

Repair Volume Shadow Copy Service
   Start (11/08/2013 00:02:21)
   Running Repair Under Current User Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

   Running Repair Under System Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

   Done (11/08/2013 00:02:26)

Repair MSI (Windows Installer)
   Start (11/08/2013 00:02:26)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:02:34)

Repair bat Association
   Start (11/08/2013 00:02:34)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:02:39)

Repair cmd Association
   Start (11/08/2013 00:02:39)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:02:44)

Repair com Association
   Start (11/08/2013 00:02:44)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:02:48)

Repair Directory Association
   Start (11/08/2013 00:02:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:02:53)

Repair Drive Association
   Start (11/08/2013 00:02:53)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:02:57)

Repair exe Association
   Start (11/08/2013 00:02:57)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:03:02)

Repair Folder Association
   Start (11/08/2013 00:03:02)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:03:06)

Repair inf Association
   Start (11/08/2013 00:03:07)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:03:11)

Repair lnk (Shortcuts) Association
   Start (11/08/2013 00:03:11)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:03:16)

Repair msc Association
   Start (11/08/2013 00:03:16)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:03:20)

Repair reg Association
   Start (11/08/2013 00:03:20)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:03:25)

Repair scr Association
   Start (11/08/2013 00:03:25)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:03:29)

Repair Windows Safe Mode
   Start (11/08/2013 00:03:29)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:03:34)

Repair Print Spooler
   Start (11/08/2013 00:03:34)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:03:47)

Restore Important Windows Services
   Start (11/08/2013 00:03:47)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:03:51)

Set Windows Services To Default Startup
   Start (11/08/2013 00:03:51)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 00:03:56)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (11/08/2013 00:03:56)
   Total Repair Time: 00:07:21


...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under System Account
Starting Repairs...
   Start (11/08/2013 23:04:13)

Register System Files
   Start (11/08/2013 23:04:13)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:04:41)

Repair WMI
   Start (11/08/2013 23:04:41)
   Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

   Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

   Done (11/08/2013 23:07:45)

Repair Windows Firewall
   Start (11/08/2013 23:07:45)
   Running Repair Under Current User Account
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.

   Running Repair Under System Account
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.

   Done (11/08/2013 23:08:10)

Repair Internet Explorer
   Start (11/08/2013 23:08:10)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:08:33)

Repair MDAC/MS Jet
   Start (11/08/2013 23:08:34)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:08:42)

Repair Hosts File
   Start (11/08/2013 23:08:42)
   Running Repair Under System Account
   Done (11/08/2013 23:08:44)

Remove Policies Set By Infections
   Start (11/08/2013 23:08:44)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:08:49)

Repair Icons
   Start (11/08/2013 23:08:49)
   Running Repair Under System Account
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db
   Done (11/08/2013 23:08:51)

Repair Winsock & DNS Cache
   Start (11/08/2013 23:08:51)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:09:04)

Repair Proxy Settings
   Start (11/08/2013 23:09:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:09:09)

Repair Windows Updates
   Start (11/08/2013 23:09:09)
   Running Repair Under Current User Account
The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Done (11/08/2013 23:09:26)

Repair CD/DVD Missing/Not Working
   Start (11/08/2013 23:09:26)
   Done (11/08/2013 23:09:26)

Repair Volume Shadow Copy Service
   Start (11/08/2013 23:09:26)
   Running Repair Under Current User Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

   Running Repair Under System Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

   Done (11/08/2013 23:09:31)

Repair MSI (Windows Installer)
   Start (11/08/2013 23:09:31)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:09:39)

Repair bat Association
   Start (11/08/2013 23:09:39)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:09:44)

Repair cmd Association
   Start (11/08/2013 23:09:44)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:09:49)

Repair com Association
   Start (11/08/2013 23:09:49)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:09:53)

Repair Directory Association
   Start (11/08/2013 23:09:53)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:09:58)

Repair Drive Association
   Start (11/08/2013 23:09:58)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:10:03)

Repair exe Association
   Start (11/08/2013 23:10:03)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:10:07)

Repair Folder Association
   Start (11/08/2013 23:10:07)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:10:12)

Repair inf Association
   Start (11/08/2013 23:10:12)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:10:16)

Repair lnk (Shortcuts) Association
   Start (11/08/2013 23:10:16)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:10:21)

Repair msc Association
   Start (11/08/2013 23:10:21)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:10:26)

Repair reg Association
   Start (11/08/2013 23:10:26)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:10:30)

Repair scr Association
   Start (11/08/2013 23:10:30)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:10:35)

Repair Windows Safe Mode
   Start (11/08/2013 23:10:35)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:10:39)

Repair Print Spooler
   Start (11/08/2013 23:10:40)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:10:52)

Restore Important Windows Services
   Start (11/08/2013 23:10:52)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:10:57)

Set Windows Services To Default Startup
   Start (11/08/2013 23:10:57)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/08/2013 23:11:02)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (11/08/2013 23:11:02)
   Total Repair Time: 00:06:49


...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under System Account
Starting Repairs...
   Start (12/08/2013 16:57:38)

Register System Files
   Start (12/08/2013 16:57:38)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 16:57:59)

Repair WMI
   Start (12/08/2013 16:57:59)
   Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

   Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

   Done (12/08/2013 17:00:57)

Repair Windows Firewall
   Start (12/08/2013 17:00:57)
   Running Repair Under Current User Account
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.

   Running Repair Under System Account
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.

   Done (12/08/2013 17:01:20)

Repair Internet Explorer
   Start (12/08/2013 17:01:20)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:01:43)

Repair MDAC/MS Jet
   Start (12/08/2013 17:01:43)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:01:52)

Repair Hosts File
   Start (12/08/2013 17:01:52)
   Running Repair Under System Account
   Done (12/08/2013 17:01:54)

Remove Policies Set By Infections
   Start (12/08/2013 17:01:54)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:01:59)

Repair Icons
   Start (12/08/2013 17:01:59)
   Running Repair Under System Account
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db
   Done (12/08/2013 17:02:01)

Repair Winsock & DNS Cache
   Start (12/08/2013 17:02:01)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:02:12)

Repair Proxy Settings
   Start (12/08/2013 17:02:12)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:02:16)

Repair Windows Updates
   Start (12/08/2013 17:02:16)
   Running Repair Under Current User Account
The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
   Done (12/08/2013 17:02:33)

Repair CD/DVD Missing/Not Working
   Start (12/08/2013 17:02:33)
   Done (12/08/2013 17:02:33)

Repair Volume Shadow Copy Service
   Start (12/08/2013 17:02:33)
   Running Repair Under Current User Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

   Running Repair Under System Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

   Done (12/08/2013 17:02:44)

Repair MSI (Windows Installer)
   Start (12/08/2013 17:02:44)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:02:53)

Repair bat Association
   Start (12/08/2013 17:02:53)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:02:57)

Repair cmd Association
   Start (12/08/2013 17:02:57)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:03:02)

Repair com Association
   Start (12/08/2013 17:03:02)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:03:07)

Repair Directory Association
   Start (12/08/2013 17:03:07)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:03:11)

Repair Drive Association
   Start (12/08/2013 17:03:11)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:03:16)

Repair exe Association
   Start (12/08/2013 17:03:16)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:03:21)

Repair Folder Association
   Start (12/08/2013 17:03:21)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:03:25)

Repair inf Association
   Start (12/08/2013 17:03:25)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:03:30)

Repair lnk (Shortcuts) Association
   Start (12/08/2013 17:03:30)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:03:35)

Repair msc Association
   Start (12/08/2013 17:03:35)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:03:39)

Repair reg Association
   Start (12/08/2013 17:03:39)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:03:44)

Repair scr Association
   Start (12/08/2013 17:03:44)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:03:48)

Repair Windows Safe Mode
   Start (12/08/2013 17:03:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:03:53)

Repair Print Spooler
   Start (12/08/2013 17:03:53)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:04:06)

Restore Important Windows Services
   Start (12/08/2013 17:04:06)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:04:11)

Set Windows Services To Default Startup
   Start (12/08/2013 17:04:11)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 17:04:15)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (12/08/2013 17:04:15)
   Total Repair Time: 00:06:37


...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under System Account
   Running Repair Under System Account
Starting Repairs...
   Start (12/08/2013 22:57:33)

Register System Files
   Start (12/08/2013 22:57:33)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 22:57:58)

Repair WMI
   Start (12/08/2013 22:57:58)
   Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

   Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

   Done (12/08/2013 23:01:06)

Repair Windows Firewall
   Start (12/08/2013 23:01:06)
   Running Repair Under Current User Account
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.

   Running Repair Under System Account
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.

   Done (12/08/2013 23:01:30)

Repair Internet Explorer
   Start (12/08/2013 23:01:30)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 23:01:53)

Repair MDAC/MS Jet
   Start (12/08/2013 23:01:54)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 23:02:02)

Repair Hosts File
   Start (12/08/2013 23:02:02)
   Running Repair Under System Account
   Done (12/08/2013 23:02:04)

Remove Policies Set By Infections
   Start (12/08/2013 23:02:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 23:02:09)

Repair Icons
   Start (12/08/2013 23:02:09)
   Running Repair Under System Account
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\matthew204\AppData\Local\IconCache.db
   Done (12/08/2013 23:02:11)

Repair Winsock & DNS Cache
   Start (12/08/2013 23:02:11)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/08/2013 23:02:24)

Repair Proxy Settings
   Start (12/08/2013

Offline Willy2

  • Hero Member
  • *****
  • Join Date: Oct 2011
  • Posts: 1165
  • Karma: 18
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #18 on: August 20, 2013, 11:12:58 am »
Check your system date & time. It seems they're not set to the proper value(s).

It seems the Trojan has removed the ICS service. Because there're 3 ICS related errors. "ICS isn't started", "ICS could not be started" & "the service didn't report an error". It seems the Trojan also has taken out Windows Update. I made a new *.zip file (see attachment), try it out like the previous one. It resets the appropriate permissions for a number of services.

Then delete the old WR logfile, run WR with only "Restore Important Services" selected. Reboot, then run WR with only "Repair Firewall" & "Repair Windows Update" selected. If you want to post the WR log file then add it as an attachment.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #19 on: August 20, 2013, 12:20:17 pm »
You want to change the permissions on the bits and shared access services.

Give system, administrators and everyone full access control to it and have it apply those to all subkeys as well. You may also want to see about changing the owner to administrators as well. Depending what the virus changed.

Shane

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #20 on: August 20, 2013, 12:28:18 pm »
I see what you mean about the time - but in the bottom right of the screen the clock and date are fine but in the log its all over the place with different dates and stuff.  Actually the windows update is working ok but ill try your reccomendations now anyway

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #21 on: August 20, 2013, 01:34:15 pm »
right here is the log attached.  one thing - i didnt delete the old files from the last zip file you sent, they wernt overidden because they had a slightly different name so they all ended up together in the folder - i don tknow if this makes a difference or not.  i did run the new bat file though.  anyway ill try changing the permissions now.

thanks

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #22 on: August 20, 2013, 01:55:04 pm »
Ive changed the permissions - still no luck!  I noticed that in the users/groups box on the share access service sevices there was an entry with a figure of a person (not 2) with a red question mark and it was called  s-1-5-32-547   this seems strange because ive never created a user with that name.  in fact i should only have 1 user and 1 admin.

Offline Willy2

  • Hero Member
  • *****
  • Join Date: Oct 2011
  • Posts: 1165
  • Karma: 18
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #23 on: August 21, 2013, 04:57:04 am »
- the latest logfile shows the Windows Firewall caused error #5 (=Access Denied). Odd. because the content of the *.zip file was meant to reset the reg permissions. Did you turn off Norton before running the *.bat file ?
- I am curious what the content is of the registry for a number of services. Download the FARBAR service tool.
http://www.bleepingcomputer.com/download/farbar-service-scanner/

1. Tick the boxes "Internet Services", "Windows Firewall", "Security Center" and hit "Scan". Perhaps some of the driver files are missing.
2. Type "SharedAccess", "Mpssvc", "Wscsvc" in the "Search:" box and hit "Export Service".
Then post both results in the attachment of your next post.

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #24 on: August 21, 2013, 05:33:35 am »
Hi,

I have attached those files below.  Im going to try the *bat file again because i cant be sure i didn turn off norton - i think i did