Good suggestions... I have tried as system restore from inside win7 and from boot menu... is safe mode any different than the latter? Anyone has success with uninstalling Malware-bytes and having your files return to normal???

Hi, try system restore to state, in which was everything OK. Try also uninstall Malware-bytes and install Microsoft Security Essentials. You can roll back with system restore from Safe mode. This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. Microsoft Student Partner 2010 / 2011 / 2012 Microsoft Certified Professional | Connected Home Integrator | Consumer Sales Specialist Microsoft Certified IT Professional: Consumer Support Technician on Windows Vista Microsoft Certified IT Professional: Enterprise Support Technician on Windows Vista Microsoft Certified IT Professional: Server Administrator on Windows Server 2008 Microsoft Certified Technology Specialist: Windows 7, Configuration | Microsoft Windows Vista, Configuration Pre-Installing Windows 7 for OEMs | Windows 7 and Office 2010, Deployment | Windows Vista and Server Operating Systems, Preinstallation Windows Server 2008 Active Directory, Conf | Windows Server 2008 Network Infrastructure, Conf | Windows Server 2008 Applications Infrastructure, Conf Windows Server 2008 R2, Server Virtualization | Windows Server Virtualization, Configuration | Microsoft Lync Server 2010, Configuring Windows SBS 2011, Configuring | Windows EBS 2008, Configuration | Windows SBS 2008, Configuration Windows HPC Server 2008, Development | Windows Internals | MDOP, Configuration | SharePoint 2010, Configuration Microsoft SCOM, Configuration | Microsoft SCDPM 2007, Configuration | Microsoft SCVMM 2008, Configuration

Malware-bytes found some problems on my PC this morning... I notice my web pages being redirected and ran it immediately: Memory Processes Detected: 4 C:\Users\Gee\AppData\Local\Temp\~!#AD22.tmp (Trojan.Dropper.PE4) -> 1828 -> Delete on reboot. C:\Users\Gee\AppData\Roaming\4CBA8\05CE7.exe (Trojan.Dropper.PE4) -> 5016 -> Delete on reboot. C:\Users\Gee\AppData\Roaming\A87EC\lvvm.exe (Trojan.Dropper.PE4) -> 4684 -> Delete on reboot. C:\Users\Gee\AppData\Roaming\firefox.exe (Trojan.Dropper.PE4) -> 5800 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SYSTEM\CurrentControlSet\Services\AFD (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Detected: 3 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Backdoor.CycBot) -> Data: C:\Users\Gee\AppData\Roaming\A87EC\lvvm.exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Users\Gee\AppData\Roaming\4CBA8\05CE7.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|D7D.exe (Backdoor.CycBot) -> Data: C:\Program Files\LP\E724\D7D.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Dropper.PE4) -> Bad: (C:\Users\Gee\AppData\Roaming\A87EC\lvvm.exe) Good: () -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 7 C:\Users\Gee\AppData\Local\Temp\~!#AD22.tmp (Trojan.Dropper.PE4) -> Delete on reboot. C:\Users\Gee\AppData\Roaming\4CBA8\05CE7.exe (Trojan.Dropper.PE4) -> Delete on reboot. C:\Users\Gee\AppData\Roaming\A87EC\lvvm.exe (Trojan.Dropper.PE4) -> Delete on reboot. C:\Users\Gee\AppData\Roaming\firefox.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully. C:\Users\Gee\AppData\Roaming\Microsoft\E724\4904.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully. C:\Windows\System32\drivers\afd.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\LP\E724\D7D.exe (Backdoor.CycBot) -> Quarantined and deleted successfully. (end) After reboot, my antivirus program disappeared and my internet connection was lost: afd service is missing bfe service is missing and MpsSvc is missing Mpsdrv is operable, but the rest are not responding to startup How can I get my PC back?!

Hi, try system restore to state, in which was everything OK. Try also uninstall Malware-bytes and install Microsoft Security Essentials. You can roll back with system restore from Safe mode. This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. Microsoft Student Partner 2010 / 2011 / 2012 Microsoft Certified Professional | Connected Home Integrator | Consumer Sales Specialist Microsoft Certified IT Professional: Consumer Support Technician on Windows Vista Microsoft Certified IT Professional: Enterprise Support Technician on Windows Vista Microsoft Certified IT Professional: Server Administrator on Windows Server 2008 Microsoft Certified Technology Specialist: Windows 7, Configuration | Microsoft Windows Vista, Configuration Pre-Installing Windows 7 for OEMs | Windows 7 and Office 2010, Deployment | Windows Vista and Server Operating Systems, Preinstallation Windows Server 2008 Active Directory, Conf | Windows Server 2008 Network Infrastructure, Conf | Windows Server 2008 Applications Infrastructure, Conf Windows Server 2008 R2, Server Virtualization | Windows Server Virtualization, Configuration | Microsoft Lync Server 2010, Configuring Windows SBS 2011, Configuring | Windows EBS 2008, Configuration | Windows SBS 2008, Configuration Windows HPC Server 2008, Development | Windows Internals | MDOP, Configuration | SharePoint 2010, Configuration Microsoft SCOM, Configuration | Microsoft SCDPM 2007, Configuration | Microsoft SCVMM 2008, Configuration

Good suggestions... I have tried as system restore from inside win7 and from boot menu... is safe mode any different than the latter? Hi, They are same. You may also perform System Restore under Windows RE.Juke Chou TechNet Community Support

Good suggestions... I have tried as system restore from inside win7 and from boot menu... is safe mode any different than the latter? Hi, They are same. You may also perform System Restore under Windows RE.Juke Chou TechNet Community Support

@kgbader When you have completed System restore, recheck via the services to insure that Base Filtering Engine and Windows firewall are "enabled", along with dependent services. This rogue malware (along with some other of it's "family") will effectively render BFE as "not there" and windows firewall disabled. That was done by the rogue, not by MBAM (which took out the rogue). Check Windows 7 Action Center to make sure firewall is on. If and only IF still having issues with BFE or Firewall, then download and Save 2 registry fixes: bfe.reg & firewall.reg http://www.mediafire.com/?317ea53a883288d http://www.mediafire.com/?z6aw8j7997qa7j9 Make sure they have a .REG extension Right Click on each reg (in turn) and do a MERGE You may have to respond to UAC prompt. Afterwards, recheck services and also Action Center for firewall and anti-virus status. AFAIK, neither MSE or MBAM cover the registry fixes. That is why it almost always requires additional fixes after the rogue is taken out. p.s. The "author" of the fixes is unknown (at least till now) but the registry lines are essentially what you would have on a clean Windows client for the 2 sets of services. Maurice Naggar ~ MVP (Oct 2002 - Sept 2010)

@kgbader When you have completed System restore, recheck via the services to insure that Base Filtering Engine and Windows firewall are "enabled", along with dependent services. This rogue malware (along with some other of it's "family") will effectively render BFE as "not there" and windows firewall disabled. That was done by the rogue, not by MBAM (which took out the rogue). Check Windows 7 Action Center to make sure firewall is on. If and only IF still having issues with BFE or Firewall, then download and Save 2 registry fixes: bfe.reg & firewall.reg http://www.mediafire.com/?317ea53a883288d http://www.mediafire.com/?z6aw8j7997qa7j9 Make sure they have a .REG extension Right Click on each reg (in turn) and do a MERGE You may have to respond to UAC prompt. Afterwards, recheck services and also Action Center for firewall and anti-virus status. AFAIK, neither MSE or MBAM cover the registry fixes. That is why it almost always requires additional fixes after the rogue is taken out. p.s. The "author" of the fixes is unknown (at least till now) but the registry lines are essentially what you would have on a clean Windows client for the 2 sets of services. Maurice Naggar ~ MVP (Oct 2002 - Sept 2010)