Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 security center won't start and wouldn't turn on


  • This topic is locked This topic is locked
42 replies to this topic

#1 sunsigil

sunsigil

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 08 June 2012 - 01:07 PM

Hello, my name is Gilberto Barrion. I've recently built a new Pc and I believe it is infected by some sort of virus/malware.

When I start up my Pc it would not start microsoft essentials or windows firewall. Saying the service has stopped, when I try to start it -prompts me to close all apps and restart.
my xfast program also spikes saying it has too many connections at the time (dunno what this means).

How do I fix this problem, how do I prevent this in the future (if this problem gets fixed).

Thank you for your time in reading this, hopefully we can find a solution

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:03 PM

Posted 08 June 2012 - 04:18 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 sunsigil

sunsigil
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 08 June 2012 - 05:13 PM

Here is all the things you have requested, and thank you for your aid.

Security Check





Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Norton Internet Security
Ad-Aware Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
MVPS Hosts File
SpywareBlaster 4.6
Spybot - Search & Destroy
JavaFX 2.1.0
Java™ 7 Update 4
Out of date Java installed!
Adobe Flash Player 11.3.300.257
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Microsoft Security Essentials msseces.exe
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
``````````End of Log````````````





Farbar Service Scanner Version: 05-06-2012
Ran by Junjun (administrator) on 08-06-2012 at 14:50:32
Running from "C:\Users\Junjun\Desktop\Multimedia"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****





MiniToolBox by Farbar Version: 04-06-2012
Ran by Junjun (administrator) on 08-06-2012 at 14:53:16
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com

There are 15219 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Junjun-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : BC-5F-F4-2B-E2-6A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::74fa:b638:67d0:7f96%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, June 08, 2012 2:44:58 PM
Lease Expires . . . . . . . . . . : Saturday, June 09, 2012 2:44:58 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 247226356
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-3C-DC-62-BC-5F-F4-2B-E2-6A
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 2607:f8b0:4000:800::1005
74.125.227.96
74.125.227.97
74.125.227.98
74.125.227.99
74.125.227.100
74.125.227.101
74.125.227.102
74.125.227.103
74.125.227.104
74.125.227.105
74.125.227.110


Pinging google.com [74.125.227.101] with 32 bytes of data:
Reply from 74.125.227.101: bytes=32 time=61ms TTL=52
Reply from 74.125.227.101: bytes=32 time=59ms TTL=52

Ping statistics for 74.125.227.101:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 59ms, Maximum = 61ms, Average = 60ms
Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=64ms TTL=49
Reply from 209.191.122.70: bytes=32 time=62ms TTL=49

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 62ms, Maximum = 64ms, Average = 63ms
Server: homeportal
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...bc 5f f4 2b e2 6a ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.64 276
192.168.1.64 255.255.255.255 On-link 192.168.1.64 276
192.168.1.255 255.255.255.255 On-link 192.168.1.64 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.64 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.64 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::74fa:b638:67d0:7f96/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/08/2012 10:46:36 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00005ffe79b00000
Faulting process id: 0xe90
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (06/08/2012 10:34:28 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: mshtml.dll, version: 9.0.8112.16443, time stamp: 0x4f4c81a4
Exception code: 0xc0000005
Fault offset: 0x00000000002ecf42
Faulting process id: 0x750
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (06/05/2012 09:05:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 12.0.0.4493, time stamp: 0x4f9207d9
Faulting module name: nvd3dum.dll, version: 8.17.13.142, time stamp: 0x4fb20472
Exception code: 0xc0000005
Fault offset: 0x0070599f
Faulting process id: 0x96c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (06/05/2012 11:14:06 AM) (Source: Application Hang) (User: )
Description: The program Steam.exe version 1.0.1065.11 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b30

Start Time: 01cd4340ebb2df38

Termination Time: 9

Application Path: C:\Program Files (x86)\Steam\Steam.exe

Report Id: 382fe5ca-af3a-11e1-bb9f-bc5ff42be26a

Error: (06/01/2012 07:18:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: swkotor.exe, version: 1.0.3.0, time stamp: 0x402bc2d9
Faulting module name: binkw32.dll, version: 1.5.21.0, time stamp: 0x3e9e0f4d
Exception code: 0xc0000095
Fault offset: 0x00014ff6
Faulting process id: 0x17ac
Faulting application start time: 0xswkotor.exe0
Faulting application path: swkotor.exe1
Faulting module path: swkotor.exe2
Report Id: swkotor.exe3

Error: (05/15/2012 10:40:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 11.0.8345.0, time stamp: 0x4f3c32b8
Faulting module name: WINWORD.EXE, version: 11.0.8345.0, time stamp: 0x4f3c32b8
Exception code: 0xc0000005
Fault offset: 0x002aa486
Faulting process id: 0x1020
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3

Error: (05/15/2012 10:38:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 11.0.8345.0, time stamp: 0x4f3c32b8
Faulting module name: WINWORD.EXE, version: 11.0.8345.0, time stamp: 0x4f3c32b8
Exception code: 0xc0000005
Fault offset: 0x002aa486
Faulting process id: 0xa10
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3

Error: (05/14/2012 05:58:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 11.0.8169.0, time stamp: 0x465f2a40
Faulting module name: WINWORD.EXE, version: 11.0.8169.0, time stamp: 0x465f2a40
Exception code: 0xc0000005
Fault offset: 0x002f4b1d
Faulting process id: 0xe34
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3

Error: (05/14/2012 05:53:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 11.0.8169.0, time stamp: 0x465f2a40
Faulting module name: WINWORD.EXE, version: 11.0.8169.0, time stamp: 0x465f2a40
Exception code: 0xc0000005
Fault offset: 0x002f4b1d
Faulting process id: 0x1060
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3

Error: (05/14/2012 05:52:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 11.0.8169.0, time stamp: 0x465f2a40
Faulting module name: WINWORD.EXE, version: 11.0.8169.0, time stamp: 0x465f2a40
Exception code: 0xc0000005
Fault offset: 0x002f4b1d
Faulting process id: 0xcb0
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3


System errors:
=============
Error: (06/08/2012 02:46:43 PM) (Source: Service Control Manager) (User: )
Description: The sbwtis service failed to start due to the following error:
%%1753

Error: (06/08/2012 02:46:10 PM) (Source: Service Control Manager) (User: )
Description: The sbwtis service failed to start due to the following error:
%%1753

Error: (06/08/2012 02:46:09 PM) (Source: Service Control Manager) (User: )
Description: The sbwtis service failed to start due to the following error:
%%1753

Error: (06/08/2012 02:46:08 PM) (Source: Service Control Manager) (User: )
Description: The sbwtis service failed to start due to the following error:
%%1753

Error: (06/08/2012 02:46:07 PM) (Source: Service Control Manager) (User: )
Description: The sbwtis service failed to start due to the following error:
%%1753

Error: (06/08/2012 02:45:53 PM) (Source: Service Control Manager) (User: )
Description: The sbwtis service failed to start due to the following error:
%%1753

Error: (06/08/2012 02:45:40 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (06/08/2012 02:45:40 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/08/2012 02:45:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (06/08/2012 02:45:04 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (06/08/2012 10:46:36 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c000000500005ffe79b00000e9001cd459e7c1f899dC:\Windows\system32\svchost.exeunknowne471aa91-b191-11e1-b603-bc5ff42be26a

Error: (06/08/2012 10:34:28 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll9.0.8112.164434f4c81a4c000000500000000002ecf4275001cd459cc6800182C:\Windows\system32\svchost.exeC:\Windows\system32\mshtml.dll325e3cb3-b190-11e1-8aca-bc5ff42be26a

Error: (06/05/2012 09:05:18 PM) (Source: Application Error)(User: )
Description: firefox.exe12.0.0.44934f9207d9nvd3dum.dll8.17.13.1424fb20472c00000050070599f96c01cd4392ca5b9b2dC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\system32\nvd3dum.dlld381e444-af8c-11e1-9c81-bc5ff42be26a

Error: (06/05/2012 11:14:06 AM) (Source: Application Hang)(User: )
Description: Steam.exe1.0.1065.11b3001cd4340ebb2df389C:\Program Files (x86)\Steam\Steam.exe382fe5ca-af3a-11e1-bb9f-bc5ff42be26a

Error: (06/01/2012 07:18:18 PM) (Source: Application Error)(User: )
Description: swkotor.exe1.0.3.0402bc2d9binkw32.dll1.5.21.03e9e0f4dc000009500014ff617ac01cd4057d4ab1148c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exec:\program files (x86)\steam\steamapps\common\swkotor\binkw32.dll37429086-ac59-11e1-846e-bc5ff42be26a

Error: (05/15/2012 10:40:02 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE11.0.8345.04f3c32b8WINWORD.EXE11.0.8345.04f3c32b8c0000005002aa486102001cd33262a4915ceC:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE94ea869b-9f19-11e1-8c56-bc5ff42be26a

Error: (05/15/2012 10:38:05 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE11.0.8345.04f3c32b8WINWORD.EXE11.0.8345.04f3c32b8c0000005002aa486a1001cd3325fd672b90C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE4f116819-9f19-11e1-8c56-bc5ff42be26a

Error: (05/14/2012 05:58:06 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE11.0.8169.0465f2a40WINWORD.EXE11.0.8169.0465f2a40c0000005002f4b1de3401cd32356aad56f8C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE079eb5b6-9e29-11e1-b1aa-bc5ff42be26a

Error: (05/14/2012 05:53:25 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE11.0.8169.0465f2a40WINWORD.EXE11.0.8169.0465f2a40c0000005002f4b1d106001cd323515d703cdC:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE604a3115-9e28-11e1-b1aa-bc5ff42be26a

Error: (05/14/2012 05:52:53 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE11.0.8169.0465f2a40WINWORD.EXE11.0.8169.0465f2a40c0000005002f4b1dcb001cd3232fd3b0e78C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE4cb732d0-9e28-11e1-b1aa-bc5ff42be26a


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Ad-Aware Antivirus (Version: 10.1.211.3382)
Ad-Aware Browsing Protection (Version: 0.9.0.2)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.3.300.257)
Adobe Reader 9 (Version: 9.0.0)
AMD USB Filter Driver (Version: 1.0.14.91)
ASRock App Charger v1.0.5
ASRock eXtreme Tuner v0.1.122
ASRock InstantBoot v1.29
ASUS E-Green Uninstall
ATI Catalyst Install Manager (Version: 3.0.762.0)
BabylonObjectInstaller (Version: 1.0.0.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Diablo III (Version: 1.0.2.9858)
E-Hammer (Version: 1.0.0)
Etron USB3.0 Host Controller (Version: 0.104)
EVGA Precision 2.0.4 (Version: 2.0.4)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
Half-Life 2: Deathmatch
HashCheck Shell Extension (x86-32) (Version: 2.1.11.1)
HashCheck Shell Extension (x86-64) (Version: 2.1.11.1)
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 4 (Version: 7.0.40)
JavaFX 2.1.0 (Version: 2.1.0)
League of Legends (Version: 1.3)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mount and Blade Warband - Demo
Mozilla Firefox 13.0 (x86 en-US) (Version: 13.0)
Mozilla Maintenance Service (Version: 13.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 10 Movie ThemePack Basic (Version: 10.0.10600.6.0)
Nero BurnRights 10 (Version: 4.0.11300.14.100)
Nero BurnRights 10 Help (CHM) (Version: 1.0.10900)
Nero Control Center 10 (Version: 10.0.12900.2.6)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10900)
Nero Core Components 10 (Version: 2.0.16800.7.15)
Nero CoverDesigner 10 (Version: 5.0.11200.16.100)
Nero CoverDesigner 10 Help (CHM) (Version: 1.0.10900)
Nero DiscSpeed 10 (Version: 6.0.11400.18.100)
Nero DiscSpeed 10 Help (CHM) (Version: 1.0.10900)
Nero Express 10 (Version: 10.0.12300.23.100)
Nero Express 10 Help (CHM) (Version: 1.0.10900)
Nero InfoTool 10 (Version: 7.0.11400.15.100)
Nero InfoTool 10 Help (CHM) (Version: 1.0.10900)
Nero MediaHub 10 (Version: 1.0.14800.28.100)
Nero MediaHub 10 Help (CHM) (Version: 1.0.10900)
Nero Multimedia Suite 10 Essentials (Version: 10.0.10300)
Nero StartSmart 10 (Version: 10.0.12600.30.100)
Nero StartSmart 10 Help (CHM) (Version: 1.0.10900)
Nero Update (Version: 1.0.0018)
Norton Internet Security (Version: 18.7.1.3)
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA 3D Vision Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Endless City demo (Version: 1.0)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA HD Audio Driver 1.3.16.0 (Version: 1.3.16.0)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
Pando Media Booster (Version: 2.6.0.7)
PowerISO
Quake Live Mozilla Plugin (Version: 1.0.520)
Rainmeter (Version: 2.2 r1116)
Realtek Ethernet Controller Driver (Version: 7.44.421.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6378)
Skype™ 5.9 (Version: 5.9.115)
Splashtop Connect IE (Version: 1.1.12.1)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.6 (Version: 4.6.0)
Star Wars: Knights of the Old Republic
StarCraft II (Version: 1.4.3.21029)
Steam (Version: 1.0.0.0)
System Requirements Lab CYRI (Version: 4.5.1.0)
Team Fortress 2
THX TruStudio (Version: 1.00.01)
Torchlight Demo
Tribes Ascend (Version: 1.0.981.0)
Windows 7 Manager (Version: 1.1.3)
XFast LAN v6.61 (Version: 6.61)
XFast USB
YourFileDownloader (Version: 1.0.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 8187.64 MB
Available physical RAM: 6078.89 MB
Total Pagefile: 16373.48 MB
Available Pagefile: 14139.94 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.89 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:370.86 GB) NTFS

========================= Users: ========================================

User accounts for \\JUNJUN-PC

Administrator Guest Junjun
UpdatusUser


**** End of log ****





Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.08.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Junjun :: JUNJUN-PC [administrator]

6/8/2012 2:56:11 PM
mbam-log-2012-06-08 (14-56-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221066
Time elapsed: 1 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Junjun\AppData\Local\Temp\7CC8.tmp (Trojan.Agent.H) -> Quarantined and deleted successfully.

(end)




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-08 15:03:14
-----------------------------
15:03:14.507 OS Version: Windows x64 6.1.7601 Service Pack 1
15:03:14.507 Number of processors: 4 586 0x403
15:03:14.508 ComputerName: JUNJUN-PC UserName: Junjun
15:03:16.562 Initialize success
15:05:31.464 AVAST engine defs: 12060801
15:05:41.925 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:05:41.926 Disk 0 Vendor: WDC_WD5002AALX-00J37A0 15.01H15 Size: 476940MB BusType: 3
15:05:41.944 Disk 0 MBR read successfully
15:05:41.946 Disk 0 MBR scan
15:05:41.949 Disk 0 Windows 7 default MBR code
15:05:41.951 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:05:41.964 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
15:05:41.995 Disk 0 scanning C:\Windows\system32\drivers
15:05:53.645 Service scanning
15:06:15.638 Modules scanning
15:06:15.642 Disk 0 trace - called modules:
15:06:15.661 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:06:15.663 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007aca790]
15:06:15.666 3 CLASSPNP.SYS[fffff88001bb743f] -> nt!IofCallDriver -> [0xfffffa8006b1e580]
15:06:15.669 5 ACPI.sys[fffff88000efa7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006b23060]
15:06:17.329 AVAST engine scan C:\Windows
15:06:19.754 AVAST engine scan C:\Windows\system32
15:09:15.938 AVAST engine scan C:\Windows\system32\drivers
15:09:28.871 AVAST engine scan C:\Users\Junjun
15:12:51.018 Disk 0 MBR has been saved successfully to "C:\Users\Junjun\Desktop\MBR.dat"
15:12:51.022 The log file has been saved successfully to "C:\Users\Junjun\Desktop\aswMBR.txt"





I hope this is all you need

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:03 PM

Posted 08 June 2012 - 05:25 PM

To start with you're running three AV programs:
Microsoft Security Essentials
Norton Internet Security
Ad-Aware Antivirus

You must uninstall TWO of them.
If Norton is one of them use this tool to uninstall it: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html
Let me know which one is left.

When done....

We have several registry keys missing.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/


Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on windefend.reg file and confirm the prompt.
Double click on wscsvc.reg file and confirm the prompt.
Double click on bfe.reg file and confirm the prompt.
Double click on mpssvc.reg file and confirm the prompt.
Restart computer.
Post new FSS log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 sunsigil

sunsigil
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 08 June 2012 - 05:43 PM

I have removed Ad Aware and Norton


Farbar Service Scanner Version: 05-06-2012
Ran by Junjun (administrator) on 08-06-2012 at 15:42:35
Running from "C:\Users\Junjun\Desktop\Multimedia"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:03 PM

Posted 08 June 2012 - 05:57 PM

That looks better but we still have some issues.

Download following firewall fix: http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe
Double click on downloaded file to run the fix.
Restart computer and post new FSS log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 sunsigil

sunsigil
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 08 June 2012 - 06:52 PM

Farbar Service Scanner Version: 05-06-2012
Ran by Junjun (administrator) on 08-06-2012 at 16:51:48
Running from "C:\Users\Junjun\Desktop\Multimedia"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:03 PM

Posted 08 June 2012 - 07:29 PM

Several services are still not running.

Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Registry Editor will open.
Navigate to : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
Right click on SharedAccess, click "Permissions" then "Add" button, type "Everyone", click OK, tick "Full control" in "Allow" box, click OK, close registry editor.
Repeat the process for "wscsvc" and "wuauserv" keys in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services folder.

Go to Start=>Run (alternatively use Windows key+R), type cmd and click OK.

Type:
net start mpssvc
Press Enter.

Type:
net start wscsvc
Press Enter

Type:
net start wuauserv
Press Enter.

Post new FSS log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 sunsigil

sunsigil
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 08 June 2012 - 07:43 PM

Farbar Service Scanner Version: 05-06-2012
Ran by Junjun (administrator) on 08-06-2012 at 17:42:52
Running from "C:\Users\Junjun\Desktop\Multimedia"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:03 PM

Posted 08 June 2012 - 08:26 PM

Can you turn Windows firewall on?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 sunsigil

sunsigil
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 08 June 2012 - 08:31 PM

Can you turn Windows firewall on?

Yes, sir.

But Microsoft Essentials won't work. Maybe Ad-aware would be a better choice.... but then again if Microsoft Essentials won't work.. there is still a underlying cause

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:03 PM

Posted 08 June 2012 - 08:38 PM

Good news :)

Your computer was infected, which could have corrupted some files.
I suggest you reinstall MSE.
I wouldn't recommend Ad-aware.

Your other choices:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 sunsigil

sunsigil
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 08 June 2012 - 08:59 PM

Good news :)

Your computer was infected, which could have corrupted some files.
I suggest you reinstall MSE.
I wouldn't recommend Ad-aware.

Your other choices:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

Many thank yous, Is there anything else I should be aware?

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:03 PM

Posted 08 June 2012 - 09:01 PM

Let me know if you're able to solve your AV program issue and then I'll post my final instructions.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 sunsigil

sunsigil
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 08 June 2012 - 09:15 PM

Oh no!!!! I reinstalled microsoft essentials... did a full scan and tried to remove a trojan... now it tells me I have a critical error and going to restart in 1 minute.....

After the pc restarted itself it just keeps showing that prompt and restarts.

Please help me!!! Does this mean I have to reformat?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users