Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall down w/ deletion of MSE & MBAM


  • Please log in to reply
9 replies to this topic

#1 catnapgood

catnapgood

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon
  • Local time:05:27 PM

Posted 03 July 2012 - 07:47 PM

Hiya guys. ;^^

Looks like I've run into a bit of trouble recently and thought I would ask you for help before attempting to self-fix my PC and unintentionally damaging the poor thing further.
---
While I was browsing the internet Windows Security Alert popped up informing me of no longer having a firewall.
Immediatly I shut off my PC and ran it in Safe Mode.
Still no firewall, so I ran SPS&D and came up with a single virus. Deleted it.
([Microsoft.WindowsSecurityCenter_disabled] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start)
Tried to run MSE, but it seems that the program was deleted.
Same with MBAM.

Finally restarted computer and ran it normally. No funny programs in Task Manager.
No malicious programs popped up but firewall and MSE were still both down.
I've reinstalled MSE, and I am running updates and soon a scan with it.
I have also reinstalled MBAM with a different directory name since the original MBAM still retains a folder in Programs, but I can't alter or delete the very few contents [Access Denied.] I can not even run the uninstaller which appears to be the only executable file in the folder.
---
I am also creating this topic via the same computer. ;^^ So she is functioning, but I won't be browsing until I can find out how to fix the firewall.

Thanks for any assistance in advanced.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:27 PM

Posted 03 July 2012 - 07:55 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#3 catnapgood

catnapgood
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon
  • Local time:05:27 PM

Posted 04 July 2012 - 04:07 AM

Thank you so much for helping!

TDSSkiller Log
----
23:03:18.0218 1036 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
23:03:18.0765 1036 ============================================================
23:03:18.0765 1036 Current date / time: 2012/07/03 23:03:18.0765
23:03:18.0765 1036 SystemInfo:
23:03:18.0765 1036
23:03:18.0781 1036 OS Version: 5.1.2600 ServicePack: 3.0
23:03:18.0781 1036 Product type: Workstation
23:03:18.0781 1036 ComputerName: COURTNEY-HOME
23:03:18.0781 1036 UserName: Courtney
23:03:18.0781 1036 Windows directory: C:\WINDOWS
23:03:18.0781 1036 System windows directory: C:\WINDOWS
23:03:18.0781 1036 Processor architecture: Intel x86
23:03:18.0781 1036 Number of processors: 1
23:03:18.0781 1036 Page size: 0x1000
23:03:18.0781 1036 Boot type: Normal boot
23:03:18.0781 1036 ============================================================
23:03:21.0687 1036 Drive \Device\Harddisk0\DR0 - Size: 0x1757BDA000 (93.37 Gb), SectorSize: 0x200, Cylinders: 0x2F9C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:03:21.0703 1036 ============================================================
23:03:21.0703 1036 \Device\Harddisk0\DR0:
23:03:21.0718 1036 MBR partitions:
23:03:21.0718 1036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBAB6D9C
23:03:21.0718 1036 ============================================================
23:03:21.0765 1036 C: <-> \Device\Harddisk0\DR0\Partition0
23:03:21.0765 1036 ============================================================
23:03:21.0765 1036 Initialize success
23:03:21.0765 1036 ============================================================
23:03:37.0234 2212 ============================================================
23:03:37.0234 2212 Scan started
23:03:37.0234 2212 Mode: Manual; TDLFS;
23:03:37.0234 2212 ============================================================
23:03:37.0718 2212 Abiosdsk - ok
23:03:37.0718 2212 abp480n5 - ok
23:03:37.0781 2212 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:03:37.0812 2212 ACPI - ok
23:03:37.0859 2212 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:03:37.0859 2212 ACPIEC - ok
23:03:37.0875 2212 adpu160m - ok
23:03:37.0937 2212 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:03:37.0968 2212 aec - ok
23:03:38.0031 2212 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:03:38.0031 2212 AFD - ok
23:03:38.0046 2212 Aha154x - ok
23:03:38.0062 2212 aic78u2 - ok
23:03:38.0078 2212 aic78xx - ok
23:03:38.0125 2212 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:03:38.0125 2212 Alerter - ok
23:03:38.0156 2212 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:03:38.0171 2212 ALG - ok
23:03:38.0187 2212 AliIde - ok
23:03:38.0234 2212 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
23:03:38.0234 2212 AmdPPM - ok
23:03:38.0250 2212 amsint - ok
23:03:38.0265 2212 AppMgmt - ok
23:03:38.0328 2212 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:03:38.0343 2212 Arp1394 - ok
23:03:38.0359 2212 asc - ok
23:03:38.0375 2212 asc3350p - ok
23:03:38.0390 2212 asc3550 - ok
23:03:38.0515 2212 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:03:38.0531 2212 aspnet_state - ok
23:03:38.0546 2212 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:03:38.0546 2212 AsyncMac - ok
23:03:38.0578 2212 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:03:38.0578 2212 atapi - ok
23:03:38.0593 2212 Atdisk - ok
23:03:38.0687 2212 Ati HotKey Poller (a2eaeb497ca29ecaeaf0df66ad85c57d) C:\WINDOWS\system32\Ati2evxx.exe
23:03:38.0750 2212 Ati HotKey Poller - ok
23:03:38.0875 2212 ATI Smart (312a17dff710a0f4e6d4dd1d52ead1a8) C:\WINDOWS\system32\ati2sgag.exe
23:03:38.0953 2212 ATI Smart - ok
23:03:39.0234 2212 ati2mtag (492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:03:39.0453 2212 ati2mtag - ok
23:03:39.0609 2212 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:03:39.0625 2212 Atmarpc - ok
23:03:39.0656 2212 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:03:39.0671 2212 AudioSrv - ok
23:03:39.0718 2212 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:03:39.0734 2212 audstub - ok
23:03:39.0765 2212 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:03:39.0765 2212 Beep - ok
23:03:39.0906 2212 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:03:39.0921 2212 BITS - ok
23:03:39.0968 2212 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:03:39.0984 2212 Browser - ok
23:03:40.0015 2212 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:03:40.0031 2212 cbidf2k - ok
23:03:40.0031 2212 cd20xrnt - ok
23:03:40.0078 2212 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:03:40.0093 2212 Cdaudio - ok
23:03:40.0156 2212 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:03:40.0171 2212 Cdfs - ok
23:03:40.0218 2212 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:03:40.0234 2212 Cdrom - ok
23:03:40.0250 2212 Changer - ok
23:03:40.0281 2212 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:03:40.0281 2212 cisvc - ok
23:03:40.0312 2212 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:03:40.0343 2212 ClipSrv - ok
23:03:40.0515 2212 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:03:40.0531 2212 clr_optimization_v2.0.50727_32 - ok
23:03:40.0609 2212 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:03:40.0671 2212 clr_optimization_v4.0.30319_32 - ok
23:03:40.0687 2212 CmdIde - ok
23:03:40.0687 2212 COMSysApp - ok
23:03:40.0703 2212 Cpqarray - ok
23:03:40.0734 2212 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:03:40.0734 2212 CryptSvc - ok
23:03:40.0750 2212 dac2w2k - ok
23:03:40.0765 2212 dac960nt - ok
23:03:40.0843 2212 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:03:40.0859 2212 DcomLaunch - ok
23:03:40.0906 2212 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:03:40.0906 2212 Dhcp - ok
23:03:40.0937 2212 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:03:40.0937 2212 Disk - ok
23:03:40.0953 2212 dmadmin - ok
23:03:41.0093 2212 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:03:41.0234 2212 dmboot - ok
23:03:41.0265 2212 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:03:41.0296 2212 dmio - ok
23:03:41.0359 2212 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:03:41.0359 2212 dmload - ok
23:03:41.0390 2212 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:03:41.0406 2212 dmserver - ok
23:03:41.0453 2212 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:03:41.0468 2212 DMusic - ok
23:03:41.0515 2212 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:03:41.0515 2212 Dnscache - ok
23:03:41.0562 2212 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:03:41.0593 2212 Dot3svc - ok
23:03:41.0609 2212 dpti2o - ok
23:03:41.0625 2212 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:03:41.0625 2212 drmkaud - ok
23:03:41.0703 2212 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
23:03:41.0750 2212 dtsoftbus01 - ok
23:03:41.0781 2212 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:03:41.0781 2212 EapHost - ok
23:03:41.0828 2212 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:03:41.0843 2212 ERSvc - ok
23:03:41.0890 2212 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:03:41.0890 2212 Eventlog - ok
23:03:41.0937 2212 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
23:03:41.0953 2212 EventSystem - ok
23:03:42.0000 2212 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:03:42.0015 2212 Fastfat - ok
23:03:42.0078 2212 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:03:42.0093 2212 FastUserSwitchingCompatibility - ok
23:03:42.0140 2212 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:03:42.0156 2212 Fdc - ok
23:03:42.0187 2212 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:03:42.0203 2212 Fips - ok
23:03:42.0218 2212 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:03:42.0218 2212 Flpydisk - ok
23:03:42.0265 2212 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:03:42.0296 2212 FltMgr - ok
23:03:42.0453 2212 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:03:42.0468 2212 FontCache3.0.0.0 - ok
23:03:42.0578 2212 ForcewareWebInterface (b81f8778f5bb485f3b75114f0c99a49f) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
23:03:42.0578 2212 ForcewareWebInterface - ok
23:03:42.0625 2212 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:03:42.0640 2212 Fs_Rec - ok
23:03:42.0671 2212 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:03:42.0703 2212 Ftdisk - ok
23:03:42.0750 2212 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:03:42.0765 2212 Gpc - ok
23:03:42.0890 2212 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:03:42.0937 2212 helpsvc - ok
23:03:42.0937 2212 HidServ - ok
23:03:43.0046 2212 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:03:43.0093 2212 HidUsb - ok
23:03:43.0171 2212 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:03:43.0203 2212 hkmsvc - ok
23:03:43.0203 2212 hpn - ok
23:03:43.0281 2212 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:03:43.0328 2212 HTTP - ok
23:03:43.0328 2212 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:03:43.0343 2212 HTTPFilter - ok
23:03:43.0359 2212 i2omgmt - ok
23:03:43.0359 2212 i2omp - ok
23:03:43.0406 2212 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:03:43.0421 2212 i8042prt - ok
23:03:43.0609 2212 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:03:43.0750 2212 idsvc - ok
23:03:43.0781 2212 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:03:43.0796 2212 Imapi - ok
23:03:43.0859 2212 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:03:43.0890 2212 ImapiService - ok
23:03:43.0906 2212 ini910u - ok
23:03:43.0921 2212 IntelIde - ok
23:03:43.0953 2212 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:03:43.0984 2212 ip6fw - ok
23:03:44.0015 2212 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:03:44.0031 2212 IpFilterDriver - ok
23:03:44.0078 2212 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:03:44.0078 2212 IpInIp - ok
23:03:44.0140 2212 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:03:44.0171 2212 IpNat - ok
23:03:44.0203 2212 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:03:44.0203 2212 IPSec - ok
23:03:44.0234 2212 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:03:44.0234 2212 IRENUM - ok
23:03:44.0281 2212 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:03:44.0281 2212 isapnp - ok
23:03:44.0437 2212 JavaQuickStarterService (a1509ba3a5fdc5366146e92b3d130eb5) C:\Program Files\Java\jre7\bin\jqs.exe
23:03:44.0468 2212 JavaQuickStarterService - ok
23:03:44.0515 2212 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:03:44.0515 2212 Kbdclass - ok
23:03:44.0593 2212 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:03:44.0625 2212 kmixer - ok
23:03:44.0687 2212 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:03:44.0703 2212 KSecDD - ok
23:03:44.0750 2212 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:03:44.0781 2212 lanmanserver - ok
23:03:44.0828 2212 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:03:44.0859 2212 lanmanworkstation - ok
23:03:44.0875 2212 lbrtfdc - ok
23:03:44.0921 2212 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:03:44.0953 2212 LmHosts - ok
23:03:45.0000 2212 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
23:03:45.0015 2212 MBAMProtector - ok
23:03:45.0156 2212 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-MalwareFIX\mbamservice.exe
23:03:45.0250 2212 MBAMService - ok
23:03:45.0296 2212 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:03:45.0343 2212 Messenger - ok
23:03:45.0390 2212 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:03:45.0390 2212 mnmdd - ok
23:03:45.0453 2212 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
23:03:45.0453 2212 mnmsrvc - ok
23:03:45.0484 2212 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:03:45.0500 2212 Modem - ok
23:03:45.0531 2212 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:03:45.0546 2212 Mouclass - ok
23:03:45.0562 2212 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:03:45.0562 2212 mouhid - ok
23:03:45.0593 2212 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:03:45.0593 2212 MountMgr - ok
23:03:45.0671 2212 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:03:45.0703 2212 MozillaMaintenance - ok
23:03:45.0765 2212 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
23:03:45.0796 2212 MpFilter - ok
23:03:45.0906 2212 MpKsl154dde24 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5FD0C753-A57B-47F3-8028-7BFF010DD03A}\MpKsl154dde24.sys
23:03:45.0921 2212 MpKsl154dde24 - ok
23:03:45.0937 2212 mraid35x - ok
23:03:45.0984 2212 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:03:46.0046 2212 MRxDAV - ok
23:03:46.0125 2212 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:03:46.0203 2212 MRxSmb - ok
23:03:46.0250 2212 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
23:03:46.0250 2212 MSDTC - ok
23:03:46.0296 2212 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:03:46.0359 2212 Msfs - ok
23:03:46.0359 2212 MSIServer - ok
23:03:46.0453 2212 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:03:46.0453 2212 MSKSSRV - ok
23:03:46.0531 2212 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:03:46.0546 2212 MsMpSvc - ok
23:03:46.0593 2212 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:03:46.0593 2212 MSPCLOCK - ok
23:03:46.0609 2212 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:03:46.0609 2212 MSPQM - ok
23:03:46.0656 2212 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:03:46.0671 2212 mssmbios - ok
23:03:46.0703 2212 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:03:46.0734 2212 Mup - ok
23:03:46.0828 2212 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:03:46.0859 2212 napagent - ok
23:03:46.0921 2212 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:03:46.0953 2212 NDIS - ok
23:03:47.0000 2212 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:03:47.0015 2212 NdisTapi - ok
23:03:47.0031 2212 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:03:47.0031 2212 Ndisuio - ok
23:03:47.0062 2212 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:03:47.0093 2212 NdisWan - ok
23:03:47.0125 2212 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:03:47.0156 2212 NDProxy - ok
23:03:47.0187 2212 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:03:47.0218 2212 NetBIOS - ok
23:03:47.0250 2212 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:03:47.0250 2212 NetBT - ok
23:03:47.0328 2212 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:03:47.0359 2212 NetDDE - ok
23:03:47.0359 2212 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:03:47.0375 2212 NetDDEdsdm - ok
23:03:47.0406 2212 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:03:47.0453 2212 Netlogon - ok
23:03:47.0500 2212 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:03:47.0500 2212 Netman - ok
23:03:47.0609 2212 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:03:47.0640 2212 NetTcpPortSharing - ok
23:03:47.0687 2212 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:03:47.0703 2212 NIC1394 - ok
23:03:47.0890 2212 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:03:47.0937 2212 Nla - ok
23:03:48.0000 2212 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:03:48.0015 2212 Npfs - ok
23:03:48.0218 2212 nSvcLog (ace9c161b76c066288a17fea4bb7bffc) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
23:03:48.0328 2212 nSvcLog - ok
23:03:48.0718 2212 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:03:48.0812 2212 Ntfs - ok
23:03:48.0843 2212 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
23:03:48.0843 2212 NtLmSsp - ok
23:03:48.0937 2212 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:03:49.0000 2212 NtmsSvc - ok
23:03:49.0046 2212 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:03:49.0046 2212 Null - ok
23:03:49.0687 2212 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:03:50.0218 2212 nv - ok
23:03:50.0406 2212 nvax (47b3852808dd579a463fce7085b77413) C:\WINDOWS\system32\drivers\nvax.sys
23:03:50.0421 2212 nvax - ok
23:03:50.0453 2212 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:03:50.0484 2212 NVENETFD - ok
23:03:50.0500 2212 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:03:50.0500 2212 nvnetbus - ok
23:03:50.0578 2212 nvnforce (adbcba116496229a163193bbe0bb28ce) C:\WINDOWS\system32\drivers\nvapu.sys
23:03:50.0625 2212 nvnforce - ok
23:03:50.0687 2212 NVSvc (0febe37db6650faa5965c00545009d1d) C:\WINDOWS\system32\nvsvc32.exe
23:03:50.0718 2212 NVSvc - ok
23:03:50.0765 2212 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:03:50.0781 2212 NwlnkFlt - ok
23:03:50.0796 2212 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:03:50.0812 2212 NwlnkFwd - ok
23:03:50.0843 2212 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:03:50.0859 2212 ohci1394 - ok
23:03:50.0906 2212 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:03:50.0921 2212 Parport - ok
23:03:50.0937 2212 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:03:50.0937 2212 PartMgr - ok
23:03:51.0000 2212 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:03:51.0000 2212 ParVdm - ok
23:03:51.0015 2212 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:03:51.0046 2212 PCI - ok
23:03:51.0062 2212 PCIDump - ok
23:03:51.0093 2212 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:03:51.0093 2212 PCIIde - ok
23:03:51.0125 2212 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:03:51.0156 2212 Pcmcia - ok
23:03:51.0156 2212 PDCOMP - ok
23:03:51.0171 2212 PDFRAME - ok
23:03:51.0187 2212 PDRELI - ok
23:03:51.0187 2212 PDRFRAME - ok
23:03:51.0203 2212 perc2 - ok
23:03:51.0218 2212 perc2hib - ok
23:03:51.0281 2212 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:03:51.0281 2212 PlugPlay - ok
23:03:51.0437 2212 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:03:51.0437 2212 PolicyAgent - ok
23:03:51.0484 2212 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:03:51.0500 2212 PptpMiniport - ok
23:03:51.0515 2212 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
23:03:51.0531 2212 Processor - ok
23:03:51.0546 2212 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:03:51.0546 2212 ProtectedStorage - ok
23:03:51.0562 2212 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:03:51.0593 2212 PSched - ok
23:03:51.0640 2212 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
23:03:51.0640 2212 PSI - ok
23:03:51.0671 2212 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:03:51.0687 2212 Ptilink - ok
23:03:51.0703 2212 ql1080 - ok
23:03:51.0703 2212 Ql10wnt - ok
23:03:51.0718 2212 ql12160 - ok
23:03:51.0734 2212 ql1240 - ok
23:03:51.0750 2212 ql1280 - ok
23:03:51.0765 2212 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:03:51.0765 2212 RasAcd - ok
23:03:51.0828 2212 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:03:51.0843 2212 RasAuto - ok
23:03:51.0875 2212 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:03:51.0890 2212 Rasl2tp - ok
23:03:51.0937 2212 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:03:51.0968 2212 RasMan - ok
23:03:52.0000 2212 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:03:52.0015 2212 RasPppoe - ok
23:03:52.0031 2212 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:03:52.0046 2212 Raspti - ok
23:03:52.0093 2212 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:03:52.0125 2212 Rdbss - ok
23:03:52.0140 2212 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:03:52.0140 2212 RDPCDD - ok
23:03:52.0218 2212 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
23:03:52.0250 2212 RDPWD - ok
23:03:52.0328 2212 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:03:52.0375 2212 RDSessMgr - ok
23:03:52.0437 2212 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:03:52.0468 2212 redbook - ok
23:03:52.0500 2212 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:03:52.0531 2212 RemoteAccess - ok
23:03:52.0562 2212 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
23:03:52.0578 2212 RpcLocator - ok
23:03:52.0687 2212 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
23:03:52.0687 2212 RpcSs - ok
23:03:52.0734 2212 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
23:03:52.0765 2212 RSVP - ok
23:03:52.0812 2212 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:03:52.0812 2212 SamSs - ok
23:03:52.0875 2212 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:03:52.0890 2212 SCardSvr - ok
23:03:52.0953 2212 SCDEmu (90226947195699eee8b1241627fe77ce) C:\WINDOWS\system32\drivers\SCDEmu.sys
23:03:53.0109 2212 SCDEmu - ok
23:03:53.0156 2212 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:03:53.0187 2212 Schedule - ok
23:03:53.0234 2212 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:03:53.0234 2212 Secdrv - ok
23:03:53.0265 2212 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:03:53.0265 2212 seclogon - ok
23:03:53.0578 2212 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files\Secunia\PSI\PSIA.exe
23:03:54.0093 2212 Secunia PSI Agent - ok
23:03:54.0187 2212 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files\Secunia\PSI\sua.exe
23:03:54.0218 2212 Secunia Update Agent - ok
23:03:54.0265 2212 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:03:54.0281 2212 SENS - ok
23:03:54.0421 2212 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:03:54.0437 2212 serenum - ok
23:03:54.0468 2212 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:03:54.0484 2212 Serial - ok
23:03:54.0546 2212 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:03:54.0546 2212 Sfloppy - ok
23:03:54.0609 2212 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:03:54.0625 2212 ShellHWDetection - ok
23:03:54.0640 2212 Simbad - ok
23:03:54.0703 2212 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files\Skype\Updater\Updater.exe
23:03:54.0734 2212 SkypeUpdate - ok
23:03:54.0750 2212 Sparrow - ok
23:03:54.0796 2212 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:03:54.0796 2212 splitter - ok
23:03:54.0859 2212 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:03:54.0875 2212 Spooler - ok
23:03:54.0937 2212 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
23:03:54.0937 2212 sr - ok
23:03:54.0984 2212 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:03:55.0000 2212 srservice - ok
23:03:55.0093 2212 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:03:55.0140 2212 Srv - ok
23:03:55.0203 2212 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:03:55.0218 2212 SSDPSRV - ok
23:03:55.0250 2212 Steam Client Service - ok
23:03:55.0359 2212 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:03:55.0468 2212 stisvc - ok
23:03:55.0500 2212 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:03:55.0500 2212 swenum - ok
23:03:55.0546 2212 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:03:55.0578 2212 swmidi - ok
23:03:55.0578 2212 SwPrv - ok
23:03:55.0593 2212 symc810 - ok
23:03:55.0609 2212 symc8xx - ok
23:03:55.0625 2212 sym_hi - ok
23:03:55.0640 2212 sym_u3 - ok
23:03:55.0656 2212 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:03:55.0671 2212 sysaudio - ok
23:03:55.0734 2212 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:03:55.0750 2212 SysmonLog - ok
23:03:56.0765 2212 TabletServiceWacom (77e974834b9c246de54de4f430315b09) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
23:03:57.0531 2212 TabletServiceWacom - ok
23:03:57.0718 2212 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:03:57.0765 2212 TapiSrv - ok
23:03:57.0875 2212 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:03:57.0875 2212 Tcpip - ok
23:03:57.0906 2212 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:03:57.0921 2212 TDPIPE - ok
23:03:57.0937 2212 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:03:57.0953 2212 TDTCP - ok
23:03:57.0984 2212 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:03:58.0000 2212 TermDD - ok
23:03:58.0062 2212 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:03:58.0109 2212 TermService - ok
23:03:58.0187 2212 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:03:58.0187 2212 Themes - ok
23:03:58.0203 2212 TosIde - ok
23:03:58.0421 2212 TouchServiceWacom (7496f4c86cac98ca7a24586570e214aa) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
23:03:58.0562 2212 TouchServiceWacom - ok
23:03:58.0609 2212 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:03:58.0640 2212 TrkWks - ok
23:03:58.0687 2212 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:03:58.0703 2212 Udfs - ok
23:03:58.0718 2212 ultra - ok
23:03:58.0812 2212 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:03:58.0875 2212 Update - ok
23:03:58.0953 2212 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:03:58.0984 2212 upnphost - ok
23:03:59.0031 2212 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:03:59.0046 2212 UPS - ok
23:03:59.0093 2212 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:03:59.0109 2212 usbccgp - ok
23:03:59.0140 2212 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:03:59.0156 2212 usbehci - ok
23:03:59.0203 2212 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:03:59.0234 2212 usbhub - ok
23:03:59.0250 2212 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:03:59.0265 2212 usbohci - ok
23:03:59.0312 2212 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:03:59.0343 2212 usbprint - ok
23:03:59.0421 2212 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:03:59.0453 2212 usbstor - ok
23:03:59.0484 2212 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:03:59.0531 2212 VgaSave - ok
23:03:59.0546 2212 ViaIde - ok
23:03:59.0578 2212 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:03:59.0593 2212 VolSnap - ok
23:03:59.0671 2212 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:03:59.0718 2212 VSS - ok
23:03:59.0750 2212 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:03:59.0781 2212 W32Time - ok
23:03:59.0828 2212 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
23:03:59.0828 2212 wacmoumonitor - ok
23:03:59.0875 2212 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
23:03:59.0890 2212 wacommousefilter - ok
23:03:59.0906 2212 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
23:03:59.0921 2212 wacomvhid - ok
23:03:59.0937 2212 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:03:59.0953 2212 Wanarp - ok
23:03:59.0953 2212 WDICA - ok
23:04:00.0015 2212 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:04:00.0031 2212 wdmaud - ok
23:04:00.0093 2212 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:04:00.0109 2212 WebClient - ok
23:04:00.0203 2212 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:04:00.0203 2212 winmgmt - ok
23:04:00.0406 2212 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
23:04:00.0562 2212 WinRM - ok
23:04:00.0625 2212 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:04:00.0640 2212 WmdmPmSN - ok
23:04:00.0703 2212 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
23:04:00.0718 2212 WmiApSrv - ok
23:04:00.0937 2212 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:04:01.0078 2212 WMPNetworkSvc - ok
23:04:01.0171 2212 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:04:01.0171 2212 WpdUsb - ok
23:04:01.0406 2212 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:04:01.0593 2212 WPFFontCache_v0400 - ok
23:04:01.0640 2212 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:04:01.0640 2212 WS2IFSL - ok
23:04:01.0703 2212 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
23:04:01.0703 2212 wscsvc - ok
23:04:01.0718 2212 WSearch - ok
23:04:01.0750 2212 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:04:01.0750 2212 wuauserv - ok
23:04:01.0812 2212 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:04:01.0828 2212 WudfPf - ok
23:04:01.0875 2212 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:04:01.0890 2212 WudfRd - ok
23:04:01.0921 2212 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:04:01.0937 2212 WudfSvc - ok
23:04:02.0046 2212 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:04:02.0125 2212 WZCSVC - ok
23:04:02.0203 2212 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:04:02.0218 2212 xmlprov - ok
23:04:02.0265 2212 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:04:03.0062 2212 \Device\Harddisk0\DR0 - ok
23:04:03.0078 2212 Boot (0x1200) (0a26a00955599be75de13d8b2b6083ae) \Device\Harddisk0\DR0\Partition0
23:04:03.0078 2212 \Device\Harddisk0\DR0\Partition0 - ok
23:04:03.0093 2212 ============================================================
23:04:03.0093 2212 Scan finished
23:04:03.0093 2212 ============================================================
23:04:03.0109 3252 Detected object count: 0
23:04:03.0109 3252 Actual detected object count: 0

aswMBR
---
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-03 23:05:35
-----------------------------
23:05:35.546 OS Version: Windows 5.1.2600 Service Pack 3
23:05:35.546 Number of processors: 1 586 0x2C02
23:05:35.546 ComputerName: COURTNEY-HOME UserName: Courtney
23:05:36.750 Initialize success
23:10:51.796 AVAST engine defs: 12070301
23:10:58.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
23:10:58.281 Disk 0 Vendor: Maxtor_6L100M0 BACE1G20 Size: 95611MB BusType: 3
23:10:58.296 Disk 0 MBR read successfully
23:10:58.296 Disk 0 MBR scan
23:10:58.343 Disk 0 Windows XP default MBR code
23:10:58.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95597 MB offset 63
23:10:58.359 Disk 0 scanning sectors +195784155
23:10:58.484 Disk 0 scanning C:\WINDOWS\system32\drivers
23:11:26.921 Service scanning
23:11:43.218 Service MpKsl154dde24 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5FD0C753-A57B-47F3-8028-7BFF010DD03A}\MpKsl154dde24.sys **LOCKED** 32
23:12:09.890 Modules scanning
23:12:19.437 Disk 0 trace - called modules:
23:12:19.453 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
23:12:19.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5b0ab8]
23:12:19.781 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000005f[0x8a60df18]
23:12:19.796 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a524940]
23:12:20.781 AVAST engine scan C:\WINDOWS
23:12:36.500 AVAST engine scan C:\WINDOWS\system32
23:22:10.578 AVAST engine scan C:\WINDOWS\system32\drivers
23:22:54.218 AVAST engine scan C:\Documents and Settings\Courtney
23:58:03.687 AVAST engine scan C:\Documents and Settings\All Users
23:59:14.312 Scan finished successfully
00:10:30.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Courtney\Desktop\MBR.dat"
00:10:30.859 The log file has been saved successfully to "C:\Documents and Settings\Courtney\Desktop\aswMBR.txt"

---
ESET

No Threats found.


---
FSS
Farbar Service Scanner Version: 02-07-2012
Ran by Courtney (administrator) on 03-07-2012 at 22:58:18
Running from "C:\Documents and Settings\Courtney\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\System32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:27 PM

Posted 04 July 2012 - 07:59 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 catnapgood

catnapgood
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon
  • Local time:05:27 PM

Posted 04 July 2012 - 10:58 PM

MBAM came back clean on the first scan.


Here is the Mini Toolbox results:

MiniToolBox by Farbar Version: 25-06-2012
Ran by Courtney (administrator) on 04-07-2012 at 14:56:01
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15129 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : courtney-home Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NVIDIA nForce Networking Controller Physical Address. . . . . . . . . : 00-30-1B-B7-FA-05 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.1 Lease Obtained. . . . . . . . . . : Tuesday, July 03, 2012 6:46:47 PM Lease Expires . . . . . . . . . . : Tuesday, July 10, 2012 6:46:47 PMDNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 173.194.33.2, 173.194.33.9, 173.194.33.14, 173.194.33.6
173.194.33.5, 173.194.33.7, 173.194.33.0, 173.194.33.1, 173.194.33.8
173.194.33.4, 173.194.33.3

Pinging google.com [173.194.33.3] with 32 bytes of data:Reply from 173.194.33.3: bytes=32 time=147ms TTL=56Reply from 173.194.33.3: bytes=32 time=89ms TTL=56Ping statistics for 173.194.33.3: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 89ms, Maximum = 147ms, Average = 118msDNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.38.140, 209.191.122.70, 98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=529ms TTL=50Reply from 98.139.183.24: bytes=32 time=1604ms TTL=50Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 529ms, Maximum = 1604ms, Average = 1066msDNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 30 1b b7 fa 05 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.100 192.168.0.100 20
192.168.0.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.100 192.168.0.100 20
224.0.0.0 240.0.0.0 192.168.0.100 192.168.0.100 20
255.255.255.255 255.255.255.255 192.168.0.100 192.168.0.100 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/03/2012 08:45:32 PM) (Source: Application Error) (User: )
Description: Faulting application ts2bodyshop.exe, version 1.0.0.1022, faulting module ts2bodyshop.exe, version 1.0.0.1022, fault address 0x0000a27b.
Processing media-specific event for [ts2bodyshop.exe!ws!]

Error: (07/03/2012 08:44:30 PM) (Source: Application Error) (User: )
Description: Faulting application ts2bodyshop.exe, version 1.0.0.1022, faulting module ts2bodyshop.exe, version 1.0.0.1022, fault address 0x0000a27b.
Processing media-specific event for [ts2bodyshop.exe!ws!]

Error: (07/03/2012 08:42:56 PM) (Source: Application Error) (User: )
Description: Faulting application ts2bodyshop.exe, version 1.0.0.1022, faulting module ts2bodyshop.exe, version 1.0.0.1022, fault address 0x0000a27b.
Processing media-specific event for [ts2bodyshop.exe!ws!]

Error: (07/03/2012 08:39:15 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (07/03/2012 05:10:18 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.0.1526.00x80070424morrobootstraper__cinstallflow__internalrun - getenablefirewallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (07/03/2012 05:10:12 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (07/03/2012 05:06:47 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/03/2012 05:00:38 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/03/2012 04:56:02 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/03/2012 04:49:58 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL


System errors:
=============
Error: (07/03/2012 06:50:26 PM) (Source: Service Control Manager) (User: )
Description: The Forceware Web Interface service terminated unexpectedly. It has done this 1 time(s).

Error: (07/03/2012 06:48:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/03/2012 06:44:23 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/03/2012 04:59:39 PM) (Source: Service Control Manager) (User: )
Description: The Forceware Web Interface service terminated unexpectedly. It has done this 1 time(s).

Error: (07/03/2012 04:58:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/03/2012 04:56:36 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/03/2012 04:54:07 PM) (Source: DCOM) (User: COURTNEY-HOME)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (07/03/2012 04:10:09 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
AmdPPM
Fips
IPSec
MpFilter
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SCDEmu
Tcpip
WS2IFSL

Error: (07/03/2012 04:10:09 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (07/03/2012 04:10:09 PM) (Source: Service Control Manager) (User: )
Description: The Forceware Web Interface service depends on the AFD service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================
Error: (07/03/2012 08:45:32 PM) (Source: Application Error)(User: )
Description: ts2bodyshop.exe1.0.0.1022ts2bodyshop.exe1.0.0.10220000a27b

Error: (07/03/2012 08:44:30 PM) (Source: Application Error)(User: )
Description: ts2bodyshop.exe1.0.0.1022ts2bodyshop.exe1.0.0.10220000a27b

Error: (07/03/2012 08:42:56 PM) (Source: Application Error)(User: )
Description: ts2bodyshop.exe1.0.0.1022ts2bodyshop.exe1.0.0.10220000a27b

Error: (07/03/2012 08:39:15 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (07/03/2012 05:10:18 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe4.0.1526.00x80070424morrobootstraper__cinstallflow__internalrun - getenablefirewallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (07/03/2012 05:10:12 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset4.0.1526.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (07/03/2012 05:06:47 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/03/2012 05:00:38 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/03/2012 04:56:02 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (07/03/2012 04:49:58 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL


=========================== Installed Programs ============================

Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Catalyst Control Center (Version: 1.2.2314.20337)
ATI Display Driver (Version: 8.252-060503a-038185C-ATI)
BitTorrent (Version: 7.6.1)
BlueJ 3.0.5
DAEMON Tools Lite (Version: 4.45.4.0315)
ESET Online Scanner v3
Fish Tycoon
Foxit Reader 5.1 (Version: 5.1.4.104)
GameMaker 8.1
Greenfoot (Version: 2.1.0)
HiJackThis (Version: 1.0.0)
Jasc Paint Shop Pro 8 (Version: 8.01.0000)
Java Auto Updater (Version: 2.1.5.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 7 (Version: 7.0.0)
Java™ SE Development Kit 7 (Version: 1.7.0.0)
Livestream Procaster (Version: 20.2.69)
Magical Jelly Bean KeyFinder (Version: 2.0.8.2)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Client EN-US Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Mozilla Firefox 13.0.1 (x86 en-GB) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager (Version: 2.03.467)
OpenOffice.org 3.3 (Version: 3.3.9567)
Paint Shop Pro 5.01
PowerISO (Version: 5.2)
Project64 1.6 (Version: 1.6)
QuickTime (Version: 7.71.80.42)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
SIW version 2011.10.29 (Version: 2011.10.29)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.8 (Version: 5.8.158)
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims™ 2 Seasons
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Virtual Villagers: The Lost Children
Virtual Villagers: The Secret City
Wacom Tablet (Version: 6.2.0w5)
WebFldrs XP (Version: 9.50.6513)
WebTablet FB Plugin (Version: 2.0.0.4)
WebTablet IE Plugin (Version: 1.1.0.12)
WebTablet Netscape Plugin (Version: 1.1.0.10)
Wedding Dash
Wendy's Wellness
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.01 (32-bit) (Version: 4.01.0)

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 2047.48 MB
Available physical RAM: 1393.44 MB
Total Pagefile: 2662.46 MB
Available Pagefile: 2049.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.69 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:93.36 GB) (Free:34.63 GB) NTFS
2 Drive d: (Sims2_EP5_1) (CDROM) (Total:0.73 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\COURTNEY-HOME

Administrator ASPNET Courtney
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:27 PM

Posted 05 July 2012 - 02:47 AM

Download

Sharedaccess

Launch it ,click YES

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the new FSS log

Edited by narenxp, 05 July 2012 - 02:48 AM.


#7 catnapgood

catnapgood
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon
  • Local time:05:27 PM

Posted 05 July 2012 - 04:58 PM

Farbar Service Scanner Version: 02-07-2012
Ran by Courtney (administrator) on 05-07-2012 at 14:56:23
Running from "C:\Documents and Settings\Courtney\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Everything seems to be running good again, Thank you Naren.

Edited by catnapgood, 05 July 2012 - 04:58 PM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:27 PM

Posted 05 July 2012 - 05:22 PM

Grt :thumbup2:


Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#9 catnapgood

catnapgood
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon
  • Local time:05:27 PM

Posted 05 July 2012 - 11:31 PM

Thanks so much. -u- You've been an amazing help.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:27 PM

Posted 06 July 2012 - 04:37 AM

You're most welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users