Jump to content

keruken

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. MrCharlie, I pinpointed the issue to a conflict with a Bluetooth driver. I reinstalled Windows and put the driver after MSE, and sure enough MSE wouldn't start. Thanks again for your help. keruken
  2. MrCharlie, I ran Malwarebytes Anti-Rootkit, but it didn't turn up anything. I attached the mbar-log.txt and system-log.txt. I ran the fixdamage tool, and restarted. However, I still am experiencing the same issues (MSE turned off, can't download, programs won't start) as before when I log in normally. I don't understand what's going on. Safe mode works fine, and I didn't have any problems when I reinstalled Windows. I made sure to install MSE before applying security patches and installing any other programs. After I installed iTunes and restarted, then that's when the problems started - iTunes shouldn't break my system like this. I also thought that something might be hiding on my data hard drive, but one of these tools should have found it, right? I'm really stuck - I can try reinstall Windows again, but am afraid that I'll get the same issue. Is it possible that it's a hardware issue? Thanks again for your time and help, keruken mbar-log-2013-09-19 (14-14-19).txt system-log.txt
  3. RogueKiller report: RogueKiller V8.6.12 _x64_ [sep 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Safe mode with network supportUser : Ryan [Admin rights]Mode : Scan -- Date : 09/19/2013 13:28:54| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - INTEL SSDSC2CW180A3 ATA Device +++++--- User ---[MBR] a84dd93b5b19931ceaddbccc47850486[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Standard disk drives) - WDC WD1002FAEX-00Z3A0 ATA Device +++++--- User ---[MBR] a84dd93b5b19931ceaddbccc47850486[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_09192013_132854.txt >>RKreport[0]_S_09192013_132646.txt
  4. DDS.txt and Attach.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 10.0.9200.16686Run by Ryan at 13:20:19 on 2013-09-19Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16271.14923 [GMT -10:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\Explorer.EXEC:\Windows\system32\ctfmon.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLmRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 192.168.0.1TCP: Interfaces\{FF6F5252-4042-46AB-A4A6-2B7F71A185FB} : DHCPNameServer = 192.168.0.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [bLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exex64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppx64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-9-18 19264]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-9-18 357184]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-9-18 789824]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-9-18 646248]S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-3-27 1014096]S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-3-27 1104208]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-9-18 166720]S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-9-18 365376]S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-3-27 1304912]S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-2-13 95232]S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-2-13 747008]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-11 71168]S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-3-21 60928]S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-9-18 342528]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-18 19456]S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-11 88960]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-9-18 29696]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-18 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-18 30208]S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-11 117248]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-18 1255736].=============== Created Last 30 ================.2013-09-19 16:28:40 -------- d-----w- C:\Users\Ryan\AppData\Local\Google2013-09-19 16:28:34 -------- d-----w- C:\Users\Ryan\AppData\Local\Deployment2013-09-19 16:28:34 -------- d-----w- C:\Users\Ryan\AppData\Local\Apps2013-09-19 16:24:02 2560 ----a-w- C:\Windows\System32\drivers\ja-JP\wdf01000.sys.mui2013-09-19 16:23:58 3072 ----a-w- C:\Windows\System32\drivers\ja-JP\tsusbflt.sys.mui2013-09-19 16:13:09 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{37991E43-37BD-48E1-BC1B-F152FA14D50F}\mpengine.dll2013-09-19 16:09:58 -------- d-----w- C:\Windows\ja-JP2013-09-19 16:09:53 -------- d-----w- C:\Windows\SysWow64\XPSViewer2013-09-19 16:09:53 -------- d-----w- C:\Windows\SysWow64\wbem\ja-JP2013-09-19 16:09:53 -------- d-----w- C:\Windows\SysWow64\ja2013-09-19 16:09:53 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\ja-JP2013-09-19 16:09:53 -------- d-----w- C:\Windows\SysWow64\drivers\ja-JP2013-09-19 16:09:53 -------- d-----w- C:\Windows\SysWow64\04112013-09-19 16:09:48 -------- d-----w- C:\Windows\System32\ja2013-09-19 16:09:48 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP2013-09-19 16:09:48 -------- d-----w- C:\Windows\System32\drivers\ja-JP2013-09-19 16:09:48 -------- d-----w- C:\Windows\System32\04112013-09-19 16:09:46 -------- d-----w- C:\Windows\System32\wbem\ja-JP2013-09-19 16:06:16 9694160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-09-19 07:56:29 55296 ----a-w- C:\Windows\SysWow64\cero.rs2013-09-19 07:55:42 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-09-19 07:46:32 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS2013-09-19 07:44:03 -------- d-----w- C:\Windows\SysWow64\Wat2013-09-19 07:44:03 -------- d-----w- C:\Windows\System32\Wat2013-09-19 07:43:31 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-09-19 07:43:31 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-09-19 07:33:19 -------- d-----w- C:\Windows\System32\MRT2013-09-19 07:24:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-09-19 07:22:27 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-09-19 07:21:50 1887232 ----a-w- C:\Windows\System32\d3d11.dll2013-09-19 07:21:50 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-09-19 07:16:15 46080 ----a-w- C:\Windows\System32\atmlib.dll2013-09-19 07:16:15 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2013-09-19 07:16:14 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll2013-09-19 07:16:14 367616 ----a-w- C:\Windows\System32\atmfd.dll2013-09-19 07:16:14 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll2013-09-19 07:16:14 100864 ----a-w- C:\Windows\System32\fontsub.dll2013-09-19 07:14:37 81408 ----a-w- C:\Windows\System32\imagehlp.dll2013-09-19 07:14:37 5120 ----a-w- C:\Windows\SysWow64\wmi.dll2013-09-19 07:14:37 5120 ----a-w- C:\Windows\System32\wmi.dll2013-09-19 07:14:37 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys2013-09-19 07:14:37 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll2013-09-19 07:10:53 751104 ----a-w- C:\Windows\System32\win32spl.dll2013-09-19 07:09:41 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys2013-09-19 07:08:38 77312 ----a-w- C:\Windows\System32\packager.dll2013-09-19 07:08:38 67072 ----a-w- C:\Windows\SysWow64\packager.dll2013-09-19 06:53:36 -------- d-----w- C:\Windows\PCHEALTH2013-09-19 06:51:22 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services2013-09-19 06:51:07 -------- d-----w- C:\Users\Ryan\AppData\Local\Microsoft Help2013-09-19 06:48:27 965008 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57708170-06C6-4283-B084-D024864E2D6C}\gapaengine.dll2013-09-19 06:45:43 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client2013-09-19 06:45:42 -------- d-----w- C:\Program Files\Microsoft Security Client2013-09-19 06:42:41 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll2013-09-19 06:42:41 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys2013-09-19 06:42:41 1031680 ----a-w- C:\Windows\System32\rdpcore.dll2013-09-19 06:38:20 2622464 ----a-w- C:\Windows\System32\wucltux.dll2013-09-19 06:38:19 99840 ----a-w- C:\Windows\System32\wudriver.dll2013-09-19 06:38:18 36864 ----a-w- C:\Windows\System32\wuapp.exe2013-09-19 06:38:18 186752 ----a-w- C:\Windows\System32\wuwebv.dll2013-09-19 06:29:27 41984 ----a-w- C:\Windows\System32\drivers\USB3Ver.dll2013-09-19 06:29:05 789824 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys2013-09-19 06:29:05 357184 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys2013-09-19 06:29:05 19264 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys2013-09-19 06:29:05 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll2013-09-19 06:25:41 56832 ----a-w- C:\Windows\System32\OpenCL.DLL2013-09-19 06:24:59 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll2013-09-19 06:24:59 110592 ----a-w- C:\Windows\System32\hccutils.dll2013-09-19 06:20:51 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll2013-09-19 06:20:51 646248 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys2013-09-19 06:20:51 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll2013-09-19 06:20:48 -------- d-----w- C:\Program Files (x86)\Realtek2013-09-19 06:19:26 15168 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll2013-09-19 06:19:16 -------- d-sh--w- C:\Windows\Installer2013-09-19 06:19:13 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent2013-09-19 06:19:07 62784 ----a-w- C:\Windows\System32\drivers\HECIx64.sys2013-09-19 06:14:18 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll2013-09-19 06:14:08 -------- d-----w- C:\Intel2013-09-19 03:45:06 -------- d-----w- C:\Windows\Panther.==================== Find3M ====================.2013-09-19 07:25:00 719360 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll2013-09-19 07:25:00 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-09-19 07:25:00 226304 ----a-w- C:\Windows\System32\elshyph.dll2013-09-19 07:25:00 185344 ----a-w- C:\Windows\SysWow64\elshyph.dll2013-09-19 07:25:00 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-09-19 07:25:00 158720 ----a-w- C:\Windows\SysWow64\msls31.dll2013-09-19 07:25:00 1054720 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe2013-09-19 07:22:27 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys.============= FINISH: 13:20:26.63 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 9/18/2013 7:48:25 PMSystem Uptime: 9/19/2013 1:17:43 PM (0 hours ago).Motherboard: Gigabyte Technology Co., Ltd. | | H77N-WIFIProcessor: Intel® Core i7-3770S CPU @ 3.10GHz | Intel® Core i7-3770S CPU @ 3.10GHz | 3093/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 167 GiB total, 106.518 GiB free.D: is FIXED (NTFS) - 932 GiB total, 408.366 GiB free.X: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: Description: Network ControllerDevice ID: PCI\VEN_8086&DEV_0887&SUBSYS_40628086&REV_C4\4&841E55&0&00E6Manufacturer: Name: Network ControllerPNP Device ID: PCI\VEN_8086&DEV_0887&SUBSYS_40628086&REV_C4\4&841E55&0&00E6Service: .Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: Security Processor Loader DriverDevice ID: ROOT\LEGACY_SPLDR\0000Manufacturer: Name: Security Processor Loader DriverPNP Device ID: ROOT\LEGACY_SPLDR\0000Service: spldr.==== System Restore Points ===================.RP16: 9/18/2013 9:56:34 PM - Windows UpdateRP17: 9/18/2013 10:06:08 PM - Windows UpdateRP18: 9/18/2013 10:12:04 PM - Windows UpdateRP19: 9/18/2013 10:17:17 PM - Windows UpdateRP20: 9/18/2013 10:29:29 PM - Windows UpdateRP21: 9/19/2013 6:07:52 AM - Windows UpdateRP22: 9/19/2013 6:12:16 AM - Windows UpdateRP23: 9/19/2013 6:15:44 AM - Windows UpdateRP24: 9/19/2013 6:18:37 AM - Windows UpdateRP25: 9/19/2013 6:23:36 AM - Windows UpdateRP26: 9/19/2013 6:43:33 AM - Installed iTunes.==== Installed Programs ======================.Apple Application SupportApple Mobile Device SupportApple Software UpdateBonjourDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionGoogle ChromeGoogle Update HelperIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® PROSet/Wireless Software for Bluetooth® TechnologyIntel® SDK for OpenCL - CPU Only Runtime PackageIntel® USB 3.0 eXtensible Host Controller DriverIntel® Trusted Connect Service ClientiTunesMicrosoft .NET Framework 4 Client ProfileMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Student 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Realtek Ethernet Controller DriverRealtek High Definition Audio DriverSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Outlook 2010 (KB2794707) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760769) 32-Bit EditionService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit EditionUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft Access 2010 (KB2553446) 32-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553157) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589370) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760758) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2810072) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2553145) 32-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition.==== Event Viewer Messages From Past Week ========.9/19/2013 6:38:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bluetooth Device Monitor service to connect.9/19/2013 6:38:40 AM, Error: Service Control Manager [7000] - The Bluetooth Device Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.9/19/2013 6:16:24 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2789645).9/19/2013 6:16:24 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2756921).9/19/2013 6:16:24 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2656356).9/19/2013 6:16:04 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2844286).9/19/2013 6:15:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452).9/19/2013 6:15:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115).9/19/2013 6:15:54 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2833946).9/19/2013 6:15:54 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2804579).9/19/2013 6:15:54 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599).9/19/2013 1:58:22 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The service has not been started.9/19/2013 1:18:18 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.9/19/2013 1:18:18 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.9/19/2013 1:18:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}9/19/2013 1:18:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}9/19/2013 1:18:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}9/19/2013 1:18:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}9/19/2013 1:17:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv69/19/2013 1:17:49 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.9/19/2013 1:16:56 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.9/18/2013 9:41:53 PM, Error: Service Control Manager [7023] - 9/18/2013 9:41:14 PM, Error: Service Control Manager [7034] - The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).9/18/2013 9:41:14 PM, Error: Service Control Manager [7034] - The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).9/18/2013 9:41:14 PM, Error: Service Control Manager [7034] - The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).9/18/2013 9:41:14 PM, Error: Service Control Manager [7034] - The Bluetooth Media Service service terminated unexpectedly. It has done this 1 time(s).9/18/2013 9:41:14 PM, Error: Service Control Manager [7031] - The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service..==== End Of File ===========================
  5. Hi guys, Earlier this week, I noticed that the Microsoft Security Essentials icon was red and had the 'X' on it. It reported that it was turned off, and I could not start it back up. I also could not download files with Chrome or IE - they would get to 100%, but just hang. However, I didn't experience any redirects. Also, the network icon also had an 'X', but I was able to connect to the Internet. I booted into Safe Mode, then downloaded and ran TDSSKiller, MBAR, and MBAM, all which did not turn up anything. I ran Rkill which removed the registry entry noactivedesktopchanges, and black screened my user desktop. At that point, I decided to reinstall Windows. I have the OS installed on an SSD, and my data on a hard drive. I wiped the data using hparm on Gparted and thought that would clean out everything. However, I didn't wipe my data drive. After reinstalling Windows, I installed Microsoft Security Essentials again, then ran all security updates. I ran several scans with MSE, then started to install some software. After I installed iTunes 11.1 and and restarted, I saw the red MSE icon and couldn't download as before. I noticed that Task Manager will freeze up too. Reran some scans in Safe Mode again, all of which didn't turn up anything again. I didn't run Rkill this time to preserve my user desktop. Is this malware or a Windows issue? Could malware have survived the wipe and reinstall? Or do I need to wipe my data drive too? I'm writing this to find out if there is rootkit or some kind of persistent malware on my system.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.