Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Service won't start


  • This topic is locked This topic is locked
58 replies to this topic

#1 _phlynhi

_phlynhi

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 17 January 2013 - 10:24 PM

Installed Windows 8 Pro and first issue noticed was inability to activate windows. RPC error. sppsvs.exe fails, BSOD SYSTEM_SERVICE_EXCEPTION (peauth.sys). MSFT support sent a new disc after failing to cure over 4 days of effort. Windows Media Player causes BSOD, but VLC works; Firefox crashes constantly, Chrome and Explorer seem to work well. Reinstalled Win8 after format, no improvement. I am stumped. I sincerely appreciate any and all help.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16384
Run by Michael at 22:02:46 on 2013-01-17
#Option Extended Search is enabled.
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.5984.4593 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\dashost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mWinlogon: Userinit = userinit.exe
TCP: Interfaces\{F1B278E4-DBFF-451B-9E54-98B19357196A} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2012-6-2 1737760]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-3-29 342632]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
.
=============== Created Last 60 ================
.
2013-01-18 02:51:38 132608 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MsMpEng.exe_1308629e23a4dadca2db1d01acb6f899ecaabd5_cab_060e73ce\poqexec.exe
2013-01-18 02:50:34 694616 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MsMpEng.exe_1308629e23a4dadca2db1d01acb6f899ecaabd5_cab_09097c30\FlashPlayerApp.exe
2013-01-18 02:50:31 80216 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-18 02:50:31 694616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-18 02:44:57 158208 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MsMpEng.exe_4adf9a23bfe6d3b463e48824a358ec7e106570_cab_09af5ff3\System.ServiceModel.Channels.dll
2013-01-18 02:42:07 117760 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MsMpEng.exe_4adf9a23bfe6d3b463e48824a358ec7e106570_cab_076cc795\dwm.exe
2013-01-18 02:35:21 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{40D25D1F-4E3C-4171-B86A-7D02D7456A31}\mpengine.dll
2013-01-17 06:02:36 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-17 06:02:18 279656 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-17 01:30:45 184000 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10189.bin
2013-01-16 19:42:41 -------- d-----r- C:\Users\Michael\Searches
2013-01-16 19:42:05 -------- d-----w- C:\Users\Michael\AppData\Local\VirtualStore
2013-01-16 19:41:58 -------- d-----w- C:\ProgramData\PRICache
2013-01-16 08:37:17 -------- d-----w- C:\Windows.old
2013-01-16 08:13:14 -------- d-----w- C:\Windows\Panther
2013-01-16 05:53:44 148480 ----a-w- C:\Windows\System32\poqexec.exe
2013-01-16 05:53:42 144384 ----a-w- C:\Windows\System32\tssdisai.dll
2013-01-16 05:53:42 135680 ----a-w- C:\Windows\System32\appserverai.dll
2013-01-16 05:53:42 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe
2013-01-16 05:53:42 126976 ----a-w- C:\Windows\System32\RDWebAI.dll
2013-01-16 05:53:42 122880 ----a-w- C:\Windows\System32\VmHostAI.dll
2013-01-16 05:48:36 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-01-16 05:48:33 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
2013-01-16 05:05:11 -------- d--h--w- C:\$SysReset
2013-01-05 22:14:32 -------- d-----w- C:\Intel
2013-01-05 22:12:15 -------- d-----r- C:\Users\Michael\Contacts
2013-01-05 22:11:45 -------- d-----w- C:\Users\Michael\AppData\Local\Packages
2013-01-05 22:11:17 -------- d-----r- C:\Users\Michael\Videos
2013-01-05 22:11:17 -------- d-----r- C:\Users\Michael\Saved Games
2013-01-05 22:11:17 -------- d-----r- C:\Users\Michael\Pictures
2013-01-05 22:11:17 -------- d-----r- C:\Users\Michael\Music
2013-01-05 22:11:17 -------- d-----r- C:\Users\Michael\Links
2013-01-05 22:11:17 -------- d-----r- C:\Users\Michael\Downloads
2013-01-05 22:11:17 -------- d-----r- C:\Users\Michael\Documents
.
==================== Find6M ====================
.
2012-07-26 08:11:45 170496 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-07-26 08:11:43 23040 ----a-w- C:\Windows\System32\drivers\secdrv.sys
2012-07-26 08:11:43 186368 ----a-w- C:\Windows\System32\msclmd.dll
2012-07-26 07:48:57 6144 ----a-w- C:\Windows\SysWow64\drivers\en-US\fwpkclnt.sys.mui
2012-07-26 07:48:48 5632 ----a-w- C:\Windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2012-07-26 07:48:47 11264 ----a-w- C:\Windows\SysWow64\drivers\en-US\NdisImPlatform.sys.mui
2012-07-26 07:48:45 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\wfplwfs.sys.mui
2012-07-26 05:00:58 97008 ----a-w- C:\Windows\System32\drivers\uaspstor.sys
2012-07-26 04:59:52 33520 ----a-w- C:\Windows\System32\drivers\battc.sys
2012-07-26 04:58:34 33520 ----a-w- C:\Windows\System32\drivers\wimmount.sys
2012-07-26 04:58:32 34032 ----a-w- C:\Windows\System32\SysResetErr.exe
2012-07-26 04:58:32 125168 ----a-w- C:\Windows\System32\bootsect.exe
2012-07-26 04:58:00 68848 ----a-w- C:\Windows\System32\drivers\pdc.sys
2012-07-26 04:58:00 52464 ----a-w- C:\Windows\System32\drivers\pcw.sys
2012-07-26 04:58:00 107760 ----a-w- C:\Windows\System32\drivers\sbp2port.sys
2012-07-26 04:56:54 1636680 ----a-w- C:\Windows\System32\WMALFXGFXDSP.dll
2012-07-26 04:55:58 1403784 ----a-w- C:\Windows\System32\winload.efi
2012-07-26 04:55:58 1217336 ----a-w- C:\Windows\System32\winresume.efi
2012-07-26 04:55:58 1093888 ----a-w- C:\Windows\System32\winresume.exe
2012-07-26 04:55:57 1266920 ----a-w- C:\Windows\System32\winload.exe
2012-07-26 04:55:47 77928 ----a-w- C:\Windows\System32\kdvm.dll
2012-07-26 04:55:32 1326784 ----a-w- C:\Windows\System32\webservices.dll
2012-07-26 04:55:31 33504 ----a-w- C:\Windows\System32\RuntimeBroker.exe
2012-07-26 04:55:31 1566440 ----a-w- C:\Windows\System32\ole32.dll
2012-07-26 04:55:14 46320 ----a-w- C:\Windows\System32\apisetschema.dll
2012-07-26 04:55:14 303856 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2012-07-26 04:55:14 1448688 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2012-07-26 04:54:34 96496 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
2012-07-26 04:53:48 918528 ----a-w- C:\Windows\System32\fhuxpresentation.dll
2012-07-26 04:53:48 80896 ----a-w- C:\Windows\System32\fhuxgraphics.dll
2012-07-26 04:53:48 453120 ----a-w- C:\Windows\System32\FileHistory.exe
2012-07-26 04:53:48 31744 ----a-w- C:\Windows\System32\fhuxcommon.dll
2012-07-26 04:53:48 16384 ----a-w- C:\Windows\System32\fhuxapi.dll
2012-07-26 04:53:48 124928 ----a-w- C:\Windows\System32\fhuxadapter.dll
2012-07-26 04:53:16 67824 ----a-w- C:\Windows\System32\drivers\vpci.sys
2012-07-26 04:53:16 496368 ----a-w- C:\Windows\System32\drivers\vhdmp.sys
2012-07-26 04:53:16 19696 ----a-w- C:\Windows\System32\kdhv1394.dll
2012-07-26 04:53:15 36080 ----a-w- C:\Windows\System32\drivers\vdrvroot.sys
2012-07-26 04:52:35 62496 ----a-w- C:\Windows\System32\drivers\dumpfve.sys
2012-07-26 04:52:35 320112 ----a-w- C:\Windows\System32\cfgmgr32.dll
2012-07-26 04:52:35 177576 ----a-w- C:\Windows\System32\ProximityUxHost.exe
2012-07-26 04:52:35 147624 ----a-w- C:\Windows\System32\bdeunlock.exe
2012-07-26 04:52:35 134168 ----a-w- C:\Windows\System32\devobj.dll
2012-07-26 04:52:35 1122776 ----a-w- C:\Windows\System32\Taskmgr.exe
2012-07-26 04:52:35 103712 ----a-w- C:\Windows\System32\systemreset.exe
2012-07-26 04:52:34 502576 ----a-w- C:\Windows\System32\ci.dll
2012-07-26 04:52:06 90112 ----a-w- C:\Windows\System32\srmlib.dll
2012-07-26 04:51:42 152272 ----a-w- C:\Windows\System32\wscapi.dll
2012-07-26 04:51:39 439392 ----a-w- C:\Windows\System32\WerFault.exe
2012-07-26 04:51:39 136768 ----a-w- C:\Windows\System32\wermgr.exe
2012-07-26 04:51:20 72192 ----a-w- C:\Windows\System32\appidapi.dll
2012-07-26 04:51:20 562400 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-26 04:51:20 32992 ----a-w- C:\Windows\System32\LicensingUI.exe
2012-07-26 04:51:20 292760 ----a-w- C:\Windows\System32\rsaenh.dll
2012-07-26 04:51:20 190480 ----a-w- C:\Windows\System32\dssenh.dll
2012-07-26 04:51:20 120712 ----a-w- C:\Windows\System32\AuthHost.exe
2012-07-26 04:51:18 180976 ----a-w- C:\Windows\System32\basecsp.dll
2012-07-26 04:50:20 86632 ----a-w- C:\Windows\System32\drivers\vmbkmcl.sys
2012-07-26 04:50:20 62568 ----a-w- C:\Windows\System32\drivers\winhv.sys
2012-07-26 04:50:20 45160 ----a-w- C:\Windows\System32\drivers\vmstorfl.sys
2012-07-26 04:50:20 37992 ----a-w- C:\Windows\System32\drivers\storvsc.sys
2012-07-26 04:50:20 137832 ----a-w- C:\Windows\System32\drivers\vmbus.sys
2012-07-26 04:50:16 127488 ----a-w- C:\Windows\System32\NAPHLPR.DLL
2012-07-26 04:50:15 51200 ----a-w- C:\Windows\System32\NAPCRYPT.DLL
2012-07-26 04:50:15 5118464 ----a-w- C:\Windows\System32\AuthFWSnapin.dll
2012-07-26 04:50:14 135168 ----a-w- C:\Windows\System32\dnscmmc.dll
2012-07-26 04:50:14 114176 ----a-w- C:\Windows\System32\AuthFWWizFwk.dll
2012-07-26 04:50:01 306928 ----a-w- C:\Windows\System32\WMASF.DLL
2012-07-26 04:49:37 199680 ----a-w- C:\Windows\System32\cdd.dll
2012-07-26 04:49:13 95448 ----a-w- C:\Windows\System32\OpenWith.exe
2012-07-26 04:49:13 36648 ----a-w- C:\Windows\System32\CredentialUIBroker.exe
2012-07-26 04:49:13 28344 ----a-w- C:\Windows\System32\PickerHost.exe
2012-07-26 04:49:13 26224 ----a-w- C:\Windows\System32\SystemSettingsRemoveDevice.exe
2012-07-26 04:49:13 2380440 ----a-w- C:\Windows\explorer.exe
2012-07-26 04:49:13 22128 ----a-w- C:\Windows\System32\PurchaseWindowsLicense.exe
2012-07-26 04:49:13 1798928 ----a-w- C:\Windows\System32\DisplaySwitch.exe
2012-07-26 04:48:55 61368 ----a-w- C:\Windows\System32\wwapi.dll
2012-07-26 04:48:06 33792 ----a-w- C:\Windows\System32\dmvscres.dll
2012-07-26 04:48:04 55808 ----a-w- C:\Windows\System32\vmbusres.dll
2012-07-26 04:48:01 38400 ----a-w- C:\Windows\System32\vmstorfltres.dll
2012-07-26 04:47:57 160256 ----a-w- C:\Windows\System32\vmicres.dll
2012-07-26 04:47:47 163328 ----a-w- C:\Windows\System32\Windows.Help.Runtime.dll
2012-07-26 04:46:56 2366984 ----a-w- C:\Windows\System32\WSService.dll
2012-07-26 04:45:08 792184 ----a-w- C:\Windows\System32\mfplat.dll
2012-07-26 04:45:08 522648 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2012-07-26 04:45:08 490072 ----a-w- C:\Windows\System32\AudioEng.dll
2012-07-26 04:45:08 446776 ----a-w- C:\Windows\System32\AudioSes.dll
2012-07-26 04:45:08 389368 ----a-w- C:\Windows\System32\MMDevAPI.dll
2012-07-26 04:45:07 253520 ----a-w- C:\Windows\System32\audiodg.exe
2012-07-26 04:45:07 15952 ----a-w- C:\Windows\System32\ksuser.dll
2012-07-26 04:44:59 1119336 ----a-w- C:\Windows\System32\drmv2clt.dll
2012-07-26 04:44:30 258288 ----a-w- C:\Windows\System32\drivers\WdFilter.sys
2012-07-26 04:43:49 29880 ----a-w- C:\Windows\System32\CameraSettingsUIHost.exe
2012-07-26 04:43:49 27288 ----a-w- C:\Windows\System32\avrt.dll
2012-07-26 04:36:15 34216 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2012-07-26 04:03:42 2205696 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2012-07-26 03:59:44 28824 ----a-w- C:\Windows\System32\PrintDialogHost.exe
2012-07-26 03:50:58 240880 ----a-w- C:\Windows\SysWow64\WMASF.DLL
2012-07-26 03:50:01 88200 ----a-w- C:\Windows\SysWow64\OpenWith.exe
2012-07-26 03:50:01 32440 ----a-w- C:\Windows\SysWow64\CredentialUIBroker.exe
.
============= FINISH: 22:03:11.37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:21 AM

Posted 22 January 2013 - 10:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/482143 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 _phlynhi

_phlynhi
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 23 January 2013 - 10:14 AM

PROBLEM Description: Activating Windows fails with RPC failed (full info in initial post). Reformat>clean install= no improvement. I am stumped. My best guess is some kind of rootkit, but that is just a guess. Purchased PC as refurbished, had same issues when received (initially had Win 7 installed), and I expected clean install of Win8 would solve the problem.

I am not at the PC in question, will post updated DDS log tonight when I get home.

I do have the Windows Install disc available. Windows 8 professional 64-Bit.

Thanks so much for your help with this(and Bleeping Computer in general)!

#4 _phlynhi

_phlynhi
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 24 January 2013 - 07:41 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16453
Run by Michael at 7:37:10 on 2013-01-24
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.5984.4964 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\dashost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mWinlogon: Userinit = userinit.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F1B278E4-DBFF-451B-9E54-98B19357196A} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\tcks2c68.default\
.
============= SERVICES / DRIVERS ===============
.
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2012-6-2 1737760]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-3-29 342632]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2012-9-19 102368]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2012-9-19 203104]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
.
=============== Created Last 30 ================
.
2013-01-24 04:51:53 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CD045156-2D8B-4EE0-8B47-120034FF146C}\mpengine.dll
2013-01-23 08:46:51 212672 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10190.bin
2013-01-23 08:19:20 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-22 18:35:43 80728 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-22 18:35:43 695640 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-22 04:43:59 -------- d-----w- C:\ProgramData\vsosdk
2013-01-22 04:28:51 65602 ----a-w- C:\Windows\SysWow64\cook3260.dll
2013-01-22 04:28:51 626688 ----a-w- C:\Windows\SysWow64\vp7vfw.dll
2013-01-22 04:28:51 217127 ----a-w- C:\Windows\SysWow64\drv43260.dll
2013-01-22 04:28:51 208935 ----a-w- C:\Windows\SysWow64\drv33260.dll
2013-01-22 04:28:51 176165 ----a-w- C:\Windows\SysWow64\drv23260.dll
2013-01-22 04:28:51 102439 ----a-w- C:\Windows\SysWow64\sipr3260.dll
2013-01-22 04:28:50 1184984 ----a-w- C:\Windows\SysWow64\wvc1dmod.dll
2013-01-22 04:28:50 -------- d-----w- C:\Program Files (x86)\VSO
2013-01-22 02:08:26 -------- d-----w- C:\Program Files (x86)\uTorrent
2013-01-22 02:08:08 -------- d-----w- C:\Users\Michael\AppData\Roaming\uTorrent
2013-01-18 03:32:22 -------- d-----w- C:\Users\Michael\AppData\Local\SwvUpdater
2013-01-18 03:32:15 -------- d-----w- C:\Users\Michael\AppData\Local\Conduit
2013-01-18 03:32:15 -------- d-----w- C:\Program Files (x86)\Conduit
2013-01-18 03:31:56 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-01-17 06:02:18 279656 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-16 19:42:41 -------- d-----r- C:\Users\Michael\Searches
2013-01-16 19:42:05 -------- d-----w- C:\Users\Michael\AppData\Local\VirtualStore
2013-01-16 19:41:58 -------- d-----w- C:\ProgramData\PRICache
2013-01-16 08:37:17 -------- d-----w- C:\Windows.old
2013-01-16 08:13:14 -------- d-----w- C:\Windows\Panther
2013-01-16 05:55:56 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll
2013-01-16 05:54:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-01-16 05:54:37 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-01-16 05:54:18 405504 ----a-w- C:\Windows\System32\pcasvc.dll
2013-01-16 05:54:18 31232 ----a-w- C:\Windows\System32\pcadm.dll
2013-01-16 05:54:18 13312 ----a-w- C:\Windows\System32\pcalua.exe
2013-01-16 05:54:18 11776 ----a-w- C:\Windows\System32\pcaevts.dll
2013-01-16 05:54:00 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-01-16 05:54:00 1048064 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2013-01-16 05:52:22 9216 ----a-w- C:\Windows\System32\dpnhupnp.dll
2013-01-16 05:50:59 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-16 05:49:58 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2013-01-16 05:48:36 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-01-16 05:48:33 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
2013-01-16 05:46:57 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-01-16 05:46:57 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-01-16 05:05:11 -------- d--h--w- C:\$SysReset
2013-01-05 22:14:32 -------- d-----w- C:\Intel
2013-01-05 22:12:15 -------- d-----r- C:\Users\Michael\Contacts
2013-01-05 22:11:45 -------- d-----w- C:\Users\Michael\AppData\Local\Packages
2013-01-05 22:11:17 -------- d-----r- C:\Users\Michael\Videos
2013-01-05 22:11:17 -------- d-----r- C:\Users\Michael\Saved Games
2013-01-05 22:11:17 -------- d-----r- C:\Users\Michael\Pictures
2013-01-05 22:11:17 -------- d-----r- C:\Users\Michael\Music
2013-01-05 22:11:17 -------- d-----r- C:\Users\Michael\Links
2013-01-05 22:11:17 -------- d-----r- C:\Users\Michael\Downloads
2013-01-05 22:11:17 -------- d-----r- C:\Users\Michael\Documents
.
==================== Find3M ====================
.
2012-12-16 08:28:20 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 08:20:01 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-16 08:08:33 362496 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 07:57:09 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-06 04:23:00 170496 ----a-w- C:\Windows\System32\TimeBrokerServer.dll
2012-12-06 04:22:59 178176 ----a-w- C:\Windows\System32\SystemEventsBrokerServer.dll
2012-12-04 04:21:42 368640 ----a-w- C:\Windows\System32\sppwinob.dll
2012-12-04 03:59:08 4055552 ----a-w- C:\Windows\System32\win32k.sys
2012-11-29 05:05:57 707584 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll
2012-11-29 05:05:57 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
2012-11-28 04:21:17 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2012-11-28 04:20:59 53760 ----a-w- C:\Windows\System32\UXInit.dll
2012-11-27 07:00:32 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2012-11-27 07:00:29 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2012-11-27 06:59:13 329960 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-11-27 06:39:46 1122768 ----a-w- C:\Windows\System32\Taskmgr.exe
2012-11-27 04:49:20 1027152 ----a-w- C:\Windows\SysWow64\Taskmgr.exe
2012-11-27 04:20:50 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe
2012-11-27 04:20:42 179200 ----a-w- C:\Windows\SysWow64\wpnapps.dll
2012-11-27 04:20:35 891904 ----a-w- C:\Windows\SysWow64\winmde.dll
2012-11-27 04:20:31 798208 ----a-w- C:\Windows\SysWow64\WebcamUi.dll
2012-11-27 04:20:29 46592 ----a-w- C:\Windows\SysWow64\vds_ps.dll
2012-11-27 04:20:28 560128 ----a-w- C:\Windows\SysWow64\UserLanguagesCpl.dll
2012-11-27 04:20:23 1217536 ----a-w- C:\Windows\SysWow64\storagewmi.dll
2012-11-27 04:20:15 680960 ----a-w- C:\Windows\System32\vds.exe
2012-11-27 04:20:07 702464 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2012-11-27 04:20:07 1123840 ----a-w- C:\Windows\System32\mstsc.exe
2012-11-27 04:18:59 888832 ----a-w- C:\Windows\System32\nshwfp.dll
2012-11-27 04:18:39 5974528 ----a-w- C:\Windows\System32\mstscax.dll
2012-11-27 04:18:13 1071104 ----a-w- C:\Windows\System32\IKEEXT.DLL
2012-11-27 04:18:06 378880 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2012-11-27 04:17:32 718848 ----a-w- C:\Windows\System32\BFE.DLL
2012-11-27 04:17:31 2302464 ----a-w- C:\Windows\System32\authui.dll
2012-11-27 03:57:32 18432 ----a-w- C:\Windows\System32\drivers\BtaMPM.sys
2012-11-27 03:56:29 31104 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
2012-11-27 03:55:44 29952 ----a-w- C:\Windows\System32\drivers\BthhfHid.sys
2012-11-26 04:21:18 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll
2012-11-26 04:20:09 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll
2012-11-20 08:00:23 6971624 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-11-20 05:24:19 1164800 ----a-w- C:\Windows\SysWow64\Display.dll
2012-11-20 05:24:17 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll
2012-11-20 05:17:23 1184256 ----a-w- C:\Windows\System32\Display.dll
2012-11-20 05:02:46 6656 ----a-w- C:\Windows\SysWow64\KBDKURD.DLL
2012-11-20 04:59:26 7168 ----a-w- C:\Windows\System32\KBDKURD.DLL
2012-11-20 04:56:27 27136 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-11-20 04:56:11 83456 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2012-11-20 04:54:31 39936 ----a-w- C:\Windows\System32\drivers\hidi2c.sys
2012-11-15 06:08:41 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-13 04:20:30 1120768 ----a-w- C:\Windows\System32\msctf.dll
2012-11-13 04:19:23 890880 ----a-w- C:\Windows\SysWow64\msctf.dll
2012-11-10 04:23:25 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe
2012-11-10 04:23:18 148480 ----a-w- C:\Windows\System32\poqexec.exe
2012-11-10 04:22:40 122880 ----a-w- C:\Windows\System32\VmHostAI.dll
2012-11-10 04:22:35 144384 ----a-w- C:\Windows\System32\tssdisai.dll
2012-11-10 04:22:14 126976 ----a-w- C:\Windows\System32\RDWebAI.dll
2012-11-10 04:20:20 135680 ----a-w- C:\Windows\System32\appserverai.dll
2012-11-08 04:25:36 523776 ----a-w- C:\Windows\SysWow64\WSShared.dll
2012-11-08 04:25:36 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2012-11-08 04:25:36 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:25:35 1775104 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-08 04:24:27 2881536 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-08 04:24:22 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-11-08 04:24:22 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-11-08 04:24:19 75776 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-11-08 04:24:06 10752 ----a-w- C:\Windows\SysWow64\dciman32.dll
2012-11-08 04:22:21 641536 ----a-w- C:\Windows\System32\WSShared.dll
2012-11-08 04:22:20 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll
2012-11-08 04:22:20 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:22:19 2246656 ----a-w- C:\Windows\System32\wininet.dll
2012-11-08 04:22:12 907776 ----a-w- C:\Windows\System32\uxtheme.dll
2012-11-08 04:21:00 3966464 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-08 04:20:56 67072 ----a-w- C:\Windows\System32\iesetup.dll
2012-11-08 04:20:56 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2012-11-08 04:20:50 96256 ----a-w- C:\Windows\System32\fontsub.dll
2012-11-08 04:20:37 14336 ----a-w- C:\Windows\System32\dciman32.dll
2012-11-08 04:02:16 3072 ----a-w- C:\Windows\System32\lpk.dll
2012-11-08 04:01:40 3072 ----a-w- C:\Windows\SysWow64\lpk.dll
2012-11-08 01:56:52 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2012-11-06 07:52:07 445160 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2012-11-06 07:52:04 277736 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2012-11-06 07:36:23 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
2012-11-06 07:33:46 522640 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2012-11-06 07:33:46 253512 ----a-w- C:\Windows\System32\audiodg.exe
2012-11-06 07:33:45 490064 ----a-w- C:\Windows\System32\AudioEng.dll
2012-11-06 07:33:45 447792 ----a-w- C:\Windows\System32\AudioSes.dll
2012-11-06 07:33:30 1566432 ----a-w- C:\Windows\System32\ole32.dll
2012-11-06 05:00:06 463768 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2012-11-06 05:00:06 427568 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2012-11-06 05:00:06 324344 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2012-11-06 04:54:13 2205696 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2012-11-06 04:48:27 1150160 ----a-w- C:\Windows\SysWow64\ole32.dll
2012-11-06 04:19:59 470016 ----a-w- C:\Windows\System32\wlanmsm.dll
2012-11-06 04:18:58 84992 ----a-w- C:\Windows\SysWow64\fdWCN.dll
2012-11-06 04:17:58 110080 ----a-w- C:\Windows\System32\dafWCN.dll
2012-11-06 04:17:42 785920 ----a-w- C:\Windows\System32\audiosrv.dll
2012-11-06 04:17:41 169472 ----a-w- C:\Windows\System32\AudioEndpointBuilder.dll
2012-11-06 04:17:35 2146816 ----a-w- C:\Windows\System32\actxprxy.dll
2012-11-06 04:17:32 212992 ----a-w- C:\Windows\System32\bthprops.cpl
2012-11-06 04:00:44 99328 ----a-w- C:\Windows\System32\wushareduxresources.dll
2012-11-06 04:00:17 16384 ----a-w- C:\Windows\System32\iscsilog.dll
.
============= FINISH: 7:37:22.15 ===============

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:21 PM

Posted 30 January 2013 - 03:30 PM

Greetings _phlynhi. and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

I will tell you from the start that I can not give you any assurance we can resolve your issues because most of the tools we routinely use are not compatible with Windows 8. You have a lot of issues going on which makes it even more difficult to address. Even without all of your other issues Windows Activation issues can be difficult to resolve. Having said that, we will do our best.

----------

Purchased PC as refurbished, had same issues when received (initially had Win 7 installed)

By this do you mean Windows 7 would not activate properly?
Please describe in detail how you reformatted the hard drive. Did you do it by restoring the computer to factory condition or did you do it another way?

----------

Thank you for your patience thus far. I know you have been waiting for awhile. I would like to get a more recent DDS log to make sure we are addressing the most current information.


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================


Helping me Help You

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.


===================================================


Additional Information

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
    • Explain as best you can what happens with your computer, i.e. it beeps three times, the the black screen starts then goes blank, etc
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.

===================================================


Create DDS.txt and Attach.txt

I need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    DDS.com
    DDS.pif

  • Double click on the Posted Image icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Please copy and paste the contents of both results in your post.
  • Close the program window, and delete the program from your desktop.
You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • DDS.txt
  • Attach.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 _phlynhi

_phlynhi
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 30 January 2013 - 03:52 PM

Hello Gary,
Thanks for your help, I sincerely appreciate it. I will post the requested logs this evening when I get home to the offending PC. In the meantime, I will address your other questions:

"By this do you mean Windows 7 would not activate properly?" >>Yes, when 7 was installed, I had almost identical issues as I am having w/ Win8. I assumed that upgrade to 8 would correct the issues, but this has not been the case.

"Please describe in detail how you reformatted the hard drive. Did you do it by restoring the computer to factory condition or did you do it another way?" >> I reformatted using the Win8 Installation Disc and selecting "format drive" in advanced options prior to installation.

"I will tell you from the start that I can not give you any assurance we can resolve your issues because most of the tools we routinely use are not compatible with Windows 8." >>If you think it will help, I am happy to reinstall Win7 Pro on the machine to allow you to use your full complement of tools. My thinking is that since the issues were persistent across installations, then if we cure what ails in the Win7 environment, the cure will persist to the Win8 upgrade (and I am not against eschewing the upgrade to Win8 if we manage a fix in Win7 environment).

Thanks again Gary. And of course, please call me Michael.

I will post the requested logs and info this evening.

Cheers!

Michael.

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:21 PM

Posted 30 January 2013 - 04:01 PM

Hi Michael,

Did you receive the computer with Windows 7 or did you attempt to upgrade it to that Operating System from Vista/XP? Do you have a full installation version (not upgrade) of Windows 7/Vista/XP?

I am happy to reinstall Win7 Pro on the machine to allow you to use your full complement of tools.

This would certainly give us a better shot at it and more options to not only evaluate the state of your computer but also try to resolve what we might find.

Thanks for the quick response. I really appreciate it.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 _phlynhi

_phlynhi
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 30 January 2013 - 04:12 PM

Received PC w/ Win7 preinstalled. I do have a full version (not upgrade) of Win 7.

Since Win7 will improve our odds of success, would it be most efficient for me to install 7 and THEN run and post DDS? Or would you prefer to get the DDS log of the PC as is (with 8) first?

I am not in a hurry, and defer to your expertise. I have been stumped by this for months, so please advise based on what helps you the most, don't worry about saving time or effort on my behalf. My curiosity is piqued, so let's have at it! :-)

Should I:

Run DDS on PC as is, with Win8, or;

Reinstall 7 and run DDS tonight?

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:21 PM

Posted 30 January 2013 - 04:28 PM

Hi Michael,

I think we need to do a deep format and start from scratch. Sometimes reformatting via Operating System upgrade does not get down to the issue. If partitions are left in tact so might the infections.

Follow these instructions if you are unfamiliar with formatting your hard drive. Do not select Quick Format. The process may take awhile. Once completed install the Full Version of Windows 7.

Let me know how it goes and test your computer to see how it behaves after the fresh format/install.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:21 PM

Posted 05 February 2013 - 09:39 AM

Hi Michael,

Are you still with me? How are you doing?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 _phlynhi

_phlynhi
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 05 February 2013 - 12:28 PM

Hi Gary,

Yes, still with you. Here's what's been happening:
It took me a couple tries to figure out how to format primary windows drive (the "deep format" you recommended), got that done. When attempting to install Windows 7, I get an error message near the end of the install process that reads something like (sorry i don't have the exact verbiage, should have written it down): "Windows was unable to install a required component, please restart the installation." Got this message a couple of times. reinstalled Win8, installed fine, but still having the same issues as in original post. When I did the deep format, I also ran windows memory diagnostics and Chkdsk, no issues found.

So, at the moment I have Win8 installed. What would be the best thing to do to help you help me? Should I try to install Win7 again and hope for the best (and at least provide the exact error message)? Or should I run and post the DDS logs in the Win8 environment?

Thanks again for your help, very much appreciated!

M.

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:21 PM

Posted 05 February 2013 - 12:56 PM

Hi Michael,

Thanks for posting. Glad you are still here.

I have a couple of questions:

Do you connect to the internet through a router?
If so, are there any other computers attached to the router and do they have any issues?
After reformat/reinstall of Windows 8 did you transfer any old files back onto the computer? Did the symptoms surface right from the start?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 _phlynhi

_phlynhi
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 05 February 2013 - 01:09 PM

1. Yes, I connect through a router.
2. Yes, there are other several other devices attached to the router (PS3, DVD players, 3 laptops, several handhelds, Wii.) None of the other devices have any issues. Recently got a new router, but the issues on this PC preceded the new router.
3. I did not transfer any old files back to the PC. Symptoms were back immediately (my first action on reinstall was to attempt to activate, exact same failure and error message.)

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:21 PM

Posted 05 February 2013 - 01:14 PM

Are you experiencing the other issues you listed in your first post in addition to the failure to activate?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 _phlynhi

_phlynhi
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 05 February 2013 - 01:18 PM

Yes, I am still having issues with Firefox closing unexpectedly, WMP = BSOD.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users