Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit? aswMBR: IRP_MJ_Create, Catchme: NTDLL modification


  • This topic is locked This topic is locked
27 replies to this topic

#1 Lodder

Lodder

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 17 December 2013 - 11:54 PM

Hello there at Bleeping Computer,

 

Out of a habit i now and then do a netstat immediately after booting my pc and recently found a suspicious connection to an ip address that is not resolvable, using http.

Since then i have been monitoring the connections of the pc a bit more and found that there were sessions active that i cannot explain, all linked to this ip address and sometimes a few other ip's in the same subnet.

Reading some posts on your website i used tools like catchme which crashes and in the log says ntdll modification detected, aswMBR which reports IRP_MJ_Create and GMER which detects a whole lot of stuff which i do not comprehend.

Using netstat -b, netstat -o and processexplorer i found svchost processes of a big size started by the mentioned ip address, i tried to make a dump of it but was not allowed.

Also i found recent IIS logs with details about the harddisks layout and other stuff that i never put there.

Two other pc's on my home network have the same problem as i just had a look!

I'm quite sure some very fishy stuff is going on, please assist to see if i can win my computers back, i'd hate to have to reinstall windows and everything and even then not feel secure.

I use a registered version of Mbam and recently switched from Eset NOD32 beta version to Microsoft Security Essentials, i also use CCleaner, none of them detect anything.

For now i simply blocked the particular ip subnet in windows firewall and i see no strange connections, also disabled upnp, but i feel not at the least safe as you can see.

Thanks in advance for your help and best regards

 

 

DS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by L0lcat666 at 5:17:03 on 2013-12-18
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1043.18.8173.4204 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Applications\always-on-top\always-on-top.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\L0lcat666\Downloads\Rootkits\aswMBR.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Users\L0lcat666\Downloads\Rootkits\gmer.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [NetworkIndicator] C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\L0LCAT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ALWAYS~1.LNK - E:\Applications\always-on-top\always-on-top.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EDE560E0-4992-4F15-84C1-74F976CC6A2C} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: taskmgr.exe - "E:\APPLICATIONS\PROCEXP\PROCEXP.EXE"
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORDTSUPTBT 
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: taskmgr.exe - "E:\APPLICATIONS\PROCEXP\PROCEXP.EXE"
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\drivers\amdkmafd.sys [2012-9-23 21160]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-3-22 678384]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-3-22 28656]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-11-29 239616]
R2 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2013-7-13 210024]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2013-8-4 9216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-23 418376]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-7-13 139592]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-7-13 418632]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-23 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-4-10 849992]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-22 15344]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-23 701512]
S3 amdiommu;amdiommu;C:\Windows\System32\drivers\amdkiomd.sys [2013-11-29 77824]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2011-11-25 14448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-13 19456]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-12-14 155824]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-12 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-13 1255736]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-12-18 04:14:37 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C68252FD-BDAB-46EC-B78A-0FBB8F888104}\offreg.dll
2013-12-17 23:53:35 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C68252FD-BDAB-46EC-B78A-0FBB8F888104}\mpengine.dll
2013-12-17 23:42:27 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-17 02:02:15 -------- d-----w- C:\Users\L0lcat666\VirtualBox VMs
2013-12-16 22:57:09 -------- d-----w- C:\Users\L0lcat666\AppData\Roaming\Python
2013-12-16 22:57:09 -------- d-----w- C:\Users\L0lcat666\AppData\Local\ActiveState
2013-12-16 22:50:24 -------- d-----w- C:\Python27
2013-12-16 21:14:01 -------- d-----w- C:\Program Files\Genymobile
2013-12-16 21:09:13 -------- d-----w- C:\Users\L0lcat666\AppData\Local\Genymobile
2013-12-16 21:08:47 252688 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2013-12-16 21:08:47 126736 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2013-12-16 21:08:45 -------- d-----w- C:\Program Files\Oracle
2013-12-16 21:07:09 -------- d-----w- C:\Users\L0lcat666\.VirtualBox
2013-12-14 03:32:11 -------- d-----w- C:\Program Files (x86)\Sony
2013-12-13 03:20:43 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-13 03:20:43 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-13 03:20:42 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-13 03:20:42 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-12 19:05:12 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-12 19:05:12 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-12 19:05:12 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-12 19:05:12 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-12 19:05:12 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-12 19:05:12 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-12 19:05:12 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-12 19:04:13 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-12 19:04:13 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-12 19:04:11 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-12 19:04:11 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-12 19:04:11 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-12 19:04:11 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-12 19:04:11 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-12 19:04:11 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-12 19:04:11 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-12 19:04:11 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-12 19:04:11 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-12-12 19:04:11 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-10 18:42:31 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{329B6EF1-AAB7-440D-B6AE-22CD7CDCC39B}\gapaengine.dll
2013-12-10 18:41:58 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-12-10 18:41:57 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-12-10 17:24:19 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D39F159-D0B8-4638-A72E-EEE53EDE2903}\mpengine.dll
2013-12-08 18:59:43 84992 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNBPP4.DLL
2013-12-04 21:33:43 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-12-01 13:36:44 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2013-12-01 13:36:44 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2013-12-01 12:43:28 -------- d-----w- C:\Users\L0lcat666\.android
2013-12-01 12:43:25 -------- d-----w- C:\Users\L0lcat666\workspace
2013-12-01 12:42:28 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-12-01 12:42:07 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-29 17:59:40 157736 ----a-w- C:\Windows\System32\amdhcp64.dll
2013-11-29 17:59:16 142304 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2013-11-29 17:58:30 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-11-29 17:58:30 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-11-29 17:58:06 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-11-29 17:58:06 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-11-29 17:55:02 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-11-29 17:54:38 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-11-29 17:53:44 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-11-29 17:53:20 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-11-29 17:52:34 1319064 ----a-w- C:\Windows\System32\aticfx64.dll
2013-11-29 17:51:42 1100728 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-11-29 17:50:42 9764088 ----a-w- C:\Windows\System32\atidxx64.dll
2013-11-29 17:50:16 8412680 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-11-29 17:49:10 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-11-29 17:48:18 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-11-29 17:47:20 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-11-29 17:46:46 7751920 ----a-w- C:\Windows\System32\atiumd64.dll
2013-11-29 17:39:00 13201920 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-11-29 17:24:20 230912 ----a-w- C:\Windows\System32\clinfo.exe
2013-11-29 17:24:08 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-11-29 17:24:08 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-11-29 17:24:06 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-11-29 17:24:06 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-11-29 17:24:04 100352 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-11-29 17:23:56 83968 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-11-29 17:23:50 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-11-29 17:23:46 73728 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-11-29 17:23:26 29363712 ----a-w- C:\Windows\System32\amdocl64.dll
2013-11-29 17:21:02 24846848 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-11-29 17:18:56 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-11-29 17:18:50 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-11-29 17:13:48 129536 ----a-w- C:\Windows\System32\coinst_13.25.18.dll
2013-11-29 17:03:26 77824 ----a-w- C:\Windows\System32\drivers\amdkiomd.sys
2013-11-29 17:00:28 26350592 ----a-w- C:\Windows\System32\atio6axx.dll
2013-11-29 16:55:34 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-11-29 16:55:24 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-11-29 16:55:22 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-11-29 16:55:14 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-11-29 16:55:12 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-11-29 16:54:56 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-11-29 16:51:50 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-11-29 16:43:00 140560 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-11-29 16:42:08 22156288 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-11-29 16:40:46 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2013-11-29 16:35:50 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-11-29 16:35:42 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2013-11-29 16:35:36 585216 ----a-w- C:\Windows\System32\atieclxx.exe
2013-11-29 16:34:42 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-11-29 16:33:10 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2013-11-29 16:05:04 1145344 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-11-29 16:04:52 825856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-11-29 16:04:36 74752 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-11-29 16:04:32 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-11-29 16:04:32 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-11-29 16:04:26 100352 ----a-w- C:\Windows\System32\atig6txx.dll
2013-11-29 16:04:18 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-11-29 16:04:08 624128 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-11-29 16:02:44 96256 ----a-w- C:\Windows\System32\amdave64.dll
2013-11-29 16:02:38 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
2013-11-29 16:02:28 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2013-11-29 16:02:22 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2013-11-29 16:00:30 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-11-29 11:34:58 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2013-11-29 11:29:56 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2013-11-27 04:58:47 -------- d-----w- C:\Windows\Migration
.
==================== Find3M  ====================
.
2013-12-03 15:20:24 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-11-29 16:43:00 154896 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-13 01:50:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-13 01:50:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-10-02 02:22:20 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-10-02 02:11:13 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-10-02 02:08:53 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-10-02 01:48:59 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2013-10-02 01:48:08 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2013-10-02 01:29:05 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2013-10-02 01:10:56 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-10-02 00:15:45 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll
2013-10-02 00:14:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2013-10-02 00:14:20 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2013-10-02 00:08:30 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2013-10-02 00:01:16 420864 ----a-w- C:\Windows\System32\wksprt.exe
2013-10-01 23:58:48 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-10-01 23:31:09 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2013-10-01 23:08:10 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2013-10-01 20:57:46 6578176 ----a-w- C:\Windows\System32\mstscax.dll
2013-10-01 20:55:10 5698048 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-27 08:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 08:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:41 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:53 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-24 14:53:50 94208 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2013-09-24 14:51:26 110080 ----a-w- C:\Windows\System32\DelayAPO.dll
.
============= FINISH:  5:17:08.12 ===============
 

 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Lodder

Lodder
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 18 December 2013 - 12:17 AM

Forgot something, windows defender was disabled and i cannot turn it back on, it just shows an hourglass for ever.



#3 Lodder

Lodder
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 18 December 2013 - 01:14 AM

Also now just found out Malwarebytes got disabled and it's database was corrupted or missing.

I was able to to start it manually and update the db though, it's  running a full scan now, while windows defender still cannot be started.



#4 Lodder

Lodder
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 18 December 2013 - 01:18 AM

Well Malwarebytes didnt find anything related again, please tell me where to go from here.



#5 Lodder

Lodder
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 18 December 2013 - 06:01 AM

i get blocked from specific security related webpages, for instance i can access microsoft site page for disabling proxy settings but then get blocked to the next page with the fixit solution.



#6 Lodder

Lodder
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 21 December 2013 - 02:27 PM

A small update about my main system.
All scanners i tried in safe mode found nothing but sometimes small seemingly harmless registry settings alterations.
But still fishy things happened looking at netstat output and now and then stuff like process explorer suddenly being replaced by taskmanager.
Also i was unable to delete certain registry keys referring to sptd that i deinstalled before and were not present on the system anymore, even in safe mode and with a tool to do it during startup.
So i decided to reinstall windows 7 on this system.
Before i did that i downloaded on a usb stick that i firstly cleanst, put on a new mbr and partioned with diskpart to be sure many files for offline install, like win7 sp1, eset nod32, mbam, mbar, spybot, awdmbr, tdsskiller, hitman pro, roguekiller etc etc. also preconfigured eset firewall rules denying allmost all traffic and all traffic to a certain ip adres range that kept showing up in netstat before.
I disconnected all other drives except the to be installed harddrive.
I reflashed my mainboard bios starting with a cold boot just to be sure.
Again with a cold boot i started winsetup from official microsoft dvd and converted my disk to mbr and back to gpt, then a restart into winsetup and installed win7.
Patched it with sp1, installed eset avirus and firewall and rules, installed spybot plus teatime, mbam and ran scans with all the various tools i had on the usb stick.
When all came out clean i plugged in the lan cable to start patching via winupdate.
The first thing that happened when i went online was a svchost that tried to contact the specific ip adress i blocked in the preconfigured firewall rules from before.
So my conclusion was that apparantly this was maybe normal since i was quit sure to just have done a fresh and totally clean install, i mean i even went through the lengths to reset my router to factory defaults so as to let itself get reflashed with the ISP custom firmware.
Anyway during patching and updating drivers and stuff this particular ip address has been blocked from going in or out all the time and repeatedly being reported by eset firewall.
It popped up many times trying to connect from several of my machine's services to the outside adress.
I started to think it was a normal thing and was just thinking well since nothing shows up on full scans with eset, mbam,mbar, spybot, roguekiller, hitman, emergencyscanner, aswmbr, tdsskiller, i am probably good.
 
Just now i did a scan with minitool and saw something strange:
CodeIntegrity Errors:
===================================
  Date: 2013-12-21 18:14:48.973
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
So i decided to checkout the file sxs.dll on virustotal but then this struck me: the reported size by explorer window was different from the reported size in chrome's upload window.
The file came out clean, but with a different size than i saw being reported by explorer.
I copied the file from the sys32 folder to usb stick and compared and it had two different sizes and time date settings to the one i saw in sys32 folder.
I compared more files through chrome upload folder in sys32 dir and then saw that i was looking at a whole different directory with many different file sizes and some files and directories even missing.
I then copied the whole sys32 folder to a different drive and compared the two system32 folders and the one on my c drive is almost twice the size as the one i copied away...
Same goes for the syswow64 folder and prolly all of the systems folders, there seems to be some shadow filesystem that is invisible to the scanners.
I'm going to boot into safe mode now and see what the various tools can find, to be continued.


#7 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 22 December 2013 - 11:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517822 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#8 Lodder

Lodder
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 23 December 2013 - 10:44 AM

Update for my situation:

Did several new installs on my main pc and every time came out with strange symptoms like process explorer being replaced by normal taskmanager, a suddenly disabled windows defender and services i turned of being turned on again. Scans by mbam eset eek etc showed nothing.

I just now fresh installed the machine again, patched with winupdate (which got hijacked halfway and suddenly told me i needed to update winupdate for a 2nd time and since then suddenly had very few updates left to do, on the contrary as for what i saw before and what i know there should be as i install windows 7 frequently).

Installed Eset smart security, mbam.

I just ran a scan with mbar and it actually found PUM.Hijack.StartMenu, a breakthrough since it's the first time i actually find something with a scan so that's progress.

One other macine on my home network has been borked, it sudddenly gave a bsod stop 00000007b (harddisk)  and when i inspected it with diskpart it appears the system partition of 100mb that should be there is gone, so "they" bleeped up. But for now we work with the main system that i am writing from now.

Please tell me where to go from here.

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428
Run by slodder at 16:41:29 on 2013-12-23
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1043.18.8159.6483 [GMT 1:00]
.
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\slodder\Downloads\aswmbr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F31EDA94-5BE8-49FF-8B5D-D910073E2A2C} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-9-17 62136]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-23 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-23 701512]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-12-22 125416]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-12-22 385512]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-23 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-23 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-23 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-12-23 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-22 1255736]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2013-12-23 15:03:16 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-23 15:03:02 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-23 14:58:38 -------- d-----w- C:\Users\slodder\AppData\Roaming\Malwarebytes
2013-12-23 14:58:31 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-23 14:58:30 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-23 14:58:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-23 14:58:16 -------- d-----w- C:\Users\slodder\AppData\Local\Programs
2013-12-23 13:28:40 -------- d-----w- C:\Users\slodder\AppData\Roaming\SUPERAntiSpyware.com
2013-12-23 13:28:38 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-12-23 13:28:38 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-12-23 13:02:46 -------- d-----w- C:\Users\slodder\AppData\Roaming\ESET
2013-12-23 13:02:46 -------- d-----w- C:\Users\slodder\AppData\Local\ESET
2013-12-23 13:01:26 -------- d-----w- C:\Program Files\ESET
2013-12-23 12:17:23 -------- d-----w- C:\Windows\Migration
2013-12-23 12:12:29 -------- d-----w- C:\Users\slodder\AppData\Local\Google
2013-12-23 12:12:16 -------- d-----w- C:\Users\slodder\AppData\Local\Deployment
2013-12-23 12:12:16 -------- d-----w- C:\Users\slodder\AppData\Local\Apps
2013-12-23 01:32:44 -------- d-----w- C:\fw
2013-12-23 01:24:45 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-12-23 01:21:32 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-12-23 01:21:32 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-12-23 01:21:32 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-12-23 01:21:32 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-12-23 01:21:31 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-12-23 01:21:25 67072 ----a-w- C:\Windows\splwow64.exe
2013-12-23 01:21:25 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-12-23 01:16:54 -------- d-----w- C:\Windows\ShellNew
2013-12-22 05:36:54 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-22 05:36:54 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-22 05:36:54 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-22 05:36:54 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-22 05:19:55 -------- d-----w- C:\Windows\SysWow64\en
2013-12-22 05:19:55 -------- d-----w- C:\Windows\SysWow64\drivers\UMDF\en-US
2013-12-22 05:19:55 -------- d-----w- C:\Windows\SysWow64\drivers\en-US
2013-12-22 05:19:55 -------- d-----w- C:\Windows\SysWow64\0409
2013-12-22 05:19:54 -------- d-----w- C:\Windows\System32\en
2013-12-22 05:19:54 -------- d-----w- C:\Windows\System32\drivers\UMDF\en-US
2013-12-22 05:19:54 -------- d-----w- C:\Windows\System32\drivers\en-US
2013-12-22 05:19:54 -------- d-----w- C:\Windows\System32\0409
2013-12-22 05:17:34 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-12-22 05:16:54 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-12-22 05:12:57 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2013-12-22 05:12:57 -------- d-----w- C:\Windows\System32\wbem\en-US
2013-12-22 05:02:10 -------- d-----w- C:\Windows\System32\SPReview
2013-12-22 05:02:04 -------- d-----w- C:\Windows\System32\EventProviders
2013-12-22 04:58:59 905216 ----a-w- C:\Windows\SysWow64\mmsys.cpl
2013-12-22 04:45:57 -------- d-sh--w- C:\Windows\Installer
2013-12-22 04:38:46 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-12-22 04:38:46 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-12-22 04:38:46 2560 ----a-w- C:\Windows\System32\drivers\nl-NL\wdf01000.sys.mui
2013-12-22 04:38:07 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2013-12-22 04:37:12 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2013-12-22 04:37:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2013-12-22 04:37:12 2565632 ----a-w- C:\Windows\System32\esent.dll
2013-12-22 04:37:12 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2013-12-22 04:37:12 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2013-12-22 04:37:12 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2013-12-22 04:37:12 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2013-12-22 04:37:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2013-12-22 04:37:11 96768 ----a-w- C:\Windows\System32\fsutil.exe
2013-12-22 04:37:11 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2013-12-22 04:31:13 -------- d-----w- C:\Windows\SysWow64\Wat
2013-12-22 04:31:13 -------- d-----w- C:\Windows\System32\Wat
2013-12-22 04:26:28 125416 ----a-w- C:\Windows\System32\drivers\asmthub3.sys
2013-12-22 04:12:11 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-22 04:12:11 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66BF7325-179A-4969-8614-3DB6B129A943}\mpengine.dll
2013-12-22 04:10:23 385512 ----a-w- C:\Windows\System32\drivers\asmtxhci.sys
2013-12-22 04:09:25 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-12-22 04:09:25 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-12-22 04:09:25 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-12-22 04:09:25 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-12-22 04:09:25 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-12-22 04:09:25 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-12-22 04:09:25 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-12-22 04:07:30 -------- d-----w- C:\Windows\System32\MRT
2013-12-22 04:07:19 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-12-22 04:07:19 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-12-22 04:07:19 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-12-22 04:05:59 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2013-12-22 04:04:38 956928 ----a-w- C:\Windows\System32\localspl.dll
2013-12-22 04:04:38 39424 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\winprint.dll
2013-12-22 04:02:42 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-12-22 04:02:42 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-12-22 04:02:42 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-12-22 04:01:06 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-12-22 04:01:05 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-12-22 04:01:05 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-12-22 04:01:05 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-12-22 03:31:36 -------- d-----w- C:\Users\slodder\AppData\Local\Diagnostics
2013-12-22 03:21:05 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2013-12-22 02:40:01 -------- d-----w- C:\Windows\Panther
.
==================== Find3M  ====================
.
2013-12-22 05:03:48 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-12-22 05:03:48 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH: 16:41:42.09 ===============


#9 Lodder

Lodder
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 23 December 2013 - 10:46 AM

I am sorry but i cannot seem to find the upload function so i paste attach.txt here:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 22-Dec-13 03:57:39
System Uptime: 23-Dec-13 16:24:59 (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | P8P67-M PRO
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 73.811 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP15: 23-Dec-13 02:23:12 - Windows Update
RP16: 23-Dec-13 13:11:05 - Windows Update
RP17: 23-Dec-13 14:11:51 - Windows Update
RP18: 23-Dec-13 15:31:48 - Windows Update
.
==== Installed Programs ======================
.
ESET Smart Security
Google Chrome
Google Update Helper
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (Nederlands)
Microsoft .NET Framework 4.5.1 (NLD)
SUPERAntiSpyware
.
==== Event Viewer Messages From Past Week ========
.
23-Dec-13 14:43:45, Error: Service Control Manager [7023]  - The Superfetch service terminated with the following error:  The service has not been started.
23-Dec-13 14:09:46, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulatieve beveiligingsupdate voor Internet Explorer 10 voor Windows 7 Service Pack 1 voor x64-systemen (KB2898785).
23-Dec-13 14:01:27, Error: Service Control Manager [7030]  - The ESET Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
23-Dec-13 13:11:03, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2862330: Beveiligingsupdate voor Windows 7 voor x64-systemen.
23-Dec-13 13:11:03, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2647753: Update voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update voor framework voor stuurprogramma's in kernelmodus versie 1.11 voor Windows 7 voor op x64 gebaseerde systemen (KB2685811).
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update voor framework voor stuurprogramma's in gebruikersmodus versie 1.11 voor Windows 7 voor op x64 gebaseerde systemen (KB2685813).
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB982018: Update voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2913152: Update voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2904266: Update voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2893519: Update voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2868725: Beveiligingsupdate voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2868626: Beveiligingsupdate voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2868116: Update voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2852386: Update voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2836502: Update voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2813430: Beveiligingsupdate voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2808679: Update voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2773072: Update voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2758857: Beveiligingsupdate voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2750841: Update voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2732059: Update voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2726535: Update voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2592687: Update voor Windows 7 voor x64-systemen.
23-Dec-13 13:10:42, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: KB2574819: Update voor Windows 7 voor x64-systemen.
23-Dec-13 13:07:47, Error: volmgr [46]  - Crash dump initialization failed!
23-Dec-13 02:30:57, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
23-Dec-13 02:30:57, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
23-Dec-13 02:30:56, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
23-Dec-13 02:30:56, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
23-Dec-13 02:30:55, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
23-Dec-13 02:30:50, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
23-Dec-13 02:30:31, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache spldr Wanarpv6
22-Dec-13 16:56:30, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
22-Dec-13 16:51:27, Error: Microsoft-Windows-DistributedCOM [10016]  - The toepassingsspecifiek permission settings do not grant Lokaal Starten permission for the COM Server application with CLSID  {1BE1F766-5536-11D1-B726-00C04FB926AF}  and APPID  {1BE1F766-5536-11D1-B726-00C04FB926AF}  to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (via LRPC). This security permission can be modified using the Component Services administrative tool.
22-Dec-13 16:49:38, Error: Service Control Manager [7023]  - The System Event Notification Service service terminated with the following error:  Overlapped I/O operation is in progress.
22-Dec-13 15:06:00, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000101 (0x0000000000000031, 0x0000000000000000, 0xfffff88002fd7180, 0x0000000000000003). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122213-3307-01.
22-Dec-13 14:47:00, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
22-Dec-13 06:41:01, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: KB2898785: Cumulatieve beveiligingsupdate voor Internet Explorer 9 voor Windows 7 voor x64-systemen.
22-Dec-13 06:40:12, Error: Microsoft-Windows-Directory-Services-SAM [12291]  - SAM failed to start the TCP/IP or SPX/IPX listening thread
22-Dec-13 06:39:19, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: KB2798162: Update voor Windows 7 voor x64-systemen.
22-Dec-13 06:39:19, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2891804: Update voor Windows 7 voor x64-systemen.
22-Dec-13 06:39:19, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2864058: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 06:39:19, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2862966: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 06:39:19, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2763523: Update voor Windows 7 voor x64-systemen.
22-Dec-13 06:39:19, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: Beveiligingsupdate voor Microsoft .NET Framework 3.5.1 op Windows 7 en Windows Server 2008 R2 SP1 voor x64-systemen (KB2789645).
22-Dec-13 06:39:19, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: Beveiligingsupdate voor Microsoft .NET Framework 3.5.1 op Windows 7 en Windows Server 2008 R2 SP1 voor x64-systemen (KB2756921).
22-Dec-13 06:33:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: KB2868626: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 06:33:04, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: KB2904266: Update voor Windows 7 voor x64-systemen.
22-Dec-13 06:27:15, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: KB2893519: Update voor Windows 7 voor x64-systemen.
22-Dec-13 06:26:09, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: KB2868725: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 06:26:04, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: KB2592687: Update voor Windows 7 voor x64-systemen.
22-Dec-13 06:25:21, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: KB2574819: Update voor Windows 7 voor x64-systemen.
22-Dec-13 06:24:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: KB2750841: Update voor Windows 7 voor x64-systemen.
22-Dec-13 06:24:17, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: KB2732059: Update voor Windows 7 voor x64-systemen.
22-Dec-13 06:21:43, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: KB2868116: Update voor Windows 7 voor x64-systemen.
22-Dec-13 06:20:44, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: KB2808679: Update voor Windows 7 voor x64-systemen.
22-Dec-13 06:20:36, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: KB982018: Update voor Windows 7 voor x64-systemen.
22-Dec-13 06:20:36, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: KB2813430: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 06:20:26, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: KB2852386: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:48:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:52, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB982018: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update voor framework voor stuurprogramma's in kernelmodus versie 1.11 voor Windows 7 voor op x64 gebaseerde systemen (KB2685811).
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB982799: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB982665: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB982526: Update voor Microsoft .NET Framework 3.5 SP1 voor Windows 7 en Windows Server 2008 R2 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB982132: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB979688: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB979687: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB979482: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB979309: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB979099: Update voor Rights Management Services Client voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB978542: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB977074: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB976002: Update van Microsoft voor een browserkeuzescherm voor gebruikers van Windows 7 voor x64-systemen in de Europese Economische Ruimte (EER)..
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB975560: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB975467: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB974431: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB972270: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2840149: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2813347: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2808735: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2790655: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2790113: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2789644: Beveiligingsupdate voor Microsoft .NET Framework 3.5.1 op Windows 7 en Windows Server 2008 R2 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2786400: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2773072: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2770660: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2757638: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2756920: Beveiligingsupdate voor Microsoft .NET Framework 3.5.1 op Windows 7 en Windows Server 2008 R2 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2748349: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2741355: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2736418: Beveiligingsupdate voor Microsoft .NET Framework 3.5.1 op Windows 7 en Windows Server 2008 R2 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2732487: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2729451: Beveiligingsupdate voor Microsoft .NET Framework 3.5.1 op Windows 7 en Windows Server 2008 R2 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2718704: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2685939: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2676562: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2667402: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2660075: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2658846: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2656410: Beveiligingsupdate voor Microsoft .NET Framework 3.5.1 op Windows 7 en Windows Server 2008 R2 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2655992: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2640148: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2631813: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2618451: Cumulatieve beveiligingsupdate voor ActiveX Killbits voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2604114: Beveiligingsupdate voor Microsoft .NET Framework 3.5.1 op Windows 7 en Windows Server 2008 R2 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2603229: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2585542: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2579686: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2570947: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2563227: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2547666: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2545698: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2541014: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2536276: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2535512: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2532531: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2529073: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2522422: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2509553: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2506212: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2488113: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2484033: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2479943: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2467023: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2454826: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2393802: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2387530: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2347290: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2305420: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2296011: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2284742: Cumulatieve update voor Media Center voor Windows 7 x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2281679: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:45:27, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80071a2d: KB2032276: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:44:41, Error: Service Control Manager [7023]  - 
22-Dec-13 05:34:26, Error: Service Control Manager [7001]  - The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
22-Dec-13 05:30:44, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
22-Dec-13 05:28:21, Error: Service Control Manager [7001]  - The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB982132: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB979688: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB979687: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB979482: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB979309: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB979099: Update voor Rights Management Services Client voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB978542: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB975467: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB974431: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB972270: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2840149: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2813347: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2808735: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2789644: Beveiligingsupdate voor Microsoft .NET Framework 3.5.1 op Windows 7 en Windows Server 2008 R2 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2729451: Beveiligingsupdate voor Microsoft .NET Framework 3.5.1 op Windows 7 en Windows Server 2008 R2 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2718704: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2660075: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2658846: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2656410: Beveiligingsupdate voor Microsoft .NET Framework 3.5.1 op Windows 7 en Windows Server 2008 R2 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2640148: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2631813: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2618451: Cumulatieve beveiligingsupdate voor ActiveX Killbits voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2604114: Beveiligingsupdate voor Microsoft .NET Framework 3.5.1 op Windows 7 en Windows Server 2008 R2 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2585542: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2563227: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2547666: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2536276: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2535512: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2533552: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2479943: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2387530: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2305420: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:08, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2284742: Cumulatieve update voor Media Center voor Windows 7 x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update voor framework voor stuurprogramma's in kernelmodus versie 1.11 voor Windows 7 voor op x64 gebaseerde systemen (KB2685811).
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB982799: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB982665: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB982526: Update voor Microsoft .NET Framework 3.5 SP1 voor Windows 7 en Windows Server 2008 R2 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB977074: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB976002: Update van Microsoft voor een browserkeuzescherm voor gebruikers van Windows 7 voor x64-systemen in de Europese Economische Ruimte (EER)..
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB975560: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2790655: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2790113: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2786400: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2773072: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2770660: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2758857: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2757638: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2756920: Beveiligingsupdate voor Microsoft .NET Framework 3.5.1 op Windows 7 en Windows Server 2008 R2 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2748349: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2741355: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2736418: Beveiligingsupdate voor Microsoft .NET Framework 3.5.1 op Windows 7 en Windows Server 2008 R2 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2685939: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2676562: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2667402: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2655992: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2603229: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2579686: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2570947: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2545698: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2541014: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2522422: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2509553: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2506212: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2488113: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2484033: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2467023: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2454826: Update voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2393802: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2347290: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2296011: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2281679: Beveiligingsupdate voor Windows 7 voor x64-systemen.
22-Dec-13 05:27:07, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0902: KB2032276: Beveiligingsupdate voor Windows 7 voor x64-systemen.
.
==== End Of File ===========================


#10 Lodder

Lodder
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 27 December 2013 - 10:54 PM

Well here another update, if you care to read!
I reinstalled win7 again, this time i deinstalled alot of bloat like mediacenter and other stuff since i suspected it being exploited looking at network traffic from installations i did before and where i could see lots of fishy stuff going on like ownership of system files being changed and alot of other activity in the event log that was not done by me when i let the system on during xmas unattended, sort of as a honeypot.
Before going online to run winupdate I disabled all non mandatory services as listed on black viper's site as to leave as least possible ways to attack the system, and configured the network adapter manually with static ip and gateway and dns servers, also disabled ipv6, client for ms networks, file and printer sharing and netbios. Disabled the server service as well, all this resulting in no active UDP ports at all and a very few open tcp ports (eset firewall packet inspection before tole me that my system was sending invalid udp packets to the home network).
Then i removed all the pre configured allow rules in win firewall.
Also made very sure no other systems were active on my home network, except for my iphone, and to have nothing connect with the system at all, like usb drives or the like.
I flashed the mainboard bios with new image with a cold boot from a cd and cleared rtc.
Installed win7 from original MS dvd on the ssd which i before that cleanst with diskpart using cold boots inbetween.
Running winupdate this time showed different servers looking at netstat, actually servers that were resolvable and not some unknown ip address like before, so that looked good, except maybe for the fact that the very first update i ran took about 2 minutes before it actually started downloading.
For the rest all went smooth untill sp1 update, it finished really fast and i saw no connections being made at all looking at netstat.
On the required restart it did put me through 3 restarts as usual though so maybe i am just paranoid by now and it was already pre downloaded.
Then after iexplore 10 update i got a prompt to install new windows updater again, the same one as is required at the very start of running winupdate, i found this odd but it gave me no other option so i proceeded.
Then the round of updates after that my keyboard and mouse did not come up on the welcome screen, so i reset the comp.
The next boot they worked again, but only after a long delay going on and off on the welcome screen.
Had a look at eventlog and noticed usb drivers were updated but this did not happen the times before i installed the system this week so i remained suspicious and did a system restore to before the iexplore 10 update round.
This rendered the system unusable as when the usb drivers were loaded just before the welcome screen the system crashed and rebooted.
Tried a repair and nothing to repair was found.
Then i remembered what usb drivers were updated and booted from win7 dvd and copied the original ones over to the system.
This worked, the system would run again and i decided to try restore to an earlier point with system restore, but from that point system restore would in the end tell me the restore did not succeed, while for what i could see it actually did restore the usb drivers to a version inbetween the original drivers from the dvd and the latest ones that started the trouble.
Winupdate was telling me it would go on with iexplore 11 though, so apparantly the restore didn't work properly indeed.
I used system restore once more to undo the initial restore since it provided that option, and went back to the newest restore point and that seemed to go well, the problems with the usb drivers this time did not come up and while looking at the drivers they were indeed the latest ones installed, the ones that gave problems before.
So now i ran winupdate once again, for finalizing the updates but it required me to update the update service again... odd...
So i did, ran some more updates and after two rounds of rebooting it would tell me to run an update on winupdate service itself AGAIN (that's three times total, the same update, with the same name and version number...).
This went fine BUT then i ran awsmbr, it gave me initializing error 1 and would scan within 2 seconds and tell me all is fine...
I ran gmer and it told me windows\system32\config\system was in use by another process right at start in a pop up box and would crash once i ran it.
Then i ran mcafee antiroot and it would tell me all is fine within 2-3 seconds... I ran catch me and it told me it cannot find c:\...
I ran tdsskiller and it would run fine giving green light and same for sophos, mbar and hitman pro, windows defender.
Still i am not even close to convinced the system is clean considering the problems with gmer, mcafee and catchme.
And ofcourse it's the time of the year you lot at bleeping are spending more time away from work, so yeah, i guess i'll go for another reinstall.
I am beginning to suspect my mainboard bios somehow is infected in a way that cannot be cleared by reflashing and resetting rtc though.
Or i am just paranoid by now and my system actually is clean, as i am told by scans from various tools.
Just gmer and aswmbr and catchme keep me suspicious.
Merry days inbetween xmas and new year to you!


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:47 AM

Posted 03 January 2014 - 07:40 AM

Hello and my apologies for the delay. My name is Elise and I'll assist you with this issue.

 

None of what you describe sounds suspicious to be honest. It would be helpful if you could tell me what IP address you blocked in the firewall rules.

There are any number of reasons tools like aswmbr can crash, rootkit scanners are notoriously unstable, just because of the fact that they scan the computer's kernel.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Lodder

Lodder
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 03 January 2014 - 10:08 AM

Hi there Elise,

 

Bit late the reply indeed but timely in a sort of way as well since i just finished setting up my main system from scratch again, and would like your opinion.

I have 3 systems running here, 2 modern pc's and an older laptop, all running windows 7.

Thing is now only my main system to me still gives suspicious results when running checks with gmer, catchme and aswmbr just now.

Gmer starts with a popup box telling me it cannot access C:\Windows\System32\config\system because it is in use by another process and crashes when run.

Aswmbr starts with red line "Initialze error 1 Incorrect function" (note the misspelling) and doesn't scan after that, though does state scan finished successfully quickly.

Catchme gives "disk not found C:\ please note that you need administrator rights to perform deep scan" while i run it as admin.

These programs will run fine on my other 2 systems with no errors, and this system is the newest, if that matters for compatibility or anything.

And the system is squeky clean and crisp, only things run on it so far are nod32 offline install, sp1 offline install, winupdates and just now chrome.

It just bothers me all these tools report problems and this keeps me suspicious something fishy is ongoing.


#13 Lodder

Lodder
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 03 January 2014 - 10:59 AM

Saw i did not answer your question: after several reinstalls and a bios flash update these ip addresses did not show up anymore on netstat after booting on later win7 installs i did.

They were somewhere in the range of 62.58.34.x, which also holds some winupdate addresses.

I wanted to be sure if it was indeed winupdate (as netstat -b did not specify wuauserv for the service or program related to the connection but instead gave no output, as in unknown) and asked MS for a list of the ip addresses used by winupdate to whitelist on the firewall but they only were able to give me a list of hostnames for security reasons.

So i did a reverse lookup for all the hostnames and the ip addresses i noted before as strange on startup were not among them.

Also noted the ip addresses i saw connections being made to by running winupdate and they were not among them, winupdate would use like 62.58.34.9/11/18 and the addresses i had seen before were somewhere 62.58.34.4x/6x.

Anyhow this seems no matter anymore, as there are no unknown time_wait connections port 0 listed anymore at startup on the system.

This cannot be anyway since after reading a bit more into hardening windows 7 my windows firewall is set up to deny all in and out by default and i made specific allow rules for things that need to connect out like dns, winupdate, avirus, browser etc.

The thing bothering me as mentioned above is the fact that offline anti root kit tools will not run.



#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:47 AM

Posted 03 January 2014 - 11:57 AM

Rootkit scanners are really notoriously unstable, what you mention is nothing to worry about, I've seen this behavior on a number of clean systems. Likely caused by incompatible/conflicting hardware drivers (conflicting with the rootkit drivers).

Lets try the following rootkit scan instead.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Lodder

Lodder
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 03 January 2014 - 12:32 PM

TDSS will run (as before on previous install) but for what i read this tool is tailored for a few specific known rootkits and is not as "smart" as for instance gmer detecting oddities? Anyways here the result of a scan with all options on.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users