Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer crashing with DCOM error / random audio ads playing


  • This topic is locked This topic is locked
4 replies to this topic

#1 drowned

drowned

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 03 January 2014 - 10:06 PM

I'm starting a new thread as directed in this one:

http://www.bleepingcomputer.com/forums/t/519555/ads-randomly-playing-in-background/

 

 

Basically, every time I start my computer, I get random ads playing in the background and a new volume slider appears in the mixer ("Name Not Available").  In addition to this, my computer is constantly crashing immediately after displaying the following error message:  "windows must now restart because the dcom server process launcher service terminated unexpectedly"

 

My dds.txt log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.17006  BrowserJavaVersion: 10.5.1
Run by drowned at 21:52:17 on 2014-01-03
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.12279.8607 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech Gaming Software\LCore.exe
E:\Steam\Steam.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Windows\LOGI_MWX.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Users\drowned\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\drowned\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\drowned\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\drowned\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\drowned\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\drowned\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\drowned\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\SndVol.exe
C:\Windows\system32\taskhost.exe
E:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
E:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.196\deploy\LoLLauncher.exe
E:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.65\deploy\LolClient.exe
C:\Users\drowned\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\drowned\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\drowned\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\drowned\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\drowned\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\drowned\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [Steam] "E:\Steam\steam.exe" -silent
uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
mRun: [Logitech Utility] LOGI_MWX.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{179F64F8-E9C9-45E8-8089-465F59E15A8B} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3EEB8EEC-D51F-46E8-A800-9C97C0E61294} : DHCPNameServer = 7.254.254.254
TCP: Interfaces\{A29A54A9-9B95-4BF0-A559-FD07677F10D5} : DHCPNameServer = 192.168.2.1 4.2.2.2 4.2.2.3
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\drowned\AppData\Roaming\Mozilla\Firefox\Profiles\kbyshuoq.default\
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2009-12-25 297512]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-4-29 254528]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-7-2 21992]
R2 LBeepKE;Logitech Beep Suppression Driver;C:\Windows\System32\drivers\LBeepKE.sys [2013-11-25 12568]
R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-7-8 815704]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248]
R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2010-8-24 444976]
R2 vmware-converter-server;VMware vCenter Converter Standalone Server;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2010-8-24 444976]
R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2010-8-24 444976]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;C:\Windows\System32\drivers\LGSUsbFilt.sys [2013-5-30 41752]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 ScpVBus;Scp Virtual Bus Driver;C:\Windows\System32\drivers\ScpVBus.sys [2013-9-16 39168]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-10-4 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2011-2-9 1847296]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-9-16 97040]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-10-4 759192]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2011-2-17 45616]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-7 1255736]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-10-31 2756944]
S4 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-01-04 01:57:07 117464 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-01-04 01:56:52 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-04 01:38:00 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-04 01:38:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-04 01:29:54 509440 ----a-w- C:\Windows\SysWow64\rpcss.dll
2014-01-04 00:57:36 117464 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys.bak
2014-01-04 00:57:35 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys.bak
2014-01-04 00:50:24 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-04 00:24:31 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-03 23:58:06 -------- d-----w- C:\Program Files (x86)\ESET
2014-01-03 23:22:02 -------- d-----w- C:\AdwCleaner
.
==================== Find3M  ====================
.
2013-12-30 01:39:34 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
.
============= FINISH: 21:52:28.03 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 drowned

drowned
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 05 January 2014 - 12:11 AM

Couldn't wait any longer.  I have solved the problem; the program which finally got rid of this virus is Farbar Recovery Scan Tool.  I stumbled onto this by closely following other threads where people have the same issues as I had.  The commonality seems to be that there were five randomly named files in my C:\Windows\System32 directory which I couldn't remove.  FRST managed to take care of them.

 

Thanks to everyone on the forum for their efforts, this was a tough one.



#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:01 PM

Posted 08 January 2014 - 08:40 PM

Hi,

 

Sorry for the delay.  Glad you resolved the problem.  There is also a patched file we need to replace.  If you'd like me to help with this and ensure you're clean, please just reply here in the next few days and I'll respond with instructions.

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:01 PM

Posted 11 January 2014 - 06:38 AM

Hi, do you still need help?  This thread will be closed in 2 days if there is no reply.



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:01 PM

Posted 14 January 2014 - 05:04 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users