Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DCOM Error on Windows 7 Ultimate


  • This topic is locked This topic is locked
36 replies to this topic

#1 PBnJ

PBnJ

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 06 January 2014 - 08:37 PM

This conitnued from the thread here: http://www.bleepingcomputer.com/forums/t/519923/dcom-error-on-windows-7-ultimate/

I was told to post this log because my DCOM errors are being caused by a new worm going around called: rpcss.dll


here is the log I was told to post:

----------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.45.2
Run by Funk at 19:34:26 on 2014-01-06
Microsoft Windows 7 Ultimate   6.1.7601.1.932.81.1033.18.4058.1862 [GMT -6:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Users\Funk\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=293224&fr=spigot-yhp-ie
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [F.lux] "C:\Users\Funk\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Funk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{25F52E68-949B-4E3B-938A-5AFA51F1CEDD} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{25F52E68-949B-4E3B-938A-5AFA51F1CEDD}\2375942554937393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{83D8A0DF-1025-48AC-931D-D7E233B672BA} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{C0E38292-DCC3-4D39-B124-9A8BD66F18F3} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CB24ABE0-F90E-4204-AA4D-836A3B2F71C2} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CB24ABE0-F90E-4204-AA4D-836A3B2F71C2}\2375942554839393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CB24ABE0-F90E-4204-AA4D-836A3B2F71C2}\2375942554939383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CB24ABE0-F90E-4204-AA4D-836A3B2F71C2}\E45445745414257383 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{D619E684-EDAA-4885-87C5-55CB8E15D323} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Funk\AppData\Roaming\Mozilla\Firefox\Profiles\b2l3jub8.default\
FF - prefs.js: browser.startup.homepage - hxxp://i.imgur.com/5UfmYOe.gif
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Funk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-1-4 19264]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-1-4 21616]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-28 28600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-1-4 440376]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-1-4 440376]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-28 108440]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-1-4 165144]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-5 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-5 701512]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2013-4-7 232192]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-2-2 3467768]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-1-4 363800]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-1-4 27760]
R2 WlanWpsSvc;WlanWpsSvc;C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [2013-6-18 167936]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-1-4 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-1-4 789824]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-1-4 104560]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-5 25928]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\System32\drivers\RTL8192su.sys [2013-6-18 664576]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-1-4 2196592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 RTL8192cu;NETGEAR WNA1000M N150 Wireless USB Micro Adapter;C:\Windows\System32\drivers\WNA1000M.sys [2011-1-31 855144]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
.
=============== Created Last 30 ================
.
2014-01-06 06:14:40    --------    d-----w-    C:\Users\Funk\AppData\Roaming\DevPro
2014-01-06 06:13:05    --------    d-----w-    C:\Users\Funk\AppData\Roaming\DevPro, LLC
2014-01-06 04:42:32    --------    d-----w-    C:\Users\Funk\AppData\Roaming\Malwarebytes
2014-01-06 04:41:50    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-01-06 04:41:49    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-01-06 04:41:49    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-29 22:58:51    --------    d-----w-    C:\Program Files (x86)\Microsoft XNA
2013-12-19 00:16:49    --------    d-----w-    C:\Users\Funk\AppData\Local\CrashRpt
2013-12-19 00:15:56    --------    d-----w-    C:\ProgramData\Package Cache
2013-12-12 01:21:06    --------    d-----w-    C:\Users\Funk\AppData\Roaming\Image-Line
2013-12-12 01:21:05    --------    d-----w-    C:\Program Files\Image-Line
2013-12-12 01:20:53    --------    d-----w-    C:\Users\Funk\AppData\Roaming\FlowStone
2013-12-12 01:20:53    --------    d-----w-    C:\Program Files (x86)\DSPRobotics
2013-12-12 01:16:02    --------    d-----w-    C:\Program Files (x86)\Image-Line
.
==================== Find3M  ====================
.
2014-01-07 01:24:25    21891584    ----a-w-    C:\Windows\System32\imageres.dll
2013-12-18 18:19:34    84720    ----a-w-    C:\Windows\System32\drivers\avnetflt.sys
2013-12-18 18:19:34    108440    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2013-12-11 03:37:53    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 03:37:53    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-19 15:21:04    28600    ----a-w-    C:\Windows\System32\drivers\avkmgr.sys
2013-01-19 11:19:01    59392    ----a-w-    C:\Program Files (x86)\WhiteDay - Start.exe
2013-01-14 19:53:26    17920    ----a-w-    C:\Program Files (x86)\alm.exe
2013-01-06 00:38:31    21504    ----a-w-    C:\Program Files (x86)\wdem.exe
2012-08-13 08:58:22    473600    ----a-w-    C:\Program Files (x86)\setup.exe
2012-08-13 08:58:22    3162112    ----a-w-    C:\Program Files (x86)\openofficeorg341.msi
2012-06-05 10:47:57    716800    ----a-w-    C:\Program Files (x86)\Launcher.dll
2012-06-05 10:47:36    225280    ----a-w-    C:\Program Files (x86)\skinpreview.exe
2012-06-05 10:47:34    349696    ----a-w-    C:\Program Files (x86)\Mss32.dll
2012-06-05 10:47:02    90112    ----a-w-    C:\Program Files (x86)\wangreal.dll
2012-06-05 10:47:02    69632    ----a-w-    C:\Program Files (x86)\whiteday.exe
2012-06-05 10:47:02    53248    ----a-w-    C:\Program Files (x86)\wangdx7.dll
2012-03-15 21:43:00    1645276    ----a-w-    C:\Program Files (x86)\applocale.exe
2004-12-11 19:33:44    1163264    ----a-w-    C:\Program Files (x86)\WhiteDay_p4.dll
2004-12-11 19:31:48    1179648    ----a-w-    C:\Program Files (x86)\WhiteDay.dll
2000-09-16 00:51:56    372736    ----a-w-    C:\Program Files (x86)\ijl15.dll
.
============= FINISH: 19:35:02.16 ===============
 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,373 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:01 PM

Posted 06 January 2014 - 09:01 PM

Greetings PBnJ and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
rpcss.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 PBnJ

PBnJ
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 06 January 2014 - 09:06 PM

Thank you very much for your reply, I am really am not expecting such quick service.

This is the log based on the instructions you gave me:

---------------------------

SystemLook 30.07.11 by jpshortstuff
Log created at 20:04 on 06/01/2014 by Funk
Administrator - Elevation successful

========== filefind ==========

Searching for "rpcss.dll"
C:\Windows\System32\rpcss.dll    --a---- 512512 bytes    [03:24 21/11/2010]    [03:24 21/11/2010] ECC6345793AE7105BA9EFB5AC3C92157
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll    --a---- 512000 bytes    [03:24 21/11/2010]    [03:24 21/11/2010] 5C627D1B1138676C0A7AB2C2C190D123

-= EOF =-



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,373 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:01 PM

Posted 06 January 2014 - 09:10 PM

Our pleasure to help. Consider yourself spoiled (this one time only!) :)

Now please run this for me.

===================================================

Blitzblank

--------------------

Blitzblank is a powerful tool and care must be taken to follow the steps carefully. Please note the warning you will receive when the program is launched.
  • Download Blitzblank and save it to your Desktop <<< Important
  • Double click the icon
  • Click OK on the warning screen
  • Click the Script tab
  • Copy and paste the following inside the script window
CopyFile:
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
  • Click Execute Now
  • Click OK on the warning window
  • Click OK on the System reboot window
  • You will see a black screen with writing on it indicating the actions being taken
  • Locate C:\blitzblank.txt and copy and paste the contents of that document in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Blitzblank log
  • How is your computer running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 PBnJ

PBnJ
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 06 January 2014 - 09:19 PM

Ok so I followed your instructions exactly and here is what I found:

-------------------------------

I found the three following files in my C: folder (these are new files that appeared, nothing got deleted XD)

blitzbank.txt
csb.txt
msdia80.dll

this is the contents of the blitzbank.txt:


BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll", destinationFile = "\??\c:\windows\system32\rpcss.dll"

My pc is also running fine, the real test will be to start playing a game and see what happens...



 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,373 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:01 PM

Posted 06 January 2014 - 09:21 PM

Go ahead and test it for a bit and post back. I would like to do a little follow up to make sure your computer is all clean.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 PBnJ

PBnJ
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 06 January 2014 - 09:26 PM

Thank you for taking the time to help me. However, I want to bring to your attention that problems would not arise until maybe 3 to 4 hours after turning my computer on and playing a game.  I may not respond within a timely matter for this site.  Feel free to just keep this thread bookmarked or something and I will be sure to reply within 6 to 7 hours if no problems arise just to check in with you.  Hopefully that means that the problem is fixed!



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,373 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:01 PM

Posted 06 January 2014 - 09:45 PM

How about we just plan on touching base tomorrow some time. If things are running well I would still like you to do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Things still running well?
  • ESET log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 PBnJ

PBnJ
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 07 January 2014 - 03:45 PM

Ok so I used my pc for about 8 hours and there was not any sign of computer having a problem.  Sadly thought the CNET program you gave was from a broken link and would not work, so I scanned with my other virus protection softwares again (MBAM, and AVIRA).  Nothing came up.

I cleared my cookies and changed my passwords in response to this.  However, assuming the problem is fixed, is it possible if you could tell me exactly what you fixed on my computer?  I would really like to understand what exactly might of been wrong with my pc.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,373 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:01 PM

Posted 07 January 2014 - 04:03 PM

Malicious software "patched" the rpcss.dll file causing bad stuff to run on your computer rather than the legitimate file.

The ESET link provided works fine on my end. Please try it again, or right click and select Save Link As... to see if you can download the file.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,373 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:01 PM

Posted 08 January 2014 - 09:28 AM

Greetings,

How did you do? You may not get any results in selecting Save As then launching the web page that way.

My concern is that it is possible something is preventing you from running the program. Are you having any additional issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 PBnJ

PBnJ
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 08 January 2014 - 03:32 PM

Sorry for the late response, I've been trying to make the link work by checking on it every hour that I'm not at work/sleeping. It finally worked and I am going to run the program now.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,373 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:01 PM

Posted 08 January 2014 - 04:35 PM

OK, thanks. Let me know if you experience any other irregularities.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 PBnJ

PBnJ
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:01 PM

Posted 08 January 2014 - 05:15 PM

Ok so I finished the scan, it says there are no infections:

0 infected files
0 cleaned files

I could not find a log file, I'll just leave it open until you tell me what to do with it.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,373 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:01 PM

Posted 08 January 2014 - 05:18 PM

No log if nothing found.

Does everything still seem to be working well?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users