Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Plug & DCON Error.


  • This topic is locked This topic is locked
11 replies to this topic

#1 YunqMark

YunqMark

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 12 January 2014 - 02:09 AM

Hi, This problem really starting to get annoying and I really don't feel like reinstalling windows, like 40 mins in my computer a error pops up saying "windows must restart due plug & play & DCON service terminated"  it's the most annoying thing on computer I really irrated with it, please help me get rid of this virus. I refuse re-installing windows.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.45.2
Run by CaliTreez at 23:12:51 on 2014-01-11
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8141.6493 [GMT -8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\CaliTreez\AppData\Local\Skillbrains\lightshot\4.4.2.10\LightShot.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - 
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [LightShot] C:\Users\CaliTreez\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{0AC4D820-EDA2-4AFE-9B04-6082F7A3E699} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{C4897BFE-71A9-42DA-97CA-04138A09B896} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Torntv V7.0: {11111111-1111-1111-1111-110411901140} - 
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-30 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-30 15129376]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-7 5316448]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-30 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-17 708200]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2012-7-31 38992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-9-10 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-20 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-20 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-20 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== Created Last 30 ================
.
2014-01-09 06:06:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-01-09 02:51:43 -------- d-----w- C:\Users\CaliTreez\.android
2014-01-09 02:51:41 -------- d-----w- C:\Users\CaliTreez\AppData\Local\cache
2014-01-09 02:51:40 -------- d-----w- C:\Users\CaliTreez\AppData\Local\Mobogenie
2014-01-09 02:51:40 -------- d-----w- C:\Users\CaliTreez\AppData\Local\genienext
2014-01-09 02:50:07 -------- d-----w- C:\Program Files (x86)\TornTV.com
2014-01-09 02:40:30 -------- d-----w- C:\Program Files (x86)\Intelore
2014-01-05 06:44:18 -------- d-----w- C:\Users\CaliTreez\AppData\Roaming\Malwarebytes
2014-01-05 06:44:11 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-05 06:44:11 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-05 06:44:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-31 03:28:51 -------- d-----w- C:\Users\CaliTreez\AppData\Local\NVIDIA Corporation
2013-12-31 03:28:20 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2013-12-31 03:28:20 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2013-12-31 03:28:19 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2013-12-31 03:28:19 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2013-12-31 03:28:16 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2013-12-31 03:28:16 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2013-12-31 03:27:53 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-12-31 03:27:53 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-12-31 03:27:28 -------- d-----w- C:\Users\CaliTreez\AppData\Local\NVIDIA
2013-12-31 03:27:09 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-12-31 03:27:09 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-12-31 03:27:09 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-12-30 07:20:36 -------- d-----w- C:\ProgramData\Freemake
2013-12-29 20:12:05 439296 ----a-w- C:\Windows\System32\AdpeakProxy64.dll
2013-12-29 04:15:09 -------- d-----w- C:\Users\CaliTreez\AppData\Local\visi_coupon
2013-12-28 23:37:21 -------- d-----w- C:\Users\CaliTreez\AppData\Local\Torch
2013-12-28 23:37:21 -------- d-----w- C:\Users\CaliTreez\AppData\Local\Comodo
2013-12-28 23:32:39 -------- d-----w- C:\temp
2013-12-28 23:32:35 -------- d-----w- C:\Program Files\Level Quality Watcher
2013-12-28 23:31:56 -------- d-----w- C:\Users\CaliTreez\AppData\Roaming\ExpressFiles
2013-12-28 20:08:46 -------- d-----w- C:\ProgramData\Win sys filter
2013-12-28 07:25:54 -------- d-----w- C:\Users\CaliTreez\AppData\Local\Skillbrains
2013-12-26 03:44:56 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2013-12-25 04:27:40 -------- d-----w- C:\Users\CaliTreez\AppData\Local\LogMeIn
2013-12-25 04:27:40 -------- d-----w- C:\ProgramData\LogMeIn
.
==================== Find3M  ====================
.
2014-01-08 02:31:08 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-01-08 02:29:48 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
.
============= FINISH: 23:13:31.81 ===============

Edited by YunqMark, 12 January 2014 - 02:16 AM.


BC AdBot (Login to Remove)

 


#2 YunqMark

YunqMark
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 14 January 2014 - 08:26 PM

Bump.



#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:30 PM

Posted 16 January 2014 - 08:03 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Also

  • Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi


cXfZ4wS.png


#4 YunqMark

YunqMark
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 16 January 2014 - 06:30 PM

Thanks for the reply.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 03
Ran by Marcus (administrator) on CALITREEZ-PC on 16-01-2014 15:26:00
Running from C:\Users\Marcus\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
 
==================== Internet (Whitelisted) ====================
 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Torntv V7.0 - {11111111-1111-1111-1111-110411901140} - C:\Program Files (x86)\Torntv V7.0\Torntv V7.0-bho64.dll No File
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2014-01-13]
CHR Extension: (Google Drive) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2014-01-13]
CHR Extension: (YouTube) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2014-01-13]
CHR Extension: (Google Search) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2014-01-13]
CHR Extension: (Skype Click to Call) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0 [2014-01-13]
CHR Extension: (Google Wallet) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2014-01-13]
CHR Extension: (Gmail) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2014-01-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
==================== Services (Whitelisted) =================
 
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-16 15:26 - 2014-01-16 15:26 - 00007212 _____ C:\Users\Marcus\Downloads\FRST.txt
2014-01-16 15:25 - 2014-01-16 15:25 - 02076160 _____ (Farbar) C:\Users\Marcus\Downloads\FRST64.exe
2014-01-16 15:25 - 2014-01-16 15:25 - 00000000 ____D C:\FRST
2014-01-16 07:21 - 2014-01-16 07:21 - 00000000 ____D C:\Users\Marcus\AppData\Local\Apple
2014-01-16 07:19 - 2014-01-16 07:20 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-14 20:04 - 2014-01-14 20:04 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Screaming Bee
2014-01-14 17:37 - 2014-01-14 17:37 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Marcus\Downloads\mbar-1.07.0.1008.exe
2014-01-14 17:37 - 2014-01-14 17:37 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Marcus\Desktop\mbar-1.07.0.1008.exe
2014-01-14 17:31 - 2014-01-14 17:31 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Marcus\Downloads\tdsskiller.exe
2014-01-14 17:08 - 2014-01-14 17:08 - 00622592 _____ (Ph1012.com) C:\Users\Marcus\Downloads\SA-MultiHack.exe
2014-01-14 17:02 - 2014-01-14 17:02 - 00663027 _____ C:\Users\Marcus\Downloads\Awesome IFP v2.rar
2014-01-14 16:57 - 2014-01-16 07:23 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Apple Computer
2014-01-14 16:57 - 2014-01-14 16:57 - 00000000 ____D C:\Users\Marcus\AppData\Local\Apple Computer
2014-01-14 16:27 - 2014-01-14 17:47 - 00000000 ____D C:\Users\Marcus\Desktop\Goldie
2014-01-14 15:48 - 2014-01-14 15:48 - 00000000 ____D C:\Users\Marcus\AppData\Local\paul.bv96@yahoo.com
2014-01-14 15:45 - 2014-01-14 15:45 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-13 17:44 - 2014-01-13 17:45 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Audacity
2014-01-13 17:43 - 2014-01-14 15:45 - 00000000 ____D C:\Users\Marcus\Documents\GTA San Andreas User Files
2014-01-13 17:32 - 2014-01-13 17:32 - 00000000 ____D C:\Users\Marcus\AppData\Local\Google
2014-01-13 17:27 - 2014-01-15 23:20 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Skype
2014-01-13 17:25 - 2014-01-13 17:25 - 00089640 _____ C:\Users\Marcus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-13 17:24 - 2014-01-13 17:24 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\WinRAR
2014-01-13 17:23 - 2014-01-13 17:25 - 00000000 ____D C:\Users\Marcus\AppData\Local\NVIDIA
2014-01-13 17:23 - 2014-01-13 17:23 - 00001447 _____ C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-13 17:23 - 2014-01-13 17:23 - 00001413 _____ C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-01-13 17:23 - 2014-01-13 17:23 - 00000000 ___RD C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-13 17:23 - 2014-01-13 17:23 - 00000000 ___RD C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-13 17:23 - 2014-01-13 17:23 - 00000000 ____D C:\Users\Marcus\AppData\Local\VirtualStore
2014-01-13 17:23 - 2014-01-13 17:23 - 00000000 ____D C:\Users\Marcus\AppData\Local\NVIDIA Corporation
2014-01-13 17:22 - 2014-01-13 17:23 - 00000000 ____D C:\Users\Marcus
2014-01-13 17:22 - 2014-01-13 17:22 - 00000020 ___SH C:\Users\Marcus\ntuser.ini
2014-01-13 17:22 - 2009-07-13 20:54 - 00000000 ___RD C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-13 17:22 - 2009-07-13 20:49 - 00000000 ___RD C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-12 22:47 - 2014-01-12 22:47 - 00014061 _____ C:\Users\Marcus\Desktop\Tyga _ YG Type Instrumental 2012 (The Motto Type Instrumental)-[www_flvto_com].aup
2014-01-12 22:46 - 2014-01-12 22:46 - 00000280 _____ C:\Users\Marcus\Desktop\verse.txt
2014-01-12 18:45 - 2014-01-12 18:45 - 00000778 _____ C:\Users\Marcus\Desktop\Yunqmark request..txt
2014-01-11 02:15 - 2014-01-16 15:05 - 00005600 _____ C:\Windows\setupact.log
2014-01-11 02:15 - 2014-01-11 22:33 - 00011532 _____ C:\Windows\PFRO.log
2014-01-11 02:15 - 2014-01-11 02:15 - 00000000 _____ C:\Windows\setuperr.log
2014-01-08 22:06 - 2014-01-08 22:06 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2014-01-08 18:50 - 2014-01-08 18:50 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2014-01-08 18:40 - 2014-01-08 18:40 - 00000000 ____D C:\Program Files (x86)\Intelore
2014-01-07 18:12 - 2014-01-07 18:12 - 00000000 ____D C:\Windows\ERDNT
2014-01-05 19:07 - 2014-01-06 20:16 - 00116896 _____ C:\Users\Marcus\Desktop\Dinks Highlight.veg
2014-01-05 15:10 - 2014-01-05 17:38 - 00000000 ____D C:\Users\Marcus\Desktop\Clips
2014-01-04 22:44 - 2014-01-04 22:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-04 22:44 - 2014-01-04 22:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-04 22:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-02 05:45 - 2014-01-02 05:45 - 00000000 ____S C:\Windows\system32\xrvic.ytn
2013-12-30 19:32 - 2013-11-14 03:55 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-30 19:32 - 2013-11-14 03:55 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-12-30 19:32 - 2013-11-14 03:55 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-12-30 19:28 - 2013-12-30 19:28 - 00001351 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-12-30 19:28 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-12-30 19:28 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-12-30 19:28 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-12-30 19:28 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-12-30 19:28 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-12-30 19:28 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-12-30 19:27 - 2013-12-09 18:15 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-12-30 19:27 - 2013-12-09 18:14 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-12-30 19:27 - 2013-12-05 00:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-30 19:27 - 2013-12-05 00:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-12-30 19:27 - 2013-12-05 00:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-30 16:39 - 2014-01-16 15:08 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-30 16:38 - 2014-01-16 15:08 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-30 16:38 - 2014-01-16 07:03 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-30 16:38 - 2013-12-30 16:43 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-30 16:38 - 2013-12-30 16:43 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-30 15:11 - 2013-12-30 15:11 - 00037376 _____ C:\Windows\system32\oobct.exz
2013-12-30 15:01 - 2014-01-15 21:18 - 00000089 _____ C:\Windows\system32\lulqv.wkg
2013-12-30 15:01 - 2013-12-30 15:11 - 00000098 _____ C:\Windows\system32\jndobp.llc
2013-12-30 15:01 - 2013-12-30 15:01 - 00000064 _____ C:\Windows\system32\pgdzyjt.srv
2013-12-30 14:45 - 2013-12-30 14:45 - 00219314 ____S C:\Windows\system32\mrcklbi.ygx
2013-12-29 23:20 - 2013-12-30 16:18 - 00000000 ____D C:\ProgramData\Freemake
2013-12-29 12:12 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-12-28 15:37 - 2013-12-28 15:37 - 00000000 ____D C:\Users\Guest\AppData\Local\Torch
2013-12-28 15:37 - 2013-12-28 15:37 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-12-28 15:37 - 2013-12-28 15:37 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo
2013-12-28 15:37 - 2013-12-28 15:37 - 00000000 ____D C:\Users\Guest
2013-12-28 15:37 - 2013-12-28 15:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch
2013-12-28 15:37 - 2013-12-28 15:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-12-28 15:37 - 2013-12-28 15:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo
2013-12-28 15:37 - 2013-12-28 15:37 - 00000000 ____D C:\Users\Administrator
2013-12-28 15:32 - 2014-01-04 22:51 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-12-28 15:31 - 2013-12-28 15:31 - 00003098 _____ C:\Windows\System32\Tasks\Express FilesUpdate
2013-12-28 12:08 - 2013-12-28 20:05 - 00000000 ____D C:\ProgramData\Win sys filter
2013-12-27 23:25 - 2014-01-16 15:08 - 00000396 _____ C:\Windows\Tasks\update-S-1-5-21-2550672977-2382249040-3153769294-1000.job
2013-12-27 23:25 - 2014-01-16 15:05 - 00000396 _____ C:\Windows\Tasks\update-sys.job
2013-12-27 23:25 - 2013-12-27 23:25 - 00003292 _____ C:\Windows\System32\Tasks\update-sys
2013-12-27 23:25 - 2013-12-27 23:25 - 00003278 _____ C:\Windows\System32\Tasks\update-S-1-5-21-2550672977-2382249040-3153769294-1000
2013-12-25 19:44 - 2009-03-18 17:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2013-12-24 20:27 - 2013-12-24 20:27 - 00000000 ____D C:\ProgramData\LogMeIn
2013-12-17 22:37 - 2014-01-11 16:02 - 00000000 ____D C:\Users\Marcus\Desktop\FULL OF MY GTASA
 
==================== One Month Modified Files and Folders =======
 
2014-01-16 15:26 - 2014-01-16 15:26 - 00007212 _____ C:\Users\Marcus\Downloads\FRST.txt
2014-01-16 15:25 - 2014-01-16 15:25 - 02076160 _____ (Farbar) C:\Users\Marcus\Downloads\FRST64.exe
2014-01-16 15:25 - 2014-01-16 15:25 - 00000000 ____D C:\FRST
2014-01-16 15:08 - 2013-12-30 16:39 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-16 15:08 - 2013-12-30 16:38 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-16 15:08 - 2013-12-27 23:25 - 00000396 _____ C:\Windows\Tasks\update-S-1-5-21-2550672977-2382249040-3153769294-1000.job
2014-01-16 15:05 - 2014-01-11 02:15 - 00005600 _____ C:\Windows\setupact.log
2014-01-16 15:05 - 2013-12-27 23:25 - 00000396 _____ C:\Windows\Tasks\update-sys.job
2014-01-16 15:05 - 2013-08-17 02:48 - 00000460 ____H C:\Windows\Tasks\Norton Security Scan for CaliTreez.job
2014-01-16 15:05 - 2013-08-17 02:00 - 00824350 _____ C:\Windows\WindowsUpdate.log
2014-01-16 07:23 - 2014-01-14 16:57 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Apple Computer
2014-01-16 07:21 - 2014-01-16 07:21 - 00000000 ____D C:\Users\Marcus\AppData\Local\Apple
2014-01-16 07:20 - 2014-01-16 07:19 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-16 07:10 - 2009-07-13 20:45 - 00028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-16 07:10 - 2009-07-13 20:45 - 00028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-16 07:09 - 2009-07-13 21:13 - 00791244 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-16 07:03 - 2013-12-30 16:38 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-16 07:03 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-15 23:20 - 2014-01-13 17:27 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Skype
2014-01-15 21:18 - 2013-12-30 15:01 - 00000089 _____ C:\Windows\system32\lulqv.wkg
2014-01-14 20:04 - 2014-01-14 20:04 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Screaming Bee
2014-01-14 17:47 - 2014-01-14 16:27 - 00000000 ____D C:\Users\Marcus\Desktop\Goldie
2014-01-14 17:37 - 2014-01-14 17:37 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Marcus\Downloads\mbar-1.07.0.1008.exe
2014-01-14 17:37 - 2014-01-14 17:37 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Marcus\Desktop\mbar-1.07.0.1008.exe
2014-01-14 17:31 - 2014-01-14 17:31 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Marcus\Downloads\tdsskiller.exe
2014-01-14 17:20 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-14 17:08 - 2014-01-14 17:08 - 00622592 _____ (Ph1012.com) C:\Users\Marcus\Downloads\SA-MultiHack.exe
2014-01-14 17:02 - 2014-01-14 17:02 - 00663027 _____ C:\Users\Marcus\Downloads\Awesome IFP v2.rar
2014-01-14 16:57 - 2014-01-14 16:57 - 00000000 ____D C:\Users\Marcus\AppData\Local\Apple Computer
2014-01-14 15:48 - 2014-01-14 15:48 - 00000000 ____D C:\Users\Marcus\AppData\Local\paul.bv96@yahoo.com
2014-01-14 15:45 - 2014-01-14 15:45 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-14 15:45 - 2014-01-13 17:43 - 00000000 ____D C:\Users\Marcus\Documents\GTA San Andreas User Files
2014-01-13 17:45 - 2014-01-13 17:44 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Audacity
2014-01-13 17:32 - 2014-01-13 17:32 - 00000000 ____D C:\Users\Marcus\AppData\Local\Google
2014-01-13 17:26 - 2013-08-24 02:43 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-13 17:25 - 2014-01-13 17:25 - 00089640 _____ C:\Users\Marcus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-13 17:25 - 2014-01-13 17:23 - 00000000 ____D C:\Users\Marcus\AppData\Local\NVIDIA
2014-01-13 17:25 - 2013-10-25 12:54 - 00000000 ____D C:\Users\Marcus\Desktop\Samp
2014-01-13 17:24 - 2014-01-13 17:24 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\WinRAR
2014-01-13 17:23 - 2014-01-13 17:23 - 00001447 _____ C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-13 17:23 - 2014-01-13 17:23 - 00001413 _____ C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-01-13 17:23 - 2014-01-13 17:23 - 00000000 ___RD C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-13 17:23 - 2014-01-13 17:23 - 00000000 ___RD C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-13 17:23 - 2014-01-13 17:23 - 00000000 ____D C:\Users\Marcus\AppData\Local\VirtualStore
2014-01-13 17:23 - 2014-01-13 17:23 - 00000000 ____D C:\Users\Marcus\AppData\Local\NVIDIA Corporation
2014-01-13 17:23 - 2014-01-13 17:22 - 00000000 ____D C:\Users\Marcus
2014-01-13 17:22 - 2014-01-13 17:22 - 00000020 ___SH C:\Users\Marcus\ntuser.ini
2014-01-12 22:47 - 2014-01-12 22:47 - 00014061 _____ C:\Users\Marcus\Desktop\Tyga _ YG Type Instrumental 2012 (The Motto Type Instrumental)-[www_flvto_com].aup
2014-01-12 22:46 - 2014-01-12 22:46 - 00000280 _____ C:\Users\Marcus\Desktop\verse.txt
2014-01-12 18:45 - 2014-01-12 18:45 - 00000778 _____ C:\Users\Marcus\Desktop\Yunqmark request..txt
2014-01-11 22:33 - 2014-01-11 02:15 - 00011532 _____ C:\Windows\PFRO.log
2014-01-11 16:02 - 2013-12-17 22:37 - 00000000 ____D C:\Users\Marcus\Desktop\FULL OF MY GTASA
2014-01-11 02:15 - 2014-01-11 02:15 - 00000000 _____ C:\Windows\setuperr.log
2014-01-10 22:43 - 2013-12-05 20:33 - 00000000 ____D C:\Program Files (x86)\MTA San Andreas 1.3
2014-01-10 22:43 - 2013-08-24 12:22 - 00000000 ____D C:\ProgramData\MTA San Andreas All
2014-01-08 22:06 - 2014-01-08 22:06 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2014-01-08 18:50 - 2014-01-08 18:50 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2014-01-08 18:40 - 2014-01-08 18:40 - 00000000 ____D C:\Program Files (x86)\Intelore
2014-01-07 18:31 - 2013-08-20 21:02 - 00290776 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2014-01-07 18:29 - 2013-08-18 21:20 - 00281288 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-07 18:12 - 2014-01-07 18:12 - 00000000 ____D C:\Windows\ERDNT
2014-01-06 20:16 - 2014-01-05 19:07 - 00116896 _____ C:\Users\Marcus\Desktop\Dinks Highlight.veg
2014-01-05 20:03 - 2013-08-20 14:37 - 00000000 ____D C:\Windows\Minidump
2014-01-05 17:38 - 2014-01-05 15:10 - 00000000 ____D C:\Users\Marcus\Desktop\Clips
2014-01-04 22:51 - 2013-12-28 15:32 - 00000000 ____D C:\Program Files\Level Quality Watcher
2014-01-04 22:49 - 2013-10-04 15:21 - 00000000 ____D C:\ProgramData\DSearchLink
2014-01-04 22:44 - 2014-01-04 22:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-04 22:44 - 2014-01-04 22:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 13:56 - 2013-11-27 20:21 - 00000000 ____D C:\Fraps
2014-01-02 05:45 - 2014-01-02 05:45 - 00000000 ____S C:\Windows\system32\xrvic.ytn
2014-01-02 05:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\sysprep
2013-12-30 19:54 - 2013-08-17 02:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-30 19:32 - 2013-08-17 03:09 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-30 19:28 - 2013-12-30 19:28 - 00001351 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-12-30 19:28 - 2013-08-17 03:09 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-30 19:27 - 2013-08-17 03:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-30 19:21 - 2013-12-01 19:53 - 00000000 ____D C:\ProgramData\YoutubeBookmark
2013-12-30 19:21 - 2013-12-01 19:53 - 00000000 ____D C:\ProgramData\YoutubeAdblocker
2013-12-30 16:43 - 2013-12-30 16:38 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-30 16:43 - 2013-12-30 16:38 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-30 16:39 - 2013-08-17 02:51 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-30 16:25 - 2013-12-01 19:53 - 00000000 ____D C:\ProgramData\b61a3fbca6e13def
2013-12-30 16:25 - 2013-12-01 19:53 - 00000000 ____D C:\Program Files (x86)\YoutubeAdblocker
2013-12-30 16:20 - 2013-11-05 20:45 - 00000000 ____D C:\ProgramData\DivX
2013-12-30 16:18 - 2013-12-29 23:20 - 00000000 ____D C:\ProgramData\Freemake
2013-12-30 15:11 - 2013-12-30 15:11 - 00037376 _____ C:\Windows\system32\oobct.exz
2013-12-30 15:11 - 2013-12-30 15:01 - 00000098 _____ C:\Windows\system32\jndobp.llc
2013-12-30 15:01 - 2013-12-30 15:01 - 00000064 _____ C:\Windows\system32\pgdzyjt.srv
2013-12-30 14:45 - 2013-12-30 14:45 - 00219314 ____S C:\Windows\system32\mrcklbi.ygx
2013-12-30 12:20 - 2013-08-17 09:10 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2013-12-28 21:10 - 2013-09-01 17:13 - 00000000 ____D C:\ProgramData\savienshaare
2013-12-28 20:05 - 2013-12-28 12:08 - 00000000 ____D C:\ProgramData\Win sys filter
2013-12-28 16:35 - 2013-09-01 17:13 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-28 15:37 - 2013-12-28 15:37 - 00000000 ____D C:\Users\Guest\AppData\Local\Torch
2013-12-28 15:37 - 2013-12-28 15:37 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-12-28 15:37 - 2013-12-28 15:37 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo
2013-12-28 15:37 - 2013-12-28 15:37 - 00000000 ____D C:\Users\Guest
2013-12-28 15:37 - 2013-12-28 15:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch
2013-12-28 15:37 - 2013-12-28 15:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-12-28 15:37 - 2013-12-28 15:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo
2013-12-28 15:37 - 2013-12-28 15:37 - 00000000 ____D C:\Users\Administrator
2013-12-28 15:37 - 2013-12-01 19:53 - 00000000 ____D C:\ProgramData\QuickSet
2013-12-28 15:31 - 2013-12-28 15:31 - 00003098 _____ C:\Windows\System32\Tasks\Express FilesUpdate
2013-12-28 12:08 - 2013-09-01 17:13 - 00000000 ____D C:\Program Files (x86)\WebSearch
2013-12-27 23:25 - 2013-12-27 23:25 - 00003292 _____ C:\Windows\System32\Tasks\update-sys
2013-12-27 23:25 - 2013-12-27 23:25 - 00003278 _____ C:\Windows\System32\Tasks\update-S-1-5-21-2550672977-2382249040-3153769294-1000
2013-12-25 08:50 - 2013-12-01 19:53 - 00000000 ____D C:\ProgramData\surf aand keep
2013-12-24 20:27 - 2013-12-24 20:27 - 00000000 ____D C:\ProgramData\LogMeIn
2013-12-24 19:24 - 2013-08-19 13:27 - 00000000 ____D C:\ProgramData\Yahoo!
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 19:24] - [2010-11-20 19:24] - 0512512 ____A (Microsoft Corporation) C078BBA503E7C7A66DCA5B4E13266D75
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-10 07:50
 
==================== End Of Log ============================
 
 
Farbar Recovery Scan Tool (x64) Version: 15-01-2014 03
Ran by Marcus at 2014-01-16 15:27:52
Running from C:\Users\Marcus\Downloads
Boot Mode: Normal
 
================== Search: "rpcss.dll" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 19:24] - [2010-11-20 19:24] - 0512000 ____A () D41D8CD98F00B204E9800998ECF8427E
 
C:\Windows\System32\rpcss.dll
[2010-11-20 19:24] - [2010-11-20 19:24] - 0512512 ____A (Microsoft Corporation) C078BBA503E7C7A66DCA5B4E13266D75
 
====== End Of Search ======
 

Attached Files



#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:30 PM

Posted 17 January 2014 - 05:14 AM

Hello,

 

It seems that you have a newer version of the Zekos (WinNT/Pigeon) trojan and you don't have a clean copy of rpcss.dll that we can use to replace the patched files.

Also you don't have any useful Restore Points available so we should try a different way to work around this.

Do you have an installation DVD with Windows 7 Ultimate SP1 x64?

 

 

Regards,

Georgi


cXfZ4wS.png


#6 YunqMark

YunqMark
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 17 January 2014 - 09:26 AM

No Sir.



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:30 PM

Posted 18 January 2014 - 06:05 AM

Hello,

 

Please download the file I sent you via PM and save it in the root folder of drive C:\

Extract the file in the same folder...You should get this filepath C:\rpcss.dll

 

Next please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 18 January 2014 - 06:06 AM.

cXfZ4wS.png


#8 YunqMark

YunqMark
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 18 January 2014 - 02:55 PM

 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2014 03

Ran by Marcus at 2014-01-18 11:52:50 Run:1
Running from C:\Users\Marcus\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
BHO: Torntv V7.0 - {11111111-1111-1111-1111-110411901140} - C:\Program Files (x86)\Torntv V7.0\Torntv V7.0-bho64.dll No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
2014-01-08 18:50 - 2014-01-08 18:50 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2014-01-02 05:45 - 2014-01-02 05:45 - 00000000 ____S C:\Windows\system32\xrvic.ytn
2013-12-30 15:11 - 2013-12-30 15:11 - 00037376 _____ C:\Windows\system32\oobct.exz
2013-12-30 15:01 - 2014-01-15 21:18 - 00000089 _____ C:\Windows\system32\lulqv.wkg
2013-12-30 15:01 - 2013-12-30 15:11 - 00000098 _____ C:\Windows\system32\jndobp.llc
2013-12-30 15:01 - 2013-12-30 15:01 - 00000064 _____ C:\Windows\system32\pgdzyjt.srv
2013-12-30 14:45 - 2013-12-30 14:45 - 00219314 ____S C:\Windows\system32\mrcklbi.ygx
2013-12-29 12:12 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-12-28 15:31 - 2013-12-28 15:31 - 00003098 _____ C:\Windows\System32\Tasks\Express FilesUpdate
2013-12-28 12:08 - 2013-12-28 20:05 - 00000000 ____D C:\ProgramData\Win sys filter
2013-12-30 16:25 - 2013-12-01 19:53 - 00000000 ____D C:\ProgramData\b61a3fbca6e13def
2013-12-28 21:10 - 2013-09-01 17:13 - 00000000 ____D C:\ProgramData\savienshaare
2013-12-28 16:35 - 2013-09-01 17:13 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-28 12:08 - 2013-09-01 17:13 - 00000000 ____D C:\Program Files (x86)\WebSearch
2013-12-25 08:50 - 2013-12-01 19:53 - 00000000 ____D C:\ProgramData\surf aand keep
cmd: netsh winsock reset
Task: {DE6391B4-FB25-4AAA-AEAB-E58A0345A221} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37570411.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37570411.sys => ""="Driver"
Replace: c:\rpcss.dll C:\Windows\System32\rpcss.dll
Replace: c:\rpcss.dll C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
end
*****************
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901140} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110411901140} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
C:\Program Files (x86)\TornTV.com => Moved successfully.
Could not move "C:\Windows\system32\xrvic.ytn" => Scheduled to move on reboot.
C:\Windows\system32\oobct.exz => Moved successfully.
C:\Windows\system32\lulqv.wkg => Moved successfully.
Could not move "C:\Windows\system32\jndobp.llc" => Scheduled to move on reboot.
C:\Windows\system32\pgdzyjt.srv => Moved successfully.
Could not move "C:\Windows\system32\mrcklbi.ygx" => Scheduled to move on reboot.
C:\Windows\system32\AdpeakProxy64.dll => Moved successfully.
C:\Windows\System32\Tasks\Express FilesUpdate => Moved successfully.
C:\ProgramData\Win sys filter => Moved successfully.
C:\ProgramData\b61a3fbca6e13def => Moved successfully.
C:\ProgramData\savienshaare => Moved successfully.
C:\ProgramData\InstallMate => Moved successfully.
C:\Program Files (x86)\WebSearch => Moved successfully.
C:\ProgramData\surf aand keep => Moved successfully.
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE6391B4-FB25-4AAA-AEAB-E58A0345A221} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE6391B4-FB25-4AAA-AEAB-E58A0345A221} => Key deleted successfully.
C:\Windows\System32\Tasks\Express FilesUpdate not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate => Key deleted successfully.
C:\ProgramData => ":NT" ADS removed successfully.
"C:\Users\All Users" => ":NT" ADS not found.
"C:\ProgramData\Application Data" => ":NT" ADS not found.
C:\ProgramData\MTA San Andreas All => ":NT" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\37570411.sys => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\37570411.sys => Key deleted successfully.
Could not find c:\rpcss.dll.
Could not find c:\rpcss.dll.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-18 11:53:47)<=
 
C:\Windows\system32\xrvic.ytn => Is moved successfully.
"C:\Windows\system32\jndobp.llc" => File could not move.
"C:\Windows\system32\mrcklbi.ygx" => File could not move.
 
==== End of Fixlog ====


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:30 PM

Posted 18 January 2014 - 09:23 PM

Hello...did you extract the archive file because the fix didn't work?

 

Could not find c:\rpcss.dll.

 

Please see my previous post:

 

Please download the file I sent you via PM and save it in the root folder of drive C:\

Extract the file in the same folder...You should get this filepath C:\rpcss.dll


cXfZ4wS.png


#10 YunqMark

YunqMark
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 20 January 2014 - 11:51 AM

I caught a black screen I had to system restore and the error still happening.



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:30 PM

Posted 21 January 2014 - 07:14 AM

Hello,

 

This is probably because when you ran the script and we deleted the malware related files but you didn't extract the archive I send you to drive C:\ and a clean copy wasn't found to replace the patched file.

 

  • Please re-run FRST again and type the following in the edit box after Search: rpcss.zip; rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

Regards,

Georgi


Edited by B-boy/StyLe/, 22 January 2014 - 04:25 PM.
typo.

cXfZ4wS.png


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:30 PM

Posted 30 January 2014 - 09:32 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users