Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 - DCOM Server Process Terminated Unexpectedly


  • This topic is locked This topic is locked
26 replies to this topic

#1 GeneralHomeboy

GeneralHomeboy

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 12 January 2014 - 10:09 PM

A little over a week ago I started receiving two errors, one saying that the DCOM Server Process Terminated Unexpectedly, the other saying Windows Plug and Play stopped working. Each message will pop up after my computer has been on for a few hours, and afterwards it's forced to restart. I ran a Malwarebytes virus scan, but it detected no problems, so any help on this would be appreciated.

I posted a topic in the "Am I infected?" boards, but was redirected here for help. 

 

Here are the DDS.txt logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.45.2
Run by William at 18:58:53 on 2014-01-12
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8086.5257 [GMT -8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
E:\Program Files (x86)\Steam\Steam.exe
E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\XFastUSB\XFastUsb.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
E:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
E:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
E:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lucidlogix Technologies\VIRTU MVP\EKAG20NT.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
E:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ie
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: YouTube to MP3 Converter: {A3EDD32E-7957-4F51-8BFD-A528BBBE5DE5} - C:\Program Files (x86)\YouTube to MP3 Converter\ytdl.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files (x86)\MicroSoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ASRockXTU] <no file>
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [LWS] E:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LogMeIn Hamachi Ui] "E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - E:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - E:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\Program Files (x86)\MicroSoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - E:\Program Files (x86)\MicroSoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{E1C270B2-3B86-4F9F-AF40-14CB1CF2D765} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\fudqkw2f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\William\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\William\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\William\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\William\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: E:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: E:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2012-9-8 31016]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-8 16152]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-9-8 17192]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-3 283200]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2012-9-8 15936]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-8 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-9-8 121344]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-8 161560]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-8 363800]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-9-8 331264]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-8 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-8 787736]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-9-8 32344]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-11-3 121416]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2012-10-24 113664]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2012-9-8 66336]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2012-9-8 34752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-1-3 99384]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2012-9-8 32320]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-1-3 203320]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-20 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-20 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-20 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-8 1255736]
.
=============== Created Last 30 ================
.
2014-01-03 22:04:27 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2013-12-23 06:26:24 -------- d-----w- C:\ProgramData\REVOLT
2013-12-23 03:27:22 -------- d-----w- C:\Users\William\AppData\Local\Blizzard
2013-12-23 02:56:43 -------- d-----w- C:\Program Files (x86)\Hearthstone
2013-12-23 02:56:02 -------- d-----w- C:\Users\William\AppData\Local\Blizzard Entertainment
2013-12-23 02:56:01 -------- d-----w- C:\Users\William\AppData\Roaming\Battle.net
2013-12-23 02:56:01 -------- d-----w- C:\Users\William\AppData\Local\Battle.net
2013-12-18 04:56:18 -------- d-----w- C:\ProgramData\Oracle
.
==================== Find3M  ====================
.
2014-01-13 02:55:59 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2013-12-12 19:07:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-12 19:07:07 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-07 19:25:07 4249600 ----a-w- C:\Program Files (x86)\GUT6D83.tmp
.
============= FINISH: 18:59:33.03 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,632 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 PM

Posted 17 January 2014 - 10:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/520634 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 GeneralHomeboy

GeneralHomeboy
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 19 January 2014 - 03:34 PM

My computer is still having issues with the DCOM Server Process ending, I'll post new logs like the bot told me to do.

Also, I don't have the original copy of Windows 7 anymore.

Logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.45.2
Run by William at 12:29:16 on 2014-01-19
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8086.3212 [GMT -8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
E:\Program Files (x86)\Steam\Steam.exe
E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\XFastUSB\XFastUsb.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
E:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
E:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
E:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Lucidlogix Technologies\VIRTU MVP\EKAG20NT.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
E:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\AUDIODG.EXE
E:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
E:\Program Files (x86)\MotioninJoy\ds3\DS3_Tool.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.198\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.68\deploy\LolClient.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ie
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: YouTube to MP3 Converter: {A3EDD32E-7957-4F51-8BFD-A528BBBE5DE5} - C:\Program Files (x86)\YouTube to MP3 Converter\ytdl.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files (x86)\MicroSoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ASRockXTU] <no file>
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [LWS] E:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LogMeIn Hamachi Ui] "E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - E:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - E:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\Program Files (x86)\MicroSoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - E:\Program Files (x86)\MicroSoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{E1C270B2-3B86-4F9F-AF40-14CB1CF2D765} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\fudqkw2f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\William\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\William\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\William\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\William\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: E:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: E:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2012-9-8 31016]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-8 16152]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-9-8 17192]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2012-9-8 15936]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-8 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-9-8 121344]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-8 161560]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-8 363800]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-3 283200]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-9-8 331264]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-8 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-8 787736]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-9-8 32344]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-11-3 121416]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2012-10-24 113664]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2012-9-8 66336]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2012-9-8 34752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-1-3 99384]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2012-9-8 32320]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-1-3 203320]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-20 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-20 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-20 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-8 1255736]
.
=============== Created Last 30 ================
.
2014-01-03 22:04:27 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2013-12-23 06:26:24 -------- d-----w- C:\ProgramData\REVOLT
2013-12-23 03:27:22 -------- d-----w- C:\Users\William\AppData\Local\Blizzard
2013-12-23 02:56:43 -------- d-----w- C:\Program Files (x86)\Hearthstone
2013-12-23 02:56:02 -------- d-----w- C:\Users\William\AppData\Local\Blizzard Entertainment
2013-12-23 02:56:01 -------- d-----w- C:\Users\William\AppData\Roaming\Battle.net
2013-12-23 02:56:01 -------- d-----w- C:\Users\William\AppData\Local\Battle.net
.
==================== Find3M  ====================
.
2014-01-19 17:23:46 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2013-12-12 19:07:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-12 19:07:07 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-07 19:25:07 4249600 ----a-w- C:\Program Files (x86)\GUT6D83.tmp
.
============= FINISH: 12:29:55.90 ===============
 

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 PM

Posted 21 January 2014 - 07:25 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 GeneralHomeboy

GeneralHomeboy
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 25 January 2014 - 02:49 AM

Okay, here's what I got from the Farbar Recovery Tool.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by William (administrator) on SEXYBOICOMPUTER on 24-01-2014 23:47:31
Running from E:\Downloads 2.0
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) E:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(LogMeIn Inc.) E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) E:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe
(Valve Corporation) E:\Program Files (x86)\Steam\Steam.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Apple Inc.) E:\Program Files (x86)\iTunes\iTunesHelper.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Logitech Inc.) E:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Software Security System) C:\Program Files\Lucidlogix Technologies\VIRTU MVP\Ekag20nt.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\William\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [VIRTU MVP] - C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe [3006240 2012-03-12] ()
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] - C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2012-09-08] (FNet Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - E:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [336304 2012-11-15] (Razer USA Ltd)
HKLM-x32\...\Run: [LWS] - E:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3806544 2013-11-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [Google Update] - C:\Users\William\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-08] (Google Inc.)
HKCU\...\Run: [Steam] - E:\Program Files (x86)\Steam\steam.exe [1815464 2014-01-07] (Valve Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-12-29] (AMD)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [SearchProtection] - "C:\Users\William\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MountPoints2: {6d30ea0d-f942-11e2-9fd4-bc5ff44cc3c5} - J:\VZW_Software_upgrade_assistant.exe
MountPoints2: {a0fa03c5-0c95-11e2-9418-bc5ff44cc3c5} - G:\TL-Bootstrap.exe
MountPoints2: {c2b9acd6-562f-11e2-8978-bc5ff44cc3c5} - G:\VZW_Software_upgrade_assistant.exe
MountPoints2: {f278fd1d-2f7e-11e2-af91-bc5ff44cc3c5} - G:\LaunchU3.exe
AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [172320 2012-03-12] (Lucidlogix Inc.)
AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [148256 2012-03-12] (Lucidlogix Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x22784306261DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {F257A7EB-4000-4BDC-A2C6-257F1D83CC2D} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {F257A7EB-4000-4BDC-A2C6-257F1D83CC2D} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: YouTube to MP3 Converter - {A3EDD32E-7957-4F51-8BFD-A528BBBE5DE5} - C:\Program Files (x86)\YouTube to MP3 Converter\ytdl.dll (YouTube to MP3 Converter)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files (x86)\MicroSoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\fudqkw2f.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Google
FF Homepage: hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - E:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - E:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\William\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\William\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\William\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\William\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\William\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\William\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\William\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\William\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [ytdl@ytdl.com] - C:\Program Files (x86)\YouTube to MP3 Converter\ytdl@ytdl.com
FF Extension: YTDL - C:\Program Files (x86)\YouTube to MP3 Converter\ytdl@ytdl.com [2013-10-16]
 
Chrome: 
=======
CHR HomePage: hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ch
CHR Plugin: (Shockwave Flash) - C:\Users\William\AppData\Local\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\William\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\William\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\William\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\William\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\William\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Google Update) - C:\Users\William\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Microsoft Office 2010) - E:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - E:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Text URL Linker) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegfbpchoheaflicfmggkmlmcccpjpgd [2012-09-08]
CHR Extension: (Google Drive) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-30]
CHR Extension: (Honey) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-01-18]
CHR Extension: (GameWeasel) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhdohhdhpcobeiikcekeioeonmedanp [2012-09-08]
CHR Extension: (AdBlock) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-08]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2012-09-08]
CHR Extension: (nCage) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbmfljfohghaepamnfokgggaejlmfol [2013-01-09]
CHR Extension: (Night Time In New York City) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek [2012-11-17]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-06-02]
CHR Extension: (Google Wallet) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
 
==================== Services (Whitelisted) =================
 
S3 DAUpdaterSvc; E:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 Hamachi2Svc; E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2210640 2013-11-29] (LogMeIn Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-11-06] ()
 
==================== Drivers (Whitelisted) ====================
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-03] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-01-19] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-09-08] (FNet Co., Ltd.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-01-24] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 MSICDSetup; \??\D:\CDriver64.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-24 23:47 - 2014-01-24 23:47 - 00000000 ____D C:\FRST
2014-01-18 09:32 - 2014-01-18 09:32 - 00000000 ____D C:\Users\William\Documents\MGR
2014-01-18 00:06 - 2014-01-18 00:06 - 00001043 _____ C:\Users\Public\Desktop\METAL GEAR RISING REVENGEANCE.lnk
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TikiOne Steam Cleaner
2014-01-12 21:43 - 2014-01-12 21:45 - 00000000 ____D C:\Users\William\Desktop\Nujabes - Hydeout Productions 1
2014-01-12 21:19 - 2014-01-12 21:19 - 00000000 ____D C:\Users\William\Desktop\Smooth Jams
2014-01-12 21:17 - 2014-01-12 21:17 - 00000000 ____D C:\Users\William\Desktop\Riff
2014-01-06 22:04 - 2014-01-06 22:04 - 00001504 _____ C:\Users\William\Desktop\Firefox.lnk
2014-01-03 14:04 - 2014-01-24 23:44 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-01-02 22:10 - 2014-01-02 22:10 - 00037376 _____ C:\Windows\system32\sdjjvo.ujr
2014-01-02 22:00 - 2014-01-20 01:21 - 00000085 _____ C:\Windows\system32\ihldke.ipb
2014-01-02 22:00 - 2014-01-02 22:10 - 00000100 _____ C:\Windows\system32\wrjqj.ajc
2014-01-02 22:00 - 2014-01-02 22:00 - 00000064 _____ C:\Windows\system32\lrtfz.tzy
2014-01-02 21:44 - 2014-01-02 21:44 - 00219314 ____S C:\Windows\system32\rbljvvt.nmt
 
==================== One Month Modified Files and Folders =======
 
2014-01-24 23:47 - 2014-01-24 23:47 - 00000000 ____D C:\FRST
2014-01-24 23:45 - 2012-12-01 17:05 - 00000000 ____D C:\Users\William\AppData\Local\LogMeIn Hamachi
2014-01-24 23:45 - 2012-09-08 17:19 - 00000000 ____D C:\Users\William\AppData\Roaming\Skype
2014-01-24 23:44 - 2014-01-03 14:04 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-01-24 23:44 - 2013-07-03 11:07 - 741671981 _____ C:\Windows\MEMORY.DMP
2014-01-24 23:44 - 2013-07-03 11:07 - 00000000 ____D C:\Windows\Minidump
2014-01-24 23:44 - 2013-06-26 10:30 - 00099652 _____ C:\Windows\PFRO.log
2014-01-24 23:44 - 2013-06-26 10:30 - 00017175 _____ C:\Windows\setupact.log
2014-01-24 23:44 - 2013-05-19 15:18 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-24 23:44 - 2012-09-08 14:13 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-01-24 23:44 - 2012-09-08 14:11 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-01-24 23:44 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-24 23:32 - 2012-09-08 15:05 - 00000000 ____D C:\Users\William\AppData\Local\PMB Files
2014-01-24 23:20 - 2012-09-08 14:58 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339422809-3724559939-1727797841-1000UA.job
2014-01-24 22:53 - 2013-05-19 15:18 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-24 21:18 - 2009-07-13 21:13 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-24 21:15 - 2013-03-09 16:26 - 01380117 _____ C:\Windows\WindowsUpdate.log
2014-01-24 16:21 - 2012-11-22 21:58 - 00000000 ____D C:\Users\William\AppData\Roaming\Mozilla
2014-01-24 16:20 - 2012-09-08 14:58 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339422809-3724559939-1727797841-1000Core.job
2014-01-20 13:43 - 2012-09-08 14:11 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-01-20 01:21 - 2014-01-02 22:00 - 00000085 _____ C:\Windows\system32\ihldke.ipb
2014-01-19 18:11 - 2012-09-12 20:55 - 00000000 ____D C:\Users\William\AppData\Local\CrashDumps
2014-01-19 11:37 - 2012-09-08 15:05 - 00000000 ____D C:\ProgramData\PMB Files
2014-01-18 09:32 - 2014-01-18 09:32 - 00000000 ____D C:\Users\William\Documents\MGR
2014-01-18 09:32 - 2013-05-12 19:38 - 00000000 ____D C:\Users\William\AppData\Local\SKIDROW
2014-01-18 02:02 - 2012-09-10 20:10 - 00000000 ____D C:\Users\William\AppData\Roaming\uTorrent
2014-01-18 00:07 - 2012-11-25 11:11 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-18 00:07 - 2012-09-09 07:53 - 00000000 ____D C:\Windows\SysWOW64\directx
2014-01-18 00:06 - 2014-01-18 00:06 - 00001043 _____ C:\Users\Public\Desktop\METAL GEAR RISING REVENGEANCE.lnk
2014-01-17 22:18 - 2012-10-15 20:10 - 00000000 ____D C:\Users\William\AppData\Roaming\vlc
2014-01-13 16:42 - 2014-01-13 16:42 - 00000000 ____D C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TikiOne Steam Cleaner
2014-01-12 21:45 - 2014-01-12 21:43 - 00000000 ____D C:\Users\William\Desktop\Nujabes - Hydeout Productions 1
2014-01-12 21:19 - 2014-01-12 21:19 - 00000000 ____D C:\Users\William\Desktop\Smooth Jams
2014-01-12 21:17 - 2014-01-12 21:17 - 00000000 ____D C:\Users\William\Desktop\Riff
2014-01-12 21:17 - 2013-11-23 01:12 - 00000000 ____D C:\Users\William\Desktop\Leader of China
2014-01-07 16:43 - 2012-09-08 14:10 - 00086536 _____ C:\Users\William\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-07 16:43 - 2009-07-13 20:45 - 00365304 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-06 22:04 - 2014-01-06 22:04 - 00001504 _____ C:\Users\William\Desktop\Firefox.lnk
2014-01-06 16:08 - 2013-08-02 10:52 - 00000000 ____D C:\Users\William\AppData\Roaming\Search Protection
2014-01-02 22:10 - 2014-01-02 22:10 - 00037376 _____ C:\Windows\system32\sdjjvo.ujr
2014-01-02 22:10 - 2014-01-02 22:00 - 00000100 _____ C:\Windows\system32\wrjqj.ajc
2014-01-02 22:00 - 2014-01-02 22:00 - 00000064 _____ C:\Windows\system32\lrtfz.tzy
2014-01-02 21:44 - 2014-01-02 21:44 - 00219314 ____S C:\Windows\system32\rbljvvt.nmt
2014-01-02 21:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\sysprep
2013-12-31 22:28 - 2012-12-01 16:59 - 00000000 ____D C:\Users\William\AppData\Roaming\.minecraft
2013-12-31 21:43 - 2013-02-23 21:23 - 00000024 _____ C:\Users\William\random.dat
2013-12-31 21:41 - 2013-02-23 21:23 - 00000046 _____ C:\Users\William\jagex_cl_runescape_LIVE.dat
2013-12-30 22:15 - 2013-12-22 18:56 - 00000000 ____D C:\Users\William\AppData\Local\Battle.net
2013-12-28 14:55 - 2013-10-08 20:43 - 00000117 _____ C:\Users\William\Desktop\League Accounts.txt
 
Files to move or delete:
====================
C:\Users\William\jagex_cl_oldschool_LIVE.dat
C:\Users\William\jagex_cl_runescape_LIVE.dat
C:\Users\William\random.dat
 
 
Some content of TEMP:
====================
C:\Users\William\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\William\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\William\AppData\Local\Temp\drm_dyndata_7410004.dll
C:\Users\William\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\William\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\William\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.6.exe
C:\Users\William\AppData\Local\Temp\PreferencesJson.exe
C:\Users\William\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\William\AppData\Local\Temp\riftuninstall.exe
C:\Users\William\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\William\AppData\Local\Temp\SkypeSetup.exe
C:\Users\William\AppData\Local\Temp\sqlite3.exe
C:\Users\William\AppData\Local\Temp\Uninstaller-3740.exe
C:\Users\William\AppData\Local\Temp\utt762A.tmp.exe
C:\Users\William\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 19:24] - [2010-11-20 19:24] - 0512512 ____A (Microsoft Corporation) C248E00D52C883C7BD50C362D731BF20
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-19 18:35
 
==================== End Of Log ============================

Attached Files



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 PM

Posted 25 January 2014 - 12:41 PM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

2014-01-02 22:10 - 2014-01-02 22:10 - 00037376 _____ C:\Windows\system32\sdjjvo.ujr
2014-01-02 22:00 - 2014-01-20 01:21 - 00000085 _____ C:\Windows\system32\ihldke.ipb
2014-01-02 22:00 - 2014-01-02 22:10 - 00000100 _____ C:\Windows\system32\wrjqj.ajc
2014-01-02 22:00 - 2014-01-02 22:00 - 00000064 _____ C:\Windows\system32\lrtfz.tzy
2014-01-02 21:44 - 2014-01-02 21:44 - 00219314 ____S C:\Windows\system32\rbljvvt.nmt
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

icon11.gif   Run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Enter the following into the search box:  rpcss.dll
  • Press the Search File(s) button
  • The tool will make another log (Search.txt) please post it to your reply.

Please include the following in your next post:
  • Fixlog.txt Report
  • Search.txt Report

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 GeneralHomeboy

GeneralHomeboy
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 25 January 2014 - 01:52 PM

I copied the text into notepad then ran fix on FRST. It made my computer restart and after the Starting Windows screen finished loading, my screen just stayed black with my mouse on it. I tried to start it in safe mode, but the screen still stayed black...

Edited by GeneralHomeboy, 25 January 2014 - 01:53 PM.


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 PM

Posted 25 January 2014 - 02:31 PM

Please do this next:
 
icon11.gif   Download Farbar Recovery Scan Tool and save it to a flash drive.   Note: You need the  bit version
 
Plug the flashdrive into the infected PC.
 
Enter System Recovery Options
 
To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  •  
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  •  
    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
    [*]Select Command Prompt
    [*]In the command window type in notepad and press Enter.
    [*]The notepad opens. Under File menu select Open.
    [*]Select "Computer" and find your flash drive letter and close the notepad.
    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter 
    Note: Replace letter e with the drive letter of your flash drive.
    [*]The tool will start to run.
    [*]When the tool opens click Yes to disclaimer.
    [*]Press Scan button.
    [*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #9 GeneralHomeboy

    GeneralHomeboy
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:09:45 AM

    Posted 25 January 2014 - 05:06 PM

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-01-2014 01
    Ran by SYSTEM on MININT-MSRD682 on 25-01-2014 14:03:20
    Running from H:\
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Recovery
     
    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
     
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
    HKLM\...\Run: [VIRTU MVP] - C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe [3006240 2012-03-12] ()
    HKLM\...\Run: [THXCfg64] - C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)
    HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
    HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
    HKLM-x32\...\Run: [XFastUSB] - C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2012-09-08] (FNet Co., Ltd.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
    HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] - "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
    HKLM-x32\...\Run: [] - [x]
    HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [336304 2012-11-15] (Razer USA Ltd)
    HKLM-x32\...\Run: [LWS] - E:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - "E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\William\...\Run: [ASRockXTU] - [x]
    HKU\William\...\Run: [zASRockInstantBoot] - [x]
    HKU\William\...\Run: [Google Update] - C:\Users\William\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-08] (Google Inc.)
    HKU\William\...\Run: [Steam] - "E:\Program Files (x86)\Steam\steam.exe" -silent
    HKU\William\...\Run: [DAEMON Tools Lite] - "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    HKU\William\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    HKU\William\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-12-29] (AMD)
    HKU\William\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
    HKU\William\...\Run: [SearchProtection] - "C:\Users\William\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
    HKU\William\...\RunOnce: [FRST] - C:\Users\William\Desktop\FRST64.exe [2077696 2014-01-24] (Farbar)
    AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [172320 2012-03-12] (Lucidlogix Inc.)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [148256 2012-03-12] (Lucidlogix Inc.)
     
    ==================== Services (Whitelisted) =================
     
    S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] ()
    S2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
    S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-11-06] ()
    S3 DAUpdaterSvc; E:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
    S2 Hamachi2Svc; "E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [x]
     
    ==================== Drivers (Whitelisted) ====================
     
    S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
    S0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
    S3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-03] (DT Soft Ltd)
    S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-01-19] (FNet Co., Ltd.)
    S1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-09-08] (FNet Co., Ltd.)
    S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
    S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
    S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
    S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-01-25] ()
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
    S3 MSICDSetup; \??\D:\CDriver64.sys [x]
    S3 VGPU; System32\drivers\rdvgkmd.sys [x]
    S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-01-25 10:31 - 2014-01-24 23:47 - 02077696 _____ (Farbar) C:\Users\William\Desktop\FRST64.exe
    2014-01-24 23:49 - 2014-01-24 23:49 - 00031683 _____ C:\Users\William\Desktop\Addition.txt
    2014-01-24 23:49 - 2014-01-24 23:49 - 00029269 _____ C:\Users\William\Desktop\FRST.txt
    2014-01-24 23:47 - 2014-01-25 10:31 - 00000000 ____D C:\FRST
    2014-01-18 09:32 - 2014-01-18 09:32 - 00000000 ____D C:\Users\William\Documents\MGR
    2014-01-18 00:06 - 2014-01-18 00:06 - 00001043 _____ C:\Users\Public\Desktop\METAL GEAR RISING REVENGEANCE.lnk
    2014-01-12 21:43 - 2014-01-12 21:45 - 00000000 ____D C:\Users\William\Desktop\Nujabes - Hydeout Productions 1
    2014-01-12 21:19 - 2014-01-12 21:19 - 00000000 ____D C:\Users\William\Desktop\Smooth Jams
    2014-01-12 21:17 - 2014-01-12 21:17 - 00000000 ____D C:\Users\William\Desktop\Riff
    2014-01-06 22:04 - 2014-01-06 22:04 - 00001504 _____ C:\Users\William\Desktop\Firefox.lnk
    2014-01-02 21:44 - 2014-01-02 21:44 - 00219314 _____ C:\Users\William\Desktop\㩃䙜卒屔畑牡湡楴敮
     
    ==================== One Month Modified Files and Folders =======
     
    2014-01-25 11:03 - 2013-06-26 10:30 - 00105140 _____ C:\Windows\PFRO.log
    2014-01-25 10:32 - 2013-03-09 16:26 - 01386489 _____ C:\Windows\WindowsUpdate.log
    2014-01-25 10:31 - 2014-01-24 23:47 - 00000000 ____D C:\FRST
    2014-01-25 10:20 - 2012-09-08 14:58 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339422809-3724559939-1727797841-1000UA.job
    2014-01-25 10:16 - 2012-09-08 17:19 - 00000000 ____D C:\Users\William\AppData\Roaming\Skype
    2014-01-25 10:16 - 2009-07-13 21:13 - 00778150 _____ C:\Windows\System32\PerfStringBackup.INI
    2014-01-25 10:11 - 2013-05-19 15:18 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-01-25 10:11 - 2012-12-01 17:05 - 00000000 ____D C:\Users\William\AppData\Local\LogMeIn Hamachi
    2014-01-25 10:11 - 2012-09-08 14:13 - 00034752 _____ C:\Windows\System32\Drivers\WPRO_41_2001.sys
    2014-01-25 10:11 - 2012-09-08 14:11 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    2014-01-25 10:10 - 2013-06-26 10:30 - 00017231 _____ C:\Windows\setupact.log
    2014-01-25 10:10 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-25 01:45 - 2012-09-10 20:10 - 00000000 ____D C:\Users\William\AppData\Roaming\uTorrent
    2014-01-25 01:00 - 2012-09-08 15:05 - 00000000 ____D C:\Users\William\AppData\Local\PMB Files
    2014-01-25 00:53 - 2013-05-19 15:18 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-01-25 00:00 - 2012-09-08 15:05 - 00000000 ____D C:\ProgramData\PMB Files
    2014-01-24 23:49 - 2014-01-24 23:49 - 00031683 _____ C:\Users\William\Desktop\Addition.txt
    2014-01-24 23:49 - 2014-01-24 23:49 - 00029269 _____ C:\Users\William\Desktop\FRST.txt
    2014-01-24 23:47 - 2014-01-25 10:31 - 02077696 _____ (Farbar) C:\Users\William\Desktop\FRST64.exe
    2014-01-24 23:44 - 2013-07-03 11:07 - 741671981 _____ C:\Windows\MEMORY.DMP
    2014-01-24 23:44 - 2013-07-03 11:07 - 00000000 ____D C:\Windows\Minidump
    2014-01-24 16:21 - 2012-11-22 21:58 - 00000000 ____D C:\Users\William\AppData\Roaming\Mozilla
    2014-01-24 16:20 - 2012-09-08 14:58 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339422809-3724559939-1727797841-1000Core.job
    2014-01-20 13:43 - 2012-09-08 14:11 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    2014-01-19 18:11 - 2012-09-12 20:55 - 00000000 ____D C:\Users\William\AppData\Local\CrashDumps
    2014-01-18 09:32 - 2014-01-18 09:32 - 00000000 ____D C:\Users\William\Documents\MGR
    2014-01-18 09:32 - 2013-05-12 19:38 - 00000000 ____D C:\Users\William\AppData\Local\SKIDROW
    2014-01-18 00:07 - 2012-11-25 11:11 - 00000000 ____D C:\ProgramData\Package Cache
    2014-01-18 00:07 - 2012-09-09 07:53 - 00000000 ____D C:\Windows\SysWOW64\directx
    2014-01-18 00:06 - 2014-01-18 00:06 - 00001043 _____ C:\Users\Public\Desktop\METAL GEAR RISING REVENGEANCE.lnk
    2014-01-17 22:18 - 2012-10-15 20:10 - 00000000 ____D C:\Users\William\AppData\Roaming\vlc
    2014-01-12 21:45 - 2014-01-12 21:43 - 00000000 ____D C:\Users\William\Desktop\Nujabes - Hydeout Productions 1
    2014-01-12 21:19 - 2014-01-12 21:19 - 00000000 ____D C:\Users\William\Desktop\Smooth Jams
    2014-01-12 21:17 - 2014-01-12 21:17 - 00000000 ____D C:\Users\William\Desktop\Riff
    2014-01-12 21:17 - 2013-11-23 01:12 - 00000000 ____D C:\Users\William\Desktop\Leader of China
    2014-01-07 16:43 - 2012-09-08 14:10 - 00086536 _____ C:\Users\William\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-01-07 16:43 - 2009-07-13 20:45 - 00365304 _____ C:\Windows\System32\FNTCACHE.DAT
    2014-01-06 22:04 - 2014-01-06 22:04 - 00001504 _____ C:\Users\William\Desktop\Firefox.lnk
    2014-01-06 16:08 - 2013-08-02 10:52 - 00000000 ____D C:\Users\William\AppData\Roaming\Search Protection
    2014-01-02 21:44 - 2014-01-02 21:44 - 00219314 _____ C:\Users\William\Desktop\㩃䙜卒屔畑牡湡楴敮
    2014-01-02 21:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
    2013-12-31 22:28 - 2012-12-01 16:59 - 00000000 ____D C:\Users\William\AppData\Roaming\.minecraft
    2013-12-31 21:43 - 2013-02-23 21:23 - 00000024 _____ C:\Users\William\random.dat
    2013-12-31 21:41 - 2013-02-23 21:23 - 00000046 _____ C:\Users\William\jagex_cl_runescape_LIVE.dat
    2013-12-30 22:15 - 2013-12-22 18:56 - 00000000 ____D C:\Users\William\AppData\Local\Battle.net
    2013-12-28 14:55 - 2013-10-08 20:43 - 00000117 _____ C:\Users\William\Desktop\League Accounts.txt
     
    Files to move or delete:
    ====================
    C:\Users\William\jagex_cl_oldschool_LIVE.dat
    C:\Users\William\jagex_cl_runescape_LIVE.dat
    C:\Users\William\random.dat
     
     
    Some content of TEMP:
    ====================
    C:\Users\William\AppData\Local\Temp\drm_dyndata_7370014.dll
    C:\Users\William\AppData\Local\Temp\drm_dyndata_7380014.dll
    C:\Users\William\AppData\Local\Temp\drm_dyndata_7410004.dll
    C:\Users\William\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\William\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\William\AppData\Local\Temp\Nexus%20Mod%20Manager-0.45.6.exe
    C:\Users\William\AppData\Local\Temp\PreferencesJson.exe
    C:\Users\William\AppData\Local\Temp\PrefJsonCpp.exe
    C:\Users\William\AppData\Local\Temp\riftuninstall.exe
    C:\Users\William\AppData\Local\Temp\SearchProtectionSetup.exe
    C:\Users\William\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\William\AppData\Local\Temp\sqlite3.exe
    C:\Users\William\AppData\Local\Temp\Uninstaller-3740.exe
    C:\Users\William\AppData\Local\Temp\utt762A.tmp.exe
    C:\Users\William\AppData\Local\Temp\xmlUpdater.exe
     
     
    ==================== Known DLLs (Whitelisted) ================
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0512512 ____A (Microsoft Corporation) C248E00D52C883C7BD50C362D731BF20
     
     ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
     
    ==================== EXE ASSOCIATION =====================
     
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
     
    ==================== Restore Points  =========================
     
    Restore point made on: 2014-01-04 12:23:06
    Restore point made on: 2014-01-07 16:20:24
    Restore point made on: 2014-01-15 21:52:52
    Restore point made on: 2014-01-18 00:07:18
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 9%
    Total physical RAM: 8086 MB
    Available physical RAM: 7283.52 MB
    Total Pagefile: 8084.2 MB
    Available Pagefile: 7276.59 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.88 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:119.14 GB) (Free:47.3 GB) NTFS
    Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: () (Fixed) (Total:931.41 GB) (Free:470.54 GB) NTFS
    Drive h: () (Removable) (Total:1.84 GB) (Free:1.8 GB) FAT
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: C37879AA)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2D624EE3)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 2 (Size: 2 GB) (Disk ID: 00000000)
    Partition 1: (Active) - (Size=2 GB) - (Type=06)
     
     
    LastRegBack: 2014-01-19 18:35
     
    ==================== End Of Log ============================


    #10 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:45 PM

    Posted 25 January 2014 - 06:00 PM

    Is this a dual boot machine?  Please do this next:

    icon11.gif   In Vista or Windows 7: Boot to System Recovery Options and run FRST.

    Type the following in the edit box after "Search:".

    rpcss.dll

    It then should look like:

    Search: rpcss.dll

    Click Search button and post the log (Search.txt) it makes to your reply.


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #11 GeneralHomeboy

    GeneralHomeboy
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:09:45 AM

    Posted 25 January 2014 - 11:03 PM

    When I use the FRST tool, it gives asks me which drive I would like to use; these are the results from my C Drive.

    Farbar Recovery Scan Tool (x64) Version: 25-01-2014 01
    Ran by SYSTEM at 2014-01-25 20:00:35
    Running from H:\
    Boot Mode: Recovery
     
    ================== Search: "rpcss.dll" ===================
     
    C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
     
    C:\Windows\System32\rpcss.dll
    [2010-11-20 19:24] - [2010-11-20 19:24] - 0512512 ____A (Microsoft Corporation) C248E00D52C883C7BD50C362D731BF20
     
    X:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
    [2010-11-20 02:36] - [2010-11-20 05:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
     
    X:\Windows\System32\rpcss.dll
    [2010-11-20 02:36] - [2010-11-20 05:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123
     
    ====== End Of Search ======


    #12 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:45 PM

    Posted 25 January 2014 - 11:35 PM

    Please do this next:

    icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

    Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Fix button just once and wait.
    • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #13 GeneralHomeboy

    GeneralHomeboy
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:09:45 AM

    Posted 26 January 2014 - 12:43 AM

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-01-2014 01
    Ran by SYSTEM at 2014-01-25 21:39:26 Run:2
    Running from H:\
    Boot Mode: Recovery
    ==============================================
     
    Content of fixlist:
    *****************
    Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
    *****************
     
    C:\Windows\System32\rpcss.dll => Moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
     
    ==== End of Fixlog ====


    #14 RPMcMurphy

    RPMcMurphy

      Bleeping *^#@%~


    • Malware Response Team
    • 3,970 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:45 PM

    Posted 26 January 2014 - 10:35 AM

    Please try to boot it normally again now.  Try the safe mode again if it won't boot in the normal mode.


    Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #15 GeneralHomeboy

    GeneralHomeboy
    • Topic Starter

    • Members
    • 14 posts
    • OFFLINE
    •  
    • Local time:09:45 AM

    Posted 30 January 2014 - 10:13 PM

    Sorry it took me so long to respond to this, but my computer works in normal mode now.






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users