Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rpcss - DCOM Crashing and Plug and Play


  • This topic is locked This topic is locked
21 replies to this topic

#1 Minus-Zero

Minus-Zero

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 13 January 2014 - 12:11 PM

THat new form of malware that's going on, I fixed the ads but still get the crashing. Though I had removed the program also but my computer still restarts, even though I have Plug and Play set to restart upon crash.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.45.2
Run by Root at 12:06:24 on 2014-01-13
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.8119.5605 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
mRun: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{107B8763-3C9E-4D99-A20E-FED8D5AD2B7D} : DHCPNameServer = 65.32.5.111 65.32.5.112
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Root\AppData\Roaming\Mozilla\Firefox\Profiles\t3pjj1mi.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2014-1-3 25312]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-1-8 283064]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2014-1-3 26624]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-8 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-8 701512]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-7 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-1-3 15129376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2014-1-3 1827328]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-8 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-7 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-1-13 32512]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-01-13 08:05:32    32512    ----a-w-    C:\Windows\System32\drivers\hitmanpro37.sys
2014-01-13 07:51:59    7936    ----a-w-    C:\Windows\System32\drivers\usbd.sys.bak
2014-01-13 07:50:59    514048    ----a-w-    C:\Windows\System32\drivers\csc.sys.bak
2014-01-13 07:36:34    --------    d-----w-    C:\RegBackup
2014-01-13 07:36:27    --------    d-----w-    C:\Program Files (x86)\Tweaking.com
2014-01-13 07:31:36    --------    d-----w-    C:\FRST
2014-01-12 08:34:35    --------    d-----w-    C:\Users\Root\AppData\Roaming\Foxit Software
2014-01-12 08:34:28    --------    d-----w-    C:\Program Files (x86)\Foxit Software
2014-01-12 04:41:22    98816    ----a-w-    C:\Windows\sed.exe
2014-01-12 04:41:22    256000    ----a-w-    C:\Windows\PEV.exe
2014-01-12 04:41:22    208896    ----a-w-    C:\Windows\MBR.exe
2014-01-12 04:39:17    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-12 04:35:46    --------    d-----w-    C:\Program Files (x86)\FileASSASSIN
2014-01-12 04:15:48    --------    d-----w-    C:\TDSSKiller_Quarantine
2014-01-11 23:38:07    --------    d-----w-    C:\Users\Root\chemaxon
2014-01-11 23:37:13    --------    d-----w-    C:\ProgramData\Oracle
2014-01-11 23:36:49    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-11 02:07:06    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2014-01-10 19:53:26    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98CFA30D-69D6-4AFD-A184-A095241EFB4A}\mpengine.dll
2014-01-10 00:46:37    --------    d-----w-    C:\Users\Root\AppData\Local\Diagnostics
2014-01-10 00:43:04    --------    d-----w-    C:\Windows\System32\MRT
2014-01-09 23:38:50    --------    d-----w-    C:\Users\Root\AppData\Roaming\uTorrent
2014-01-09 02:46:56    6664704    ----a-w-    C:\Windows\REMOVEWAT.EXE
2014-01-09 02:44:48    283064    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2014-01-09 02:44:45    --------    d-----w-    C:\Users\Root\AppData\Roaming\DAEMON Tools Pro
2014-01-09 02:44:43    --------    d-----w-    C:\Program Files (x86)\DAEMON Tools Pro
2014-01-09 02:41:16    --------    d-----w-    C:\ProgramData\DAEMON Tools Pro
2014-01-09 02:33:40    --------    d-----w-    C:\ProgramData\HitmanPro
2014-01-09 02:00:27    --------    d-----w-    C:\Users\Root\AppData\Roaming\Malwarebytes
2014-01-09 02:00:17    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-01-09 02:00:16    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-01-09 02:00:16    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-09 02:00:00    --------    d-----w-    C:\Users\Root\AppData\Local\Programs
2014-01-07 21:36:41    --------    d-----w-    C:\Users\Root\AppData\Local\NVIDIA Corporation
2014-01-07 21:36:17    276832    ----a-w-    C:\Windows\System32\d3dx11_43.dll
2014-01-07 21:36:17    248672    ----a-w-    C:\Windows\SysWow64\d3dx11_43.dll
2014-01-07 21:36:16    511328    ----a-w-    C:\Windows\System32\d3dx10_43.dll
2014-01-07 21:36:16    470880    ----a-w-    C:\Windows\SysWow64\d3dx10_43.dll
2014-01-07 21:36:16    2401112    ----a-w-    C:\Windows\System32\D3DX9_43.dll
2014-01-07 21:36:16    1998168    ----a-w-    C:\Windows\SysWow64\D3DX9_43.dll
2014-01-07 21:36:06    1100248    ----a-w-    C:\Windows\System32\nvspcap64.dll
2014-01-07 21:36:05    982232    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2014-01-07 21:34:57    39200    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2014-01-07 21:34:57    32544    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2014-01-07 21:34:33    --------    d-----w-    C:\Users\Root\AppData\Local\NVIDIA
2014-01-07 18:44:33    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-01-04 08:13:04    --------    d-----w-    C:\Users\Root\AppData\Local\Macromedia
2014-01-04 08:12:28    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-04 08:12:28    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-04 08:12:00    --------    d-----w-    C:\Users\Root\AppData\Local\Adobe
2014-01-04 01:56:48    --------    d-----w-    C:\Users\Root\AppData\Roaming\LolClient
2014-01-04 01:55:13    68616    ----a-w-    C:\Windows\SysWow64\XAPOFX1_1.dll
2014-01-04 01:55:13    509448    ----a-w-    C:\Windows\SysWow64\XAudio2_2.dll
2014-01-04 01:55:13    467984    ----a-w-    C:\Windows\SysWow64\d3dx10_39.dll
2014-01-04 01:55:13    3851784    ----a-w-    C:\Windows\SysWow64\D3DX9_39.dll
2014-01-04 01:55:13    1493528    ----a-w-    C:\Windows\SysWow64\D3DCompiler_39.dll
2014-01-04 01:54:42    --------    d-sh--w-    C:\Windows\SysWow64\AI_RecycleBin
2014-01-04 00:26:58    --------    d-----w-    C:\Users\Root\AppData\Local\PMB Files
2014-01-04 00:26:54    --------    d-----w-    C:\ProgramData\PMB Files
2014-01-04 00:26:49    --------    d-----r-    C:\Program Files (x86)\Skype
2014-01-04 00:26:37    --------    d-----w-    C:\Program Files (x86)\Pando Networks
2014-01-04 00:25:59    --------    d-----w-    C:\Users\Root\AppData\Roaming\Riot Games
2014-01-03 22:53:30    --------    d-sh--w-    C:\Windows\Installer
2014-01-03 22:53:02    99176    ----a-w-    C:\Windows\SysWow64\PresentationHostProxy.dll
2014-01-03 22:53:02    49472    ----a-w-    C:\Windows\SysWow64\netfxperf.dll
2014-01-03 22:53:02    48960    ----a-w-    C:\Windows\System32\netfxperf.dll
2014-01-03 22:53:02    444752    ----a-w-    C:\Windows\System32\mscoree.dll
2014-01-03 22:53:02    320352    ----a-w-    C:\Windows\System32\PresentationHost.exe
2014-01-03 22:53:02    297808    ----a-w-    C:\Windows\SysWow64\mscoree.dll
2014-01-03 22:53:02    295264    ----a-w-    C:\Windows\SysWow64\PresentationHost.exe
2014-01-03 22:53:02    1942856    ----a-w-    C:\Windows\System32\dfshim.dll
2014-01-03 22:53:02    1130824    ----a-w-    C:\Windows\SysWow64\dfshim.dll
2014-01-03 22:53:02    109912    ----a-w-    C:\Windows\System32\PresentationHostProxy.dll
2014-01-03 22:51:27    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2014-01-03 22:51:20    --------    d-----w-    C:\Users\Root\AppData\Local\Google
2014-01-03 22:50:54    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2014-01-03 22:50:22    --------    d-----w-    C:\Users\Root\AppData\Local\Apps
2014-01-03 22:50:19    --------    d-----w-    C:\Users\Root\AppData\Local\Deployment
2014-01-03 22:50:04    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2014-01-03 22:50:04    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2014-01-03 22:45:18    26624    ----a-w-    C:\Windows\System32\drivers\jswpslwfx.sys
2014-01-03 22:45:18    25312    ----a-w-    C:\Windows\System32\drivers\SCMNdisP.sys
2014-01-03 22:45:18    1827328    ----a-w-    C:\Windows\System32\drivers\athurx.sys
2014-01-03 22:45:09    --------    d-----w-    C:\Program Files (x86)\NETGEAR
2014-01-03 21:21:21    --------    d-----w-    C:\Users\Root\AppData\Local\VirtualStore
2014-01-03 20:39:32    --------    d-----w-    C:\Windows\Panther
2014-01-03 20:25:19    --------    d-----w-    C:\Windows.old.000
2014-01-03 20:22:59    770384    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2014-01-03 20:02:55    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2014-01-03 19:59:31    61216    ----a-w-    C:\Windows\System32\OpenCL.dll
2014-01-03 19:59:31    53024    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2014-01-03 19:59:23    --------    d-----w-    C:\ProgramData\NVIDIA Corporation
2014-01-03 19:59:19    --------    d-----w-    C:\Program Files (x86)\NVIDIA Corporation
2014-01-02 23:52:01    --------    d-----w-    C:\found.002
2013-12-31 18:38:31    --------    d---a-w-    C:\bd_logs
.
==================== Find3M  ====================
.
2014-01-09 02:47:41    14848    ----a-w-    C:\Windows\System32\slwga.dll
2014-01-09 02:47:41    13824    ----a-w-    C:\Windows\SysWow64\slwga.dll
2014-01-09 02:47:40    833024    ----a-w-    C:\Windows\SysWow64\user32.dll
2014-01-09 02:47:40    419840    ----a-w-    C:\Windows\System32\systemcpl.dll
2014-01-09 02:47:40    1008640    ----a-w-    C:\Windows\System32\user32.dll
2013-12-05 08:42:26    35104    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-11-11 16:59:28    590112    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-11-11 15:02:02    6674208    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-11-11 15:02:02    3490080    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-11-11 15:01:59    922912    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-11-11 15:01:59    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-11-11 15:01:59    219424    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-11-11 15:01:58    3467927    ----a-w-    C:\Windows\System32\nvcoproc.bin
.
============= FINISH: 12:07:14.30 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:31 PM

Posted 16 January 2014 - 08:06 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Also

  • Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi


cXfZ4wS.png


#3 Minus-Zero

Minus-Zero
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 16 January 2014 - 11:09 AM

FRST: http://pastebin.com/AxCnndq9

 

Search: Farbar Recovery Scan Tool (x64) Version: 15-01-2014 03
Ran by Root at 2014-01-16 11:05:01
Running from C:\Users\Root\Downloads
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

C:\Windows\System32\rpcss.dll
[2009-07-13 16:00] - [2009-07-13 17:41] - 0510464 ____A (Microsoft Corporation) 167C627146696B3242D30C89B1E35C2F

====== End Of Search ======

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:31 PM

Posted 17 January 2014 - 04:24 AM

Hi,
 
 
Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
Regards,
Georgi


cXfZ4wS.png


#5 Minus-Zero

Minus-Zero
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 17 January 2014 - 11:27 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2014 02
Ran by Root at 2014-01-17 11:23:03 Run:2
Running from C:\Users\Root\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
2014-01-11 19:37 - 2014-01-11 19:37 - 00003164 _____ C:\Windows\System32\Tasks\{6EC92DF1-44FD-499C-A6E4-5785F3525949}
2014-01-03 16:26 - 2014-01-03 16:26 - 00003430 _____ C:\Windows\System32\Tasks\{CEB464BB-E6D2-4294-BD6E-6562ED84A9D4}
2014-01-11 15:36 - 2014-01-11 15:36 - 00000000 ____D C:\ProgramData\McAfee
2014-01-04 01:07 - 2014-01-04 01:07 - 00037376 _____ C:\Windows\system32\ktdmah.wnf
2014-01-04 00:57 - 2014-01-16 01:19 - 00000085 _____ C:\Windows\system32\iqmut.oom
2014-01-04 00:47 - 2014-01-04 01:07 - 00000101 _____ C:\Windows\system32\abwt.niu
2014-01-04 00:47 - 2014-01-04 00:47 - 00000064 _____ C:\Windows\system32\vvgfiod.afs
2014-01-04 00:31 - 2014-01-04 00:31 - 00219314 ____S C:\Windows\system32\hrbxevp.wiy
2014-01-02 15:52 - 2014-01-02 15:52 - 00000000 ____D C:\found.002
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll
C:\Users\Root\AppData\Local\Temp
end


*****************

C:\Windows\System32\Tasks\{6EC92DF1-44FD-499C-A6E4-5785F3525949} => Moved successfully.
C:\Windows\System32\Tasks\{CEB464BB-E6D2-4294-BD6E-6562ED84A9D4} => Moved successfully.
C:\ProgramData\McAfee => Moved successfully.
C:\Windows\system32\ktdmah.wnf => Moved successfully.
C:\Windows\system32\iqmut.oom => Moved successfully.
Could not move "C:\Windows\system32\abwt.niu" => Scheduled to move on reboot.
C:\Windows\system32\vvgfiod.afs => Moved successfully.
Could not move "C:\Windows\system32\hrbxevp.wiy" => Scheduled to move on reboot.
C:\found.002 => Moved successfully.

An error occurred while attempting to delete the specified data element.
Element not found.

An error occurred while attempting to delete the specified data element.
Element not found.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

"C:\Users\Root\AppData\Local\Temp" directory move:

C:\Users\Root\AppData\Local\Temp\Attach.txt => Moved successfully.
C:\Users\Root\AppData\Local\Temp\chrome_installer.log => Moved successfully.
C:\Users\Root\AppData\Local\Temp\DDS.txt => Moved successfully.
C:\Users\Root\AppData\Local\Temp\etilqs_9wSog1AaHhmWma5 => Moved successfully.
C:\Users\Root\AppData\Local\Temp\etilqs_fKn7mF3dOgsPsv0 => Moved successfully.
C:\Users\Root\AppData\Local\Temp\etilqs_NxRDgxSED5lMe69 => Moved successfully.
C:\Users\Root\AppData\Local\Temp\etilqs_r8Ij2A3B1vxgcTj => Moved successfully.
Could not move "C:\Users\Root\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Root\AppData\Local\Temp\JavaDeployReg.log => Moved successfully.
C:\Users\Root\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\Root\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Root\AppData\Local\Temp\Tweaking.com - Registry Backup Setup Log.txt => Moved successfully.
C:\Users\Root\AppData\Local\Temp\users00 => Moved successfully.
C:\Users\Root\AppData\Local\Temp\{704B5159-0BDA-4064-AD50-80D9B9C7CA88}.exe => Moved successfully.
C:\Users\Root\AppData\Local\Temp\~DF6B4A812B603736FD.TMP => Moved successfully.
C:\Users\Root\AppData\Local\Temp\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\Root\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat => Moved successfully.
C:\Users\Root\AppData\Local\Temp\Temporary Internet Files\Content.IE5\Z4NAIKP8\desktop.ini => Moved successfully.
C:\Users\Root\AppData\Local\Temp\Temporary Internet Files\Content.IE5\WOZDZCF2\desktop.ini => Moved successfully.
C:\Users\Root\AppData\Local\Temp\Temporary Internet Files\Content.IE5\VJ9ZBSCF\desktop.ini => Moved successfully.
C:\Users\Root\AppData\Local\Temp\Temporary Internet Files\Content.IE5\DPU4UQT8\desktop.ini => Moved successfully.
C:\Users\Root\AppData\Local\Temp\Temporary Internet Files\Content.IE5\DPU4UQT8\update[1].htm => Moved successfully.
C:\Users\Root\AppData\Local\Temp\Temp1_tdsskiller.zip\TDSSKiller.exe => Moved successfully.
C:\Users\Root\AppData\Local\Temp\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\Root\AppData\Local\Temp\History\History.IE5\index.dat => Moved successfully.
C:\Users\Root\AppData\Local\Temp\Cookies\index.dat => Moved successfully.
C:\Users\Root\AppData\Local\Temp\acro_rd_dir\fla233B.tmp => Moved successfully.
C:\Users\Root\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\Root\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\index.dat => Moved successfully.
C:\Users\Root\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\V2UVA3NC\desktop.ini => Moved successfully.
C:\Users\Root\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\I2N3B85L\desktop.ini => Moved successfully.
C:\Users\Root\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\BAOMSSYW\desktop.ini => Moved successfully.
C:\Users\Root\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5\78IHVMRL\desktop.ini => Moved successfully.
C:\Users\Root\AppData\Local\Temp\acro_rd_dir\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\Root\AppData\Local\Temp\acro_rd_dir\History\History.IE5\index.dat => Moved successfully.
C:\Users\Root\AppData\Local\Temp\acro_rd_dir\Cookies\index.dat => Moved successfully.
Could not move "C:\Users\Root\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-17 11:24:28)<=

C:\Windows\system32\abwt.niu => Is moved successfully.
C:\Windows\system32\hrbxevp.wiy => Is moved successfully.
C:\Users\Root\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
"C:\Users\Root\AppData\Local\Temp" => Directory could not move.

==== End of Fixlog ====



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:31 PM

Posted 18 January 2014 - 06:58 AM

Hi,

 

 

Did you turn testsigning on your own for a reason?

You probably see a "Test Mode Windows 7 Build 7600" watermark in the lower right-hand corner?

Let me know if you want to disable it:

 

 

In the meantime It's a good idea to check for malware remnants just in case:

The most of them should take no more than 5 minutes each.

 

 

 

STEP 1

 

  • Please download the latest version of RKill by Grinler from the link below and save it to your desktop.

    Rkill
     
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

STEP 2

 

  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3


Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 4

 

  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and copy and past the results at pastebin.com and post the link to the log in your next reply.

 

STEP 5
 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 18 January 2014 - 01:13 PM.

cXfZ4wS.png


#7 Minus-Zero

Minus-Zero
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 18 January 2014 - 12:35 PM

I don't see any watermark.

 

RKill: http://pastebin.com/a1fgkMjv

 

Rouge: http://pastebin.com/5EQeN0yh

 

TDSS: http://pastebin.com/9mZYwR0g

 

MB: http://pastebin.com/ggdxJJ2Q

 

Hitman: http://pastebin.com/UJUiBPE5

 

Security: http://pastebin.com/Bn1mcWJQ


Edited by Minus-Zero, 18 January 2014 - 01:45 PM.


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:31 PM

Posted 18 January 2014 - 10:15 PM

Hello,

 

That's strange because the logs show that the testsigning is currently on:

 

testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!

 

Check this out:

http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/how-do-i-get-rid-of-the-test-mode-windows-7-build/9d689c72-760a-438c-a655-e5cee6857c3b

 

Anyway please download the latest version of TDSSKiller and run a new scan as described above...your version is too old 2.8.16...the latest version is 3.0.0.19!!

 

The rest of the logs are clean...

 

 

Regards,

Georgi

 

 

 

 

TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42


cXfZ4wS.png


#9 Minus-Zero

Minus-Zero
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 19 January 2014 - 10:56 AM

I believe it crashed again last night, because I woke up and my computer had restarted. But I couldn't find any log of DCOM or Plug crashing in admin logs.

Attached Files



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:31 PM

Posted 20 January 2014 - 05:46 AM

Hi,

 

I doubt that it's related to DCOM because your file is not patched anymore (this is from the latest TDSSKiller log):

 

01:33:01.0856 0x0880  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:33:01.0870 0x0880  DcomLaunch - ok

 

So your system is fully clean! :)

 

However your system needs to be updated to the latest version. Check this out on how to install Service Pack 1 for Windows 7

 

 

ADDITIONAL UPDATING TASKS
 

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.
 

  • Download the latest version of Java SE 7.
  • Click the Java™ 7 Update 51 "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-7u51-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java:
    Java 7 Update 45
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-7u51-windows-i586.exe and select "Run as an Administrator.")

 

Or you can simple uninstall JAVA and try avoid installing Java unless absolutely required by your applications: (it's your call)...
 
http://www.techsuppo...ell-the-coffee/
 
 
Next please run JavaRa.

  • Please download JavaRa and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Choose Remove JRE and from the drop-down menu select any Java version (if listed) and press Run Uninstaller. (If Java is not listed please click on Next).
  • Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
  • When that's successfully done, please click OK to close the message.
  • Click on Next and skip the downloading process. Click Next and now click on Close this wizard and click Finish.
  • From the main menu please choose Additional tasks
  • Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click Run. The browsers should be closed before running this task.
  • When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
  • A log file should be created in the same directory as JavaRa.
  • Please attach the log to your next reply.
  • Close JavaRa by clicking the red cross button.

 

 

Your adobe flash player is out of date. Older versions are vulnerable to attack and exploitation. Please go to the links below to update it:

Adobe Flash Player 12.0.0.43 Final for (Internet Explorer)

Adobe Flash Player 12.0.0.43 Final for (Firefox, Safari, Opera)

Note: Your browsers should be closed before proceeding with the installation process.

 

 

  • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 

 

Visit Microsoft's Windows Update Site Frequently

 

  • It is important that you visit Windows Update regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.  
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

 

When done please post a new log from SecurityCheck.

I'll give you my final recommendations in the next post. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#11 Minus-Zero

Minus-Zero
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 20 January 2014 - 11:53 AM

JavaRa: http://pastebin.com/xdiA5qBy

 

I have noticed that now I am experiencing massive lag spikes. Tried everything from changing the router channel to updating drivers. Any ideas?

 

SecurityCheck:

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
  Adobe Flash Player 12.0.0.43 Flash Player out of Date!  
 Mozilla Firefox (26.0)
 Google Chrome 31.0.1650.63  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````
 


Edited by Minus-Zero, 20 January 2014 - 11:58 AM.


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:31 PM

Posted 21 January 2014 - 07:38 AM

Hello,

 

Is this happening only in games like League of legends?

 

That could be a latency issue with either your network setup configuration or your ISP.

 

Please download Complete Internet Repair
Extract the content of the file cintrepair.zip to a folder of your choice.

Open the directory cintrepair created on the desktop and run the file CIntRep.exe as administrator.
Check all boxes and press GO.
Wait for the scan to complete and restart the computer again when asked to do so.
Let me know about the results.

 

 

Regards,

Georgi

 


cXfZ4wS.png


#13 Minus-Zero

Minus-Zero
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 21 January 2014 - 03:31 PM

Thanks for all the help, here are the results. It seems to mainly be in the game but it also seems ot be in general.

 

I changed my routers channel, tried reinstalling drivers and what not, also no work.

                                            ./
                                          (o o)
--------------------------------------oOOo-(_)-oOOo--------------------------------------
[21/01/2014 15:21:01] Resetting all TCP/IP Interfaces, Please wait.....
-----------------------------------------------------------------------------------------
[21/01/2014 15:21:03] TCP/IP interfaces reset successful.
[21/01/2014 15:21:04] TCP/IP v6 interfaces reset successful.
[21/01/2014 15:21:04] You may need to restart your computer for the settings to take effect.
[21/01/2014 15:21:04] Finished resetting the Internet Protocol (TCP/IP).

-----------------------------------------------------------------------------------------
[21/01/2014 15:21:04] Attempting to reset Winsock catalog, Please wait.....
-----------------------------------------------------------------------------------------
[21/01/2014 15:21:04] Successfully reset the Winsock Catalog.
[21/01/2014 15:21:04] Finished repairing Winsock

-----------------------------------------------------------------------------------------
[21/01/2014 15:21:04] Releasing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[21/01/2014 15:21:05] Successfully released TCP/IP connections.

-----------------------------------------------------------------------------------------
[21/01/2014 15:21:05] Renewing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[21/01/2014 15:21:13] Successfully renewed TCP/IP adapters.

-----------------------------------------------------------------------------------------
[21/01/2014 15:21:13] Configuring the Windows Event Log Service, Please wait.....
-----------------------------------------------------------------------------------------
[21/01/2014 15:21:14] Windows Event Log Service Configured.
[21/01/2014 15:21:14] Starting the Windows Event Log Service.....
[21/01/2014 15:21:15] Windows Event Log Service Started Successfully.

-----------------------------------------------------------------------------------------
[21/01/2014 15:21:15] Flushing DNS Resolver Cache, Please wait.....
-----------------------------------------------------------------------------------------
[21/01/2014 15:21:15] Successfully flushed DNS Resolver Cache.
[21/01/2014 15:21:15] Refreshing all DHCP leases and re-registering DNS names, Please wait.....
[21/01/2014 15:21:18] Registration of the DNS resource records has been initiated.
[21/01/2014 15:21:18] Note: Any errors will be reported in the 'Event Viewer' in about 15 minutes.
[21/01/2014 15:21:18] Note: Click on 'File' and then 'Event Viewer...' to open the Event Viewer.

-----------------------------------------------------------------------------------------
[21/01/2014 15:21:18] Repairing Internet Explorer 11.0.9600, Please wait.....
-----------------------------------------------------------------------------------------
[21/01/2014 15:21:18] RegSvr32.exe: 'actxprxy.dll' registration succeeded.
[21/01/2014 15:21:18] RegSvr32.exe: 'asctrls.ocx' Specified module not found
[21/01/2014 15:21:18] RegSvr32.exe: 'browseui.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:18] RegSvr32.exe: 'cdfview.dll' Specified module not found
[21/01/2014 15:21:19] RegSvr32.exe: 'comcat.dll' registration succeeded.
[21/01/2014 15:21:19] RegSvr32.exe: 'comctl32.dll' registration succeeded.
[21/01/2014 15:21:19] RegSvr32.exe: 'corpol.dll' Specified module not found
[21/01/2014 15:21:19] RegSvr32.exe: 'cryptdlg.dll' registration succeeded.
[21/01/2014 15:21:19] RegSvr32.exe: '"C:\Program Files (x86)\Internet Explorer\custsat.dll"' Specified module not found
[21/01/2014 15:21:19] RegSvr32.exe: 'digest.dll' Specified module not found
[21/01/2014 15:21:19] RegSvr32.exe: 'dispex.dll' registration succeeded.
[21/01/2014 15:21:19] RegSvr32.exe: 'dxtmsft.dll' registration succeeded.
[21/01/2014 15:21:19] RegSvr32.exe: 'dxtrans.dll' registration succeeded.
[21/01/2014 15:21:19] RegSvr32.exe: 'extmgr.dll' Specified module not found
[21/01/2014 15:21:19] RegSvr32.exe: '"C:\Program Files (x86)\Internet Explorer\hmmapi.dll"' Specified module not found
[21/01/2014 15:21:19] RegSvr32.exe: 'hlink.dll' registration succeeded.
[21/01/2014 15:21:19] RegSvr32.exe: 'ieaksie.dll' Specified module not found
[21/01/2014 15:21:20] RegSvr32.exe: 'ieapfltr.dll' Error number: 0x80070005
[21/01/2014 15:21:20] RegSvr32.exe: 'iedkcs32.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:20] RegSvr32.exe: '"C:\Program Files (x86)\Internet Explorer\iedvtool.dll"' registration succeeded.
[21/01/2014 15:21:20] RegSvr32.exe: 'iedvtool.dll' Specified module not found
[21/01/2014 15:21:20] RegSvr32.exe: 'ieframe.dll' registration succeeded.
[21/01/2014 15:21:20] RegSvr32.exe: 'iepeers.dll' registration succeeded.
[21/01/2014 15:21:20] RegSvr32.exe: '"C:\Program Files (x86)\Internet Explorer\ieproxy.dll"' registration succeeded.
[21/01/2014 15:21:20] RegSvr32.exe: 'ieproxy.dll' Specified module not found
[21/01/2014 15:21:21] RegSvr32.exe: 'iesetup.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:21] RegSvr32.exe: 'imgutil.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:21] RegSvr32.exe: 'inetcpl.cpl' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:21] RegSvr32.exe: 'inetcpl.cpl' registration succeeded.
[21/01/2014 15:21:21] RegSvr32.exe: 'initpki.dll' Specified module not found
[21/01/2014 15:21:21] RegSvr32.exe: 'inseng.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:21] RegSvr32.exe: 'jscript.dll' registration succeeded.
[21/01/2014 15:21:21] RegSvr32.exe: 'licmgr10.dll' registration succeeded.
[21/01/2014 15:21:21] RegSvr32.exe: 'mlang.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:21] RegSvr32.exe: 'mobsync.dll' Specified module not found
[21/01/2014 15:21:22] RegSvr32.exe: 'msapsspc.dll' Specified module not found
[21/01/2014 15:21:22] RegSvr32.exe: 'mscoree.dll' registration succeeded.
[21/01/2014 15:21:22] RegSvr32.exe: 'mscorier.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:22] RegSvr32.exe: 'mscories.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:22] RegSvr32.exe: 'msdbg2.dll' Specified module not found
[21/01/2014 15:21:22] RegSvr32.exe: 'mshta.exe' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:22] RegSvr32.exe: 'mshtml.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:22] RegSvr32.exe: 'mshtmled.dll' registration succeeded.
[21/01/2014 15:21:22] RegSvr32.exe: 'msident.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:22] RegSvr32.exe: 'msieftp.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:22] RegSvr32.exe: 'msnsspc.dll' Specified module not found
[21/01/2014 15:21:22] RegSvr32.exe: 'msr2c.dll' Specified module not found
[21/01/2014 15:21:22] RegSvr32.exe: 'msrating.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:23] RegSvr32.exe: 'mstime.dll' Specified module not found
[21/01/2014 15:21:23] RegSvr32.exe: 'msxml.dll' Specified module not found
[21/01/2014 15:21:23] RegSvr32.exe: 'ole32.dll' registration succeeded.
[21/01/2014 15:21:23] RegSvr32.exe: 'oleacc.dll' registration succeeded.
[21/01/2014 15:21:23] RegSvr32.exe: 'occache.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:25] RegSvr32.exe: 'oleaut32.dll' registration succeeded.
[21/01/2014 15:21:25] RegSvr32.exe: '"C:\Program Files (x86)\Internet Explorer\pdm.dll"' registration succeeded.
[21/01/2014 15:21:25] RegSvr32.exe: 'plugin.ocx' Specified module not found
[21/01/2014 15:21:25] RegSvr32.exe: 'pngfilt.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:25] RegSvr32.exe: 'proctexe.ocx' Specified module not found
[21/01/2014 15:21:25] RegSvr32.exe: 'scrobj.dll' Error number: 0x80070005
[21/01/2014 15:21:25] RegSvr32.exe: 'sendmail.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:25] RegSvr32.exe: 'setupwbv.dll' Specified module not found
[21/01/2014 15:21:25] RegSvr32.exe: 'shdocvw.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:25] RegSvr32.exe: 'tdc.ocx' registration succeeded.
[21/01/2014 15:21:25] RegSvr32.exe: 'url.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:26] RegSvr32.exe: 'urlmon.dll' registration succeeded.
[21/01/2014 15:21:26] RegSvr32.exe: 'urlmon.dll,NI,HKLM' Specified module not found
[21/01/2014 15:21:26] RegSvr32.exe: 'vbscript.dll' registration succeeded.
[21/01/2014 15:21:26] RegSvr32.exe: '"C:\Program Files (x86)\microsoft shared\vgx\vgx.dll"' Specified module not found
[21/01/2014 15:21:26] RegSvr32.exe: 'webcheck.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:21:26] Finished repairing Internet Explorer 11.0.9600

-----------------------------------------------------------------------------------------
[21/01/2014 15:21:26] Repairing Windows Update / Automatic Updates, Please wait.....
-----------------------------------------------------------------------------------------
[21/01/2014 15:21:26] Stopping the BITS Service.....
[21/01/2014 15:21:26] BITS Stopped Successfully.
[21/01/2014 15:21:26] Stopping the Automatic Updates (wuauserv) Service.....
[21/01/2014 15:21:27] Automatic Updates (wuauserv) Service Stopped Successfully.
[21/01/2014 15:21:27] Clearing File Stores (Update History).....
[21/01/2014 15:21:27] Clearing [C:\Windows\SoftwareDistribution\Download].....
[21/01/2014 15:23:17] [C:\Windows\SoftwareDistribution\Download] Cleared.
[21/01/2014 15:23:17] Clearing [C:\Windows\SoftwareDistribution\DataStore].....
[21/01/2014 15:23:17] [C:\Windows\SoftwareDistribution\DataStore] Cleared.
[21/01/2014 15:23:17] Clearing [C:\Windows\SysWOW64\CatRoot2].....
[21/01/2014 15:23:17] [C:\Windows\SysWOW64\CatRoot2] Cleared.
[21/01/2014 15:23:17] Setting BITS Security Descriptor.....
[21/01/2014 15:23:18] BITS Security Descriptor Set.
[21/01/2014 15:23:18] Setting Automatic Updates (wuauserv) Service Security Descriptor.....
[21/01/2014 15:23:18] Automatic Updates (wuauserv) Security Descriptor Set.
[21/01/2014 15:23:18] Configuring the Automatic Updates (wuauserv) Service.....
[21/01/2014 15:23:19] Automatic Updates (wuauserv) Service Configured.
[21/01/2014 15:23:19] Configuring BITS.....
[21/01/2014 15:23:19] BITS Configured.
[21/01/2014 15:23:19] Registering WUAU DLLs.....
[21/01/2014 15:23:19] RegSvr32.exe: 'actxprxy.dll' registration succeeded.
[21/01/2014 15:23:19] RegSvr32.exe: 'atl.dll' registration succeeded.
[21/01/2014 15:23:19] RegSvr32.exe: 'browseui.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:23:19] RegSvr32.exe: 'corpol.dll' Specified module not found
[21/01/2014 15:23:19] RegSvr32.exe: 'cryptdlg.dll' registration succeeded.
[21/01/2014 15:23:19] RegSvr32.exe: 'dispex.dll' registration succeeded.
[21/01/2014 15:23:19] RegSvr32.exe: 'dssenh.dll' registration succeeded.
[21/01/2014 15:23:19] RegSvr32.exe: 'gpkcsp.dll' Specified module not found
[21/01/2014 15:23:19] RegSvr32.exe: 'initpki.dll' Specified module not found
[21/01/2014 15:23:19] RegSvr32.exe: 'jscript.dll' registration succeeded.
[21/01/2014 15:23:20] RegSvr32.exe: 'mshtml.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:23:20] RegSvr32.exe: 'msscript.ocx' registration succeeded.
[21/01/2014 15:23:20] RegSvr32.exe: 'msxml.dll' Specified module not found
[21/01/2014 15:23:20] RegSvr32.exe: 'msxml2.dll' Specified module not found
[21/01/2014 15:23:20] RegSvr32.exe: 'msxml3.dll' registration succeeded.
[21/01/2014 15:23:20] RegSvr32.exe: 'msxml4.dll' Specified module not found
[21/01/2014 15:23:20] RegSvr32.exe: 'msxml6.dll' registration succeeded.
[21/01/2014 15:23:20] RegSvr32.exe: 'muweb.dll' Specified module not found
[21/01/2014 15:23:20] RegSvr32.exe: 'ole.dll' Specified module not found
[21/01/2014 15:23:20] RegSvr32.exe: 'ole32.dll' registration succeeded.
[21/01/2014 15:23:20] RegSvr32.exe: 'oleaut.dll' Specified module not found
[21/01/2014 15:23:21] RegSvr32.exe: 'oleaut32.dll' registration succeeded.
[21/01/2014 15:23:21] RegSvr32.exe: 'qmgr.dll' Specified module not found
[21/01/2014 15:23:21] RegSvr32.exe: 'qmgrprxy.dll' registration succeeded.
[21/01/2014 15:23:21] RegSvr32.exe: 'gpkcsp.dll' Specified module not found
[21/01/2014 15:23:21] RegSvr32.exe: 'rsaenh.dll' registration succeeded.
[21/01/2014 15:23:21] RegSvr32.exe: 'sccbase.dll' Specified module not found
[21/01/2014 15:23:21] RegSvr32.exe: 'scrobj.dll' registration succeeded.
[21/01/2014 15:23:21] RegSvr32.exe: 'scrrun.dll' registration succeeded.
[21/01/2014 15:23:21] RegSvr32.exe: 'shdocvw.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:23:21] RegSvr32.exe: 'shell.dll' Specified module not found
[21/01/2014 15:23:22] RegSvr32.exe: 'shell32.dll' registration succeeded.
[21/01/2014 15:23:22] RegSvr32.exe: 'slbcsp.dll' Specified module not found
[21/01/2014 15:23:22] RegSvr32.exe: 'softpub.dll' registration succeeded.
[21/01/2014 15:23:22] RegSvr32.exe: 'urlmon.dll' registration succeeded.
[21/01/2014 15:23:22] RegSvr32.exe: 'vbscript.dll' registration succeeded.
[21/01/2014 15:23:22] RegSvr32.exe: 'winhttp.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:23:22] RegSvr32.exe: 'wintrust.dll' registration succeeded.
[21/01/2014 15:23:22] RegSvr32.exe: 'wshext.dll' Error number: 0x80070005
[21/01/2014 15:23:22] RegSvr32.exe: 'wuapi.dll' registration succeeded.
[21/01/2014 15:23:22] RegSvr32.exe: 'wuaueng.dll' Specified module not found
[21/01/2014 15:23:22] RegSvr32.exe: 'wuaueng1.dll' Specified module not found
[21/01/2014 15:23:22] RegSvr32.exe: 'wucltui.dll' Specified module not found
[21/01/2014 15:23:22] RegSvr32.exe: 'wucltux.dll' Specified module not found
[21/01/2014 15:23:23] RegSvr32.exe: 'wups.dll' registration succeeded.
[21/01/2014 15:23:23] RegSvr32.exe: 'wups2.dll' Specified module not found
[21/01/2014 15:23:23] RegSvr32.exe: 'wuweb.dll' Specified module not found
[21/01/2014 15:23:23] RegSvr32.exe: 'wuwebv.dll' registration succeeded.
[21/01/2014 15:23:23] WUAU DLLs Reregistered.
[21/01/2014 15:23:23] Resetting proxy settings.....
[21/01/2014 15:23:23] Proxy settings reset successfully.
[21/01/2014 15:23:23] Restarting the Automatic Updates (wuauserv) Service.....
[21/01/2014 15:23:23] Automatic Updates (wuauserv) Service Restarted.
[21/01/2014 15:23:23] Restarting the BITS Service.....
[21/01/2014 15:23:23] BITS Service Restarted.
[21/01/2014 15:23:23] Clearing the BITS queue.....
[21/01/2014 15:23:24] BITS queue cleared.
[21/01/2014 15:23:24] Initiating Windows Updates detection right away.....
[21/01/2014 15:23:24] Finished repairing Windows Update / Automatic Updates.

-----------------------------------------------------------------------------------------
[21/01/2014 15:23:24] Repairing SSL / HTTPS / Cryptography service, Please wait.....
-----------------------------------------------------------------------------------------
[21/01/2014 15:23:24] Configuring the Cryptographic Service.....
[21/01/2014 15:23:25] Cryptographic Service Configured.
[21/01/2014 15:23:25] Stopping the Cryptographic Service.....
[21/01/2014 15:23:25] Cryptographic service Stopped Successfully.
[21/01/2014 15:23:25] Clearing [C:\Windows\system32\CatRoot].....
[21/01/2014 15:23:25] [C:\Windows\system32\CatRoot] cleared.
[21/01/2014 15:23:25] Re-registering SSL / HTTPS / Cryptography DLLs.....
[21/01/2014 15:23:25] RegSvr32.exe: 'cryptdlg.dll' registration succeeded.
[21/01/2014 15:23:25] RegSvr32.exe: 'cryptext.dll' registration succeeded.
[21/01/2014 15:23:25] RegSvr32.exe: 'cryptui.dll' registration succeeded.
[21/01/2014 15:23:25] RegSvr32.exe: 'dssenh.dll' registration succeeded.
[21/01/2014 15:23:25] RegSvr32.exe: 'gpkcsp.dll' Specified module not found
[21/01/2014 15:23:25] RegSvr32.exe: 'initpki.dll' Specified module not found
[21/01/2014 15:23:25] RegSvr32.exe: 'licdll.dll' Specified module not found
[21/01/2014 15:23:25] RegSvr32.exe: 'mssign32.dll' registration succeeded.
[21/01/2014 15:23:25] RegSvr32.exe: 'mssip32.dll' registration succeeded.
[21/01/2014 15:23:25] RegSvr32.exe: 'regwizc.dll' Specified module not found
[21/01/2014 15:23:25] RegSvr32.exe: 'rsaenh.dll' registration succeeded.
[21/01/2014 15:23:26] RegSvr32.exe: 'scardssp.dll' Specified module not found
[21/01/2014 15:23:26] RegSvr32.exe: 'sccbase.dll' Specified module not found
[21/01/2014 15:23:26] RegSvr32.exe: 'scecli.dll' registration succeeded.
[21/01/2014 15:23:26] RegSvr32.exe: 'slbcsp.dll' Specified module not found
[21/01/2014 15:23:26] RegSvr32.exe: 'softpub.dll' registration succeeded.
[21/01/2014 15:23:26] RegSvr32.exe: 'winhttp.dll' Module loaded but entry-point DllRegisterServer was not found.
[21/01/2014 15:23:26] RegSvr32.exe: 'wintrust.dll' registration succeeded.
[21/01/2014 15:23:26] SSL / HTTPS / Cryptography DLLs re-registered.
[21/01/2014 15:23:27] Restarting the Cryptographic Service.....
[21/01/2014 15:23:27] Cryptographic Service restarted.
[21/01/2014 15:23:27] Finished repairing SSL / HTTPS / Cryptography service.

-----------------------------------------------------------------------------------------
[21/01/2014 15:23:27] Resetting the Windows Firewall configuraton, Please wait.....
-----------------------------------------------------------------------------------------
[21/01/2014 15:23:27] Windows Firewall configuration reset successful.
[21/01/2014 15:23:27] Finished resetting the Windows Firewall configuraton.

-----------------------------------------------------------------------------------------
[21/01/2014 15:23:27] Restoring the default Windows HOSTS file, Please wait.....
-----------------------------------------------------------------------------------------
[21/01/2014 15:23:27] Writing data to the HOSTS file.....
[21/01/2014 15:23:27] HOSTS file created successfully.

-----------------------------------------------------------------------------------------
[21/01/2014 15:23:28] Repairing Workgroup Computers view, Please wait.....
-----------------------------------------------------------------------------------------
[21/01/2014 15:23:28] Finished repairing Workgroup Computers view.

-----------------------------------------------------------------------------------------
[21/01/2014 15:23:28] You will need to reboot your computer before the settings will take effect.
-----------------------------------------------------------------------------------------
[21/01/2014 15:24:28] Your computer is restarting now.....

-----------------------------------------------------------------------------------------
 



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:31 PM

Posted 22 January 2014 - 05:12 PM

Hi,

 

Did you see any change after you ran Complete Internet Repair?

Also did you try to power off the router and your modem for a few minutes and then to power them both back on?

Try that and make sure your router is on the latest firmware. How many users share your connection?  Turn on WPA2 encryption if available.

For one final test you can try to plug your Ethernet cable directly to the computer and compare the results avoiding routers and network devices since it may be a Wi-Fi issue.

Also I found this on the net as well:

 

1. Press: Windows-button (the one between Alt and Ctrl) + R, a window should pop up.
2. Write: "services.msc" (without the ") then press Enter.
3. In the list of services, scroll down to "UPnP Device Host", click it and press "Stop service".
4. Now do the same thing but with the service "SSDP Discovery".
5. Reboot and see if there is any difference.

 

If no luck then call your ISP for assistance.

Let me know about the results.

 

 

Regards,

Georgi


cXfZ4wS.png


#15 Minus-Zero

Minus-Zero
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 22 January 2014 - 09:47 PM

Thanks for trying to assit me, but that doesn't seem to help. That service wasn't enabled to begin with.

 

I am now running on an ethernet cable yet the problem persists.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users