Jump to content

jlunt14

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

 Content Type 

Posts posted by jlunt14

    DCOM/Plug and Play/Power service failure

    in Resolved Malware Removal Logs

    Posted

     Results of screen317's Security Check version 0.99.79  

     Windows 7 Service Pack 1 x64 (UAC is enabled)  

    ``````````````Antivirus/Firewall Check:`````````````` 

     Windows Firewall Enabled!  

     WMI entry may not exist for antivirus; attempting automatic update. 

    `````````Anti-malware/Other Utilities Check:````````` 

     Malwarebytes Anti-Malware version 1.75.0.1300  

     Google Chrome 32.0.1700.107  

     Google Chrome 33.0.1750.117  

    ````````Process Check: objlist.exe by Laurent````````  

     Malwarebytes Anti-Malware mbamservice.exe  

     Malwarebytes Anti-Malware mbamgui.exe  

     Malwarebytes' Anti-Malware mbamscheduler.exe   

    `````````````````System Health check````````````````` 

     Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)

    ````````````````````End of Log`````````````````````` 

    DCOM/Plug and Play/Power service failure

    in Resolved Malware Removal Logs

    Posted

    # AdwCleaner v3.019 - Report created 24/02/2014 at 09:18:15

    # Updated 17/02/2014 by Xplode

    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

    # Username : Jon - JON-PC

    # Running from : C:\Users\Jon\Desktop\AdwCleaner.exe

    # Option : Clean

     

    ***** [ Services ] *****

     

     

    ***** [ Files / Folders ] *****

     

    Folder Deleted : C:\ProgramData\AVG Security Toolbar

    Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin

     

    ***** [ Shortcuts ] *****

     

     

    ***** [ Registry ] *****

     

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

    Key Deleted : HKCU\Software\AVG Secure Search

    Key Deleted : HKLM\Software\caphyon

    Key Deleted : HKLM\Software\InstallCore

     

    ***** [ Browsers ] *****

     

    -\\ Internet Explorer v8.0.7601.17514

     

    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

    Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

     

    -\\ Google Chrome v33.0.1750.117

     

    [ File : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\preferences ]

     

     

    *************************

     

    AdwCleaner[R0].txt - [3437 octets] - [24/02/2014 09:17:02]

    AdwCleaner[s0].txt - [2872 octets] - [24/02/2014 09:18:15]

     

    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2932 octets] ##########

     


    Malwarebytes Anti-Malware 1.75.0.1300

    www.malwarebytes.org

     

    Database version: v2014.02.24.04

     

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 8.0.7601.17514

    Jon :: JON-PC [administrator]

     

    2/24/2014 9:21:17 AM

    mbam-log-2014-02-24 (09-21-17).txt

     

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 213534

    Time elapsed: 1 minute(s), 31 second(s)

     

    Memory Processes Detected: 0

    (No malicious items detected)

     

    Memory Modules Detected: 0

    (No malicious items detected)

     

    Registry Keys Detected: 0

    (No malicious items detected)

     

    Registry Values Detected: 0

    (No malicious items detected)

     

    Registry Data Items Detected: 0

    (No malicious items detected)

     

    Folders Detected: 0

    (No malicious items detected)

     

    Files Detected: 0

    (No malicious items detected)

     

    (end)

     

     

    My computer hasn't had any issues so far this morning.

    DCOM/Plug and Play/Power service failure

    in Resolved Malware Removal Logs

    Posted

    ComboFix 14-02-24.01 - Jon 02/24/2014   9:08.3.6 - x64

    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8089.6321 [GMT -5:00]

    Running from: c:\users\Jon\Desktop\ComboFix.exe

    Command switches used :: c:\users\Jon\Desktop\CFScript.txt

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    .

    --------------- FCopy ---------------

    .

    c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll --> c:\windows\system32\rpcss.dll

    .

    (((((((((((((((((((((((((   Files Created from 2014-01-24 to 2014-02-24  )))))))))))))))))))))))))))))))

    .

    .

    2014-02-24 14:10 . 2014-02-24 14:10 -------- d-----w- c:\users\Default\AppData\Local\temp

    2014-02-24 01:02 . 2014-02-24 01:02 -------- d-----w- C:\_OTL

    2014-02-22 09:36 . 2014-02-17 06:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73D26B13-4963-4366-B416-4EA8280E230A}\mpengine.dll

    2014-01-31 15:23 . 2014-01-31 15:23 -------- d-----w- c:\users\Jon\AppData\Roaming\Malwarebytes

    2014-01-31 15:22 . 2014-01-31 15:22 -------- d-----w- c:\programdata\Malwarebytes

    2014-01-31 15:22 . 2014-01-31 15:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

    2014-01-31 15:22 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

    2014-01-31 15:22 . 2014-01-31 15:22 -------- d-----w- c:\users\Jon\AppData\Local\Programs

    2014-01-30 00:59 . 2014-01-30 00:59 -------- d-----w- c:\programdata\AVG Security Toolbar

    2014-01-27 06:30 . 2014-01-27 06:30 -------- d-----w- c:\program files\Microsoft Silverlight

    2014-01-27 06:30 . 2014-01-27 06:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2014-01-16 04:29 . 2014-01-09 20:39 86054176 ----a-w- c:\windows\system32\MRT.exe

    2013-12-18 11:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe

    2013-12-06 22:08 . 2013-12-06 22:08 157736 ----a-w- c:\windows\system32\amdhcp64.dll

    2013-12-06 22:08 . 2013-12-06 22:08 142304 ----a-w- c:\windows\SysWow64\amdhcp32.dll

    2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\atimpc64.dll

    2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\amdpcom64.dll

    2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll

    2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll

    2013-12-06 22:04 . 2013-12-06 22:04 143304 ----a-w- c:\windows\system32\atiuxp64.dll

    2013-12-06 22:03 . 2013-12-06 22:03 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll

    2013-12-06 22:03 . 2013-12-06 22:03 115512 ----a-w- c:\windows\system32\atiu9p64.dll

    2013-12-06 22:02 . 2013-12-06 22:02 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll

    2013-12-06 22:01 . 2013-12-06 22:01 1318552 ----a-w- c:\windows\system32\aticfx64.dll

    2013-12-06 22:01 . 2013-12-06 22:01 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll

    2013-12-06 22:00 . 2013-12-06 22:00 9753752 ----a-w- c:\windows\system32\atidxx64.dll

    2013-12-06 21:59 . 2013-12-06 21:59 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll

    2013-12-06 21:59 . 2013-12-06 21:59 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll

    2013-12-06 21:58 . 2013-12-06 21:58 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll

    2013-12-06 21:57 . 2013-12-06 21:57 8927704 ----a-w- c:\windows\system32\atiumd6a.dll

    2013-12-06 21:56 . 2013-12-06 21:56 7751920 ----a-w- c:\windows\system32\atiumd64.dll

    2013-12-06 21:52 . 2013-12-06 21:52 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys

    2013-12-06 21:49 . 2013-12-06 21:49 51200 ----a-w- c:\windows\system32\kdbsdk64.dll

    2013-12-06 21:44 . 2013-12-06 21:44 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

    2013-12-06 21:38 . 2013-12-06 21:38 230912 ----a-w- c:\windows\system32\clinfo.exe

    2013-12-06 21:38 . 2013-12-06 21:38 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe

    2013-12-06 21:38 . 2013-12-06 21:38 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe

    2013-12-06 21:38 . 2013-12-06 21:38 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe

    2013-12-06 21:38 . 2013-12-06 21:38 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe

    2013-12-06 21:38 . 2013-12-06 21:38 99840 ----a-w- c:\windows\system32\OpenVideo64.dll

    2013-12-06 21:38 . 2013-12-06 21:38 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll

    2013-12-06 21:38 . 2013-12-06 21:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll

    2013-12-06 21:38 . 2013-12-06 21:38 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll

    2013-12-06 21:37 . 2013-12-06 21:37 29382144 ----a-w- c:\windows\system32\amdocl64.dll

    2013-12-06 21:35 . 2013-12-06 21:35 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll

    2013-12-06 21:33 . 2013-12-06 21:33 63488 ----a-w- c:\windows\system32\OpenCL.dll

    2013-12-06 21:33 . 2013-12-06 21:33 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll

    2013-12-06 21:26 . 2013-12-06 21:26 129536 ----a-w- c:\windows\system32\coinst_13.251.dll

    2013-12-06 21:16 . 2013-12-06 21:16 26352128 ----a-w- c:\windows\system32\atio6axx.dll

    2013-12-06 21:13 . 2013-12-06 21:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe

    2013-12-06 21:12 . 2013-12-06 21:12 62464 ----a-w- c:\windows\system32\aticalrt64.dll

    2013-12-06 21:12 . 2013-12-06 21:12 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll

    2013-12-06 21:12 . 2013-12-06 21:12 55808 ----a-w- c:\windows\system32\aticalcl64.dll

    2013-12-06 21:12 . 2013-12-06 21:12 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll

    2013-12-06 21:12 . 2013-12-06 21:12 15716352 ----a-w- c:\windows\system32\aticaldd64.dll

    2013-12-06 21:09 . 2013-12-06 21:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll

    2013-12-06 20:58 . 2013-12-06 20:58 22157824 ----a-w- c:\windows\SysWow64\atioglxx.dll

    2013-12-06 20:53 . 2013-12-06 20:53 442368 ----a-w- c:\windows\system32\atidemgy.dll

    2013-12-06 20:53 . 2013-12-06 20:53 31232 ----a-w- c:\windows\system32\atimuixx.dll

    2013-12-06 20:53 . 2013-12-06 20:53 588288 ----a-w- c:\windows\system32\atieclxx.exe

    2013-12-06 20:52 . 2013-12-06 20:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe

    2013-12-06 20:50 . 2013-12-06 20:50 190976 ----a-w- c:\windows\system32\atitmm64.dll

    2013-12-06 20:22 . 2013-12-06 20:22 96256 ----a-w- c:\windows\system32\amdave64.dll

    2013-12-06 20:22 . 2013-12-06 20:22 90112 ----a-w- c:\windows\SysWow64\amdave32.dll

    2013-12-06 20:22 . 2013-12-06 20:22 1144320 ----a-w- c:\windows\system32\atiadlxx.dll

    2013-12-06 20:22 . 2013-12-06 20:22 89088 ----a-w- c:\windows\system32\atisamu64.dll

    2013-12-06 20:22 . 2013-12-06 20:22 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll

    2013-12-06 20:22 . 2013-12-06 20:22 825344 ----a-w- c:\windows\SysWow64\atiadlxy.dll

    2013-12-06 20:22 . 2013-12-06 20:22 74752 ----a-w- c:\windows\system32\atig6pxx.dll

    2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll

    2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\system32\atiglpxx.dll

    2013-12-06 20:22 . 2013-12-06 20:22 100352 ----a-w- c:\windows\system32\atig6txx.dll

    2013-12-06 20:21 . 2013-12-06 20:21 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll

    2013-12-06 20:21 . 2013-12-06 20:21 626176 ----a-w- c:\windows\system32\drivers\atikmpag.sys

    2013-12-06 20:18 . 2013-12-06 20:18 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll

    .

    .

    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown 

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]

    "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-11-18 442712]

    "KrakenLauncher"="c:\program files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe" [2013-07-25 865624]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

    R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]

    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

    S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]

    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]

    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

    S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE2500w764.sys [x]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

    S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]

    S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]

    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

    2014-02-21 22:10 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09 01:35]

    .

    2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09 01:35]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-07 6827664]

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm



    mLocal Page = c:\windows\SysWOW64\blank.htm

    Trusted Zone: clonewarsadventures.com

    Trusted Zone: freerealms.com

    Trusted Zone: soe.com

    Trusted Zone: sony.com

    TCP: DhcpNameServer = 192.168.1.1

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Wow6432Node-HKLM-Run-<NO NAME> - (no file)

    .

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Completion time: 2014-02-24  09:11:38

    ComboFix-quarantined-files.txt  2014-02-24 14:11

    ComboFix2.txt  2014-02-24 13:46

    ComboFix3.txt  2014-02-24 01:16

    .

    Pre-Run: 80,299,692,032 bytes free

    Post-Run: 80,241,737,728 bytes free

    .

    - - End Of File - - 4AC5EAB92FC5391647C0BF69FEB23491

    A36C5E4F47E84449FF07ED3517B43A31

    DCOM/Plug and Play/Power service failure

    in Resolved Malware Removal Logs

    Posted

    ComboFix 14-02-24.01 - Jon 02/24/2014   8:43.2.6 - x64

    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8089.6390 [GMT -5:00]

    Running from: c:\users\Jon\Desktop\ComboFix.exe

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    (((((((((((((((((((((((((   Files Created from 2014-01-24 to 2014-02-24  )))))))))))))))))))))))))))))))

    .

    .

    2014-02-24 13:45 . 2014-02-24 13:45 -------- d-----w- c:\users\Default\AppData\Local\temp

    2014-02-24 01:02 . 2014-02-24 01:02 -------- d-----w- C:\_OTL

    2014-02-22 09:36 . 2014-02-17 06:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73D26B13-4963-4366-B416-4EA8280E230A}\mpengine.dll

    2014-01-31 15:23 . 2014-01-31 15:23 -------- d-----w- c:\users\Jon\AppData\Roaming\Malwarebytes

    2014-01-31 15:22 . 2014-01-31 15:22 -------- d-----w- c:\programdata\Malwarebytes

    2014-01-31 15:22 . 2014-01-31 15:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

    2014-01-31 15:22 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

    2014-01-31 15:22 . 2014-01-31 15:22 -------- d-----w- c:\users\Jon\AppData\Local\Programs

    2014-01-30 00:59 . 2014-01-30 00:59 -------- d-----w- c:\programdata\AVG Security Toolbar

    2014-01-27 06:30 . 2014-01-27 06:30 -------- d-----w- c:\program files\Microsoft Silverlight

    2014-01-27 06:30 . 2014-01-27 06:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2014-01-16 04:29 . 2014-01-09 20:39 86054176 ----a-w- c:\windows\system32\MRT.exe

    2013-12-18 11:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe

    2013-12-06 22:08 . 2013-12-06 22:08 157736 ----a-w- c:\windows\system32\amdhcp64.dll

    2013-12-06 22:08 . 2013-12-06 22:08 142304 ----a-w- c:\windows\SysWow64\amdhcp32.dll

    2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\atimpc64.dll

    2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\amdpcom64.dll

    2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll

    2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll

    2013-12-06 22:04 . 2013-12-06 22:04 143304 ----a-w- c:\windows\system32\atiuxp64.dll

    2013-12-06 22:03 . 2013-12-06 22:03 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll

    2013-12-06 22:03 . 2013-12-06 22:03 115512 ----a-w- c:\windows\system32\atiu9p64.dll

    2013-12-06 22:02 . 2013-12-06 22:02 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll

    2013-12-06 22:01 . 2013-12-06 22:01 1318552 ----a-w- c:\windows\system32\aticfx64.dll

    2013-12-06 22:01 . 2013-12-06 22:01 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll

    2013-12-06 22:00 . 2013-12-06 22:00 9753752 ----a-w- c:\windows\system32\atidxx64.dll

    2013-12-06 21:59 . 2013-12-06 21:59 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll

    2013-12-06 21:59 . 2013-12-06 21:59 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll

    2013-12-06 21:58 . 2013-12-06 21:58 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll

    2013-12-06 21:57 . 2013-12-06 21:57 8927704 ----a-w- c:\windows\system32\atiumd6a.dll

    2013-12-06 21:56 . 2013-12-06 21:56 7751920 ----a-w- c:\windows\system32\atiumd64.dll

    2013-12-06 21:52 . 2013-12-06 21:52 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys

    2013-12-06 21:49 . 2013-12-06 21:49 51200 ----a-w- c:\windows\system32\kdbsdk64.dll

    2013-12-06 21:44 . 2013-12-06 21:44 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

    2013-12-06 21:38 . 2013-12-06 21:38 230912 ----a-w- c:\windows\system32\clinfo.exe

    2013-12-06 21:38 . 2013-12-06 21:38 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe

    2013-12-06 21:38 . 2013-12-06 21:38 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe

    2013-12-06 21:38 . 2013-12-06 21:38 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe

    2013-12-06 21:38 . 2013-12-06 21:38 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe

    2013-12-06 21:38 . 2013-12-06 21:38 99840 ----a-w- c:\windows\system32\OpenVideo64.dll

    2013-12-06 21:38 . 2013-12-06 21:38 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll

    2013-12-06 21:38 . 2013-12-06 21:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll

    2013-12-06 21:38 . 2013-12-06 21:38 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll

    2013-12-06 21:37 . 2013-12-06 21:37 29382144 ----a-w- c:\windows\system32\amdocl64.dll

    2013-12-06 21:35 . 2013-12-06 21:35 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll

    2013-12-06 21:33 . 2013-12-06 21:33 63488 ----a-w- c:\windows\system32\OpenCL.dll

    2013-12-06 21:33 . 2013-12-06 21:33 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll

    2013-12-06 21:26 . 2013-12-06 21:26 129536 ----a-w- c:\windows\system32\coinst_13.251.dll

    2013-12-06 21:16 . 2013-12-06 21:16 26352128 ----a-w- c:\windows\system32\atio6axx.dll

    2013-12-06 21:13 . 2013-12-06 21:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe

    2013-12-06 21:12 . 2013-12-06 21:12 62464 ----a-w- c:\windows\system32\aticalrt64.dll

    2013-12-06 21:12 . 2013-12-06 21:12 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll

    2013-12-06 21:12 . 2013-12-06 21:12 55808 ----a-w- c:\windows\system32\aticalcl64.dll

    2013-12-06 21:12 . 2013-12-06 21:12 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll

    2013-12-06 21:12 . 2013-12-06 21:12 15716352 ----a-w- c:\windows\system32\aticaldd64.dll

    2013-12-06 21:09 . 2013-12-06 21:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll

    2013-12-06 20:58 . 2013-12-06 20:58 22157824 ----a-w- c:\windows\SysWow64\atioglxx.dll

    2013-12-06 20:53 . 2013-12-06 20:53 442368 ----a-w- c:\windows\system32\atidemgy.dll

    2013-12-06 20:53 . 2013-12-06 20:53 31232 ----a-w- c:\windows\system32\atimuixx.dll

    2013-12-06 20:53 . 2013-12-06 20:53 588288 ----a-w- c:\windows\system32\atieclxx.exe

    2013-12-06 20:52 . 2013-12-06 20:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe

    2013-12-06 20:50 . 2013-12-06 20:50 190976 ----a-w- c:\windows\system32\atitmm64.dll

    2013-12-06 20:22 . 2013-12-06 20:22 96256 ----a-w- c:\windows\system32\amdave64.dll

    2013-12-06 20:22 . 2013-12-06 20:22 90112 ----a-w- c:\windows\SysWow64\amdave32.dll

    2013-12-06 20:22 . 2013-12-06 20:22 1144320 ----a-w- c:\windows\system32\atiadlxx.dll

    2013-12-06 20:22 . 2013-12-06 20:22 89088 ----a-w- c:\windows\system32\atisamu64.dll

    2013-12-06 20:22 . 2013-12-06 20:22 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll

    2013-12-06 20:22 . 2013-12-06 20:22 825344 ----a-w- c:\windows\SysWow64\atiadlxy.dll

    2013-12-06 20:22 . 2013-12-06 20:22 74752 ----a-w- c:\windows\system32\atig6pxx.dll

    2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll

    2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\system32\atiglpxx.dll

    2013-12-06 20:22 . 2013-12-06 20:22 100352 ----a-w- c:\windows\system32\atig6txx.dll

    2013-12-06 20:21 . 2013-12-06 20:21 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll

    2013-12-06 20:21 . 2013-12-06 20:21 626176 ----a-w- c:\windows\system32\drivers\atikmpag.sys

    2013-12-06 20:18 . 2013-12-06 20:18 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll

    .

    .

    ------- Sigcheck -------

    Note: Unsigned files aren't necessarily malware.

    .

    [7] 2010-11-21 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

    [-] 2010-11-21 . 8835403CED6F590B3150C8F551624A38 . 512512 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll

    .

    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown 

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]

    "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-11-18 442712]

    "KrakenLauncher"="c:\program files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe" [2013-07-25 865624]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

    R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]

    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

    S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]

    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]

    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

    S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE2500w764.sys [x]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

    S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]

    S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]

    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

    2014-02-21 22:10 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09 01:35]

    .

    2014-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-09 01:35]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-07 6827664]

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm



    mLocal Page = c:\windows\SysWOW64\blank.htm

    Trusted Zone: clonewarsadventures.com

    Trusted Zone: freerealms.com

    Trusted Zone: soe.com

    Trusted Zone: sony.com

    TCP: DhcpNameServer = 192.168.1.1

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Wow6432Node-HKLM-Run-<NO NAME> - (no file)

    .

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Completion time: 2014-02-24  08:46:20

    ComboFix-quarantined-files.txt  2014-02-24 13:46

    ComboFix2.txt  2014-02-24 01:16

    .

    Pre-Run: 80,106,979,328 bytes free

    Post-Run: 80,246,394,880 bytes free

    .

    - - End Of File - - 6546E9B3677EE048EF35946BB2D68A06

    A36C5E4F47E84449FF07ED3517B43A31

    DCOM/Plug and Play/Power service failure

    in Resolved Malware Removal Logs

    Posted

    Malwarebytes results:

     

    Malwarebytes Anti-Malware 1.75.0.1300

    www.malwarebytes.org

     

    Database version: v2014.02.24.04

     

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 8.0.7601.17514

    Jon :: JON-PC [administrator]

     

    2/24/2014 8:18:46 AM

    mbam-log-2014-02-24 (08-18-46).txt

     

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 213394

    Time elapsed: 1 minute(s), 30 second(s)

     

    Memory Processes Detected: 0

    (No malicious items detected)

     

    Memory Modules Detected: 0

    (No malicious items detected)

     

    Registry Keys Detected: 0

    (No malicious items detected)

     

    Registry Values Detected: 0

    (No malicious items detected)

     

    Registry Data Items Detected: 0

    (No malicious items detected)

     

    Folders Detected: 0

    (No malicious items detected)

     

    Files Detected: 0

    (No malicious items detected)

     

    (end)

     

     

     

    DDS (Ver_2012-11-20.01) - NTFS_AMD64 

    Internet Explorer: 8.0.7601.17514

    Run by Jon at 8:22:52 on 2014-02-24

    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8089.6175 [GMT -5:00]

    .

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\system32\atiesrxx.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\WLANExt.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\system32\atieclxx.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

    C:\Program Files (x86)\Skype\Phone\Skype.exe

    C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

    C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe

    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Windows\system32\taskhost.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\DAODx.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\sppsvc.exe

    C:\Windows\system32\wuauclt.exe

    C:\Windows\system32\notepad.exe

    C:\Windows\system32\svchost.exe -k SDRSVC

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\System32\cscript.exe

    .

    ============== Pseudo HJT Report ===============

    .



    uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

    mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

    mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

    mRun: [KrakenLauncher] C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe /start

    uPolicies-Explorer: NoDrives = dword:0

    mPolicies-Explorer: NoDrives = dword:0

    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

    mPolicies-System: ConsentPromptBehaviorUser = dword:3

    mPolicies-System: EnableUIADesktopToggle = dword:0

    Trusted Zone: clonewarsadventures.com

    Trusted Zone: freerealms.com

    Trusted Zone: soe.com

    Trusted Zone: sony.com

    TCP: NameServer = 192.168.1.1

    TCP: Interfaces\{58614640-E129-4D9C-9C16-35F14D9A8959} : DHCPNameServer = 192.168.1.1

    TCP: Interfaces\{58614640-E129-4D9C-9C16-35F14D9A8959}\34963736F61303136373D27657563747 : DHCPNameServer = 192.168.3.1

    TCP: Interfaces\{B8441E82-C514-4F98-8863-84A08C7C1125} : DHCPNameServer = 192.168.1.1

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

    SSODL: WebCheck - <orphaned>

    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome


    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

    x64-SSODL: WebCheck - <orphaned>

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2014-1-8 82560]

    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2014-1-8 42624]

    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]

    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]

    R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]

    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-31 418376]

    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-31 701512]

    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]

    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]

    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]

    R3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\Windows\System32\drivers\AE2500w764.sys [2014-1-8 1254464]

    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-31 25928]

    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-1-8 726160]

    R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2013-11-15 39080]

    R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-11-15 149160]

    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-1-8 58536]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]

    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-8 1255736]

    .

    =============== Created Last 30 ================

    .

    2014-02-24 01:20:42 -------- d-sh--w- C:\$RECYCLE.BIN

    2014-02-24 01:12:29 98816 ----a-w- C:\Windows\sed.exe

    2014-02-24 01:12:29 256000 ----a-w- C:\Windows\PEV.exe

    2014-02-24 01:12:29 208896 ----a-w- C:\Windows\MBR.exe

    2014-02-24 01:02:32 -------- d-----w- C:\_OTL

    2014-02-22 09:36:51 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

    2014-02-22 09:36:50 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73D26B13-4963-4366-B416-4EA8280E230A}\mpengine.dll

    2014-01-31 15:23:08 -------- d-----w- C:\Users\Jon\AppData\Roaming\Malwarebytes

    2014-01-31 15:22:59 -------- d-----w- C:\ProgramData\Malwarebytes

    2014-01-31 15:22:58 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

    2014-01-31 15:22:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2014-01-31 15:22:48 -------- d-----w- C:\Users\Jon\AppData\Local\Programs

    2014-01-30 00:59:40 -------- d-----w- C:\ProgramData\AVG Security Toolbar

    .

    ==================== Find3M  ====================

    .

    2014-01-09 02:17:47 0 ----a-w- C:\Windows\ativpsrm.bin

    2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe

    2013-12-06 22:08:46 157736 ----a-w- C:\Windows\System32\amdhcp64.dll

    2013-12-06 22:08:22 142304 ----a-w- C:\Windows\SysWow64\amdhcp32.dll

    2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\atimpc64.dll

    2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\amdpcom64.dll

    2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll

    2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

    2013-12-06 22:04:10 143304 ----a-w- C:\Windows\System32\atiuxp64.dll

    2013-12-06 22:03:46 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

    2013-12-06 22:03:00 115512 ----a-w- C:\Windows\System32\atiu9p64.dll

    2013-12-06 22:02:38 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

    2013-12-06 22:01:52 1318552 ----a-w- C:\Windows\System32\aticfx64.dll

    2013-12-06 22:01:04 1100216 ----a-w- C:\Windows\SysWow64\aticfx32.dll

    2013-12-06 22:00:16 9753752 ----a-w- C:\Windows\System32\atidxx64.dll

    2013-12-06 21:59:50 8406024 ----a-w- C:\Windows\SysWow64\atidxx32.dll

    2013-12-06 21:59:00 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll

    2013-12-06 21:58:10 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll

    2013-12-06 21:57:20 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll

    2013-12-06 21:56:54 7751920 ----a-w- C:\Windows\System32\atiumd64.dll

    2013-12-06 21:52:14 13207552 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

    2013-12-06 21:49:18 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll

    2013-12-06 21:44:26 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

    2013-12-06 21:38:52 230912 ----a-w- C:\Windows\System32\clinfo.exe

    2013-12-06 21:38:40 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe

    2013-12-06 21:38:40 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe

    2013-12-06 21:38:38 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe

    2013-12-06 21:38:38 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe

    2013-12-06 21:38:34 99840 ----a-w- C:\Windows\System32\OpenVideo64.dll

    2013-12-06 21:38:28 83968 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

    2013-12-06 21:38:22 86528 ----a-w- C:\Windows\System32\OVDecode64.dll

    2013-12-06 21:38:18 73728 ----a-w- C:\Windows\SysWow64\OVDecode.dll

    2013-12-06 21:37:58 29382144 ----a-w- C:\Windows\System32\amdocl64.dll

    2013-12-06 21:35:36 24860160 ----a-w- C:\Windows\SysWow64\amdocl.dll

    2013-12-06 21:33:28 63488 ----a-w- C:\Windows\System32\OpenCL.dll

    2013-12-06 21:33:24 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll

    2013-12-06 21:26:44 129536 ----a-w- C:\Windows\System32\coinst_13.251.dll

    2013-12-06 21:16:40 26352128 ----a-w- C:\Windows\System32\atio6axx.dll

    2013-12-06 21:13:02 368640 ----a-w- C:\Windows\System32\atiapfxx.exe

    2013-12-06 21:12:52 62464 ----a-w- C:\Windows\System32\aticalrt64.dll

    2013-12-06 21:12:50 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll

    2013-12-06 21:12:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll

    2013-12-06 21:12:40 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll

    2013-12-06 21:12:26 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll

    2013-12-06 21:09:18 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll

    2013-12-06 20:58:50 22157824 ----a-w- C:\Windows\SysWow64\atioglxx.dll

    2013-12-06 20:53:18 442368 ----a-w- C:\Windows\System32\atidemgy.dll

    2013-12-06 20:53:10 31232 ----a-w- C:\Windows\System32\atimuixx.dll

    2013-12-06 20:53:04 588288 ----a-w- C:\Windows\System32\atieclxx.exe

    2013-12-06 20:52:10 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

    2013-12-06 20:50:36 190976 ----a-w- C:\Windows\System32\atitmm64.dll

    2013-12-06 20:22:54 96256 ----a-w- C:\Windows\System32\amdave64.dll

    2013-12-06 20:22:48 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll

    2013-12-06 20:22:42 1144320 ----a-w- C:\Windows\System32\atiadlxx.dll

    2013-12-06 20:22:38 89088 ----a-w- C:\Windows\System32\atisamu64.dll

    2013-12-06 20:22:34 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll

    2013-12-06 20:22:28 825344 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

    2013-12-06 20:22:12 74752 ----a-w- C:\Windows\System32\atig6pxx.dll

    2013-12-06 20:22:08 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

    2013-12-06 20:22:08 69632 ----a-w- C:\Windows\System32\atiglpxx.dll

    2013-12-06 20:22:04 100352 ----a-w- C:\Windows\System32\atig6txx.dll

    2013-12-06 20:21:54 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

    2013-12-06 20:21:44 626176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

    2013-12-06 20:18:12 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

    .

    ============= FINISH:  8:23:01.14 ===============

     

    Attach.txt

     

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows 7 Home Premium 

    Boot Device: \Device\HarddiskVolume1

    Install Date: 1/8/2014 7:51:01 PM

    System Uptime: 2/24/2014 8:15:45 AM (0 hours ago)

    .

    Motherboard: ASUSTeK COMPUTER INC. |  | M5A97 R2.0

    Processor: AMD FX-6300 Six-Core Processor              | Socket 942 | 3500/200mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 112 GiB total, 74.597 GiB free.

    D: is FIXED (NTFS) - 932 GiB total, 850.282 GiB free.

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP43: 2/9/2014 7:00:06 PM - Windows Backup

    RP44: 2/16/2014 7:00:06 PM - Windows Backup

    RP53: 2/21/2014 8:13:06 PM - Windows Modules Installer

    RP54: 2/21/2014 8:15:15 PM - Windows Modules Installer

    RP96: 2/23/2014 1:15:41 AM - Windows Update

    RP97: 2/23/2014 7:00:05 PM - Windows Backup

    RP98: 2/23/2014 7:54:35 PM - OTL Restore Point - 2/23/2014 7:54:34 PM

    .

    ==== Installed Programs ======================

    .

    AMD Accelerated Video Transcoding

    AMD APP SDK Runtime

    AMD Catalyst Control Center

    AMD Catalyst Install Manager

    AMD Drag and Drop Transcoding

    AMD Fuel

    AMD Media Foundation Decoders

    AMD Wireless Display v3.0

    Asmedia ASM104x USB 3.0 Host Controller Driver

    Catalyst Control Center - Branding

    Catalyst Control Center Graphics Previews Common

    Catalyst Control Center InstallProxy

    Catalyst Control Center Localization All

    ccc-utility64

    CCC Help Chinese Standard

    CCC Help Chinese Traditional

    CCC Help Czech

    CCC Help Danish

    CCC Help Dutch

    CCC Help English

    CCC Help Finnish

    CCC Help French

    CCC Help German

    CCC Help Greek

    CCC Help Hungarian

    CCC Help Italian

    CCC Help Japanese

    CCC Help Korean

    CCC Help Norwegian

    CCC Help Polish

    CCC Help Portuguese

    CCC Help Russian

    CCC Help Spanish

    CCC Help Swedish

    CCC Help Thai

    CCC Help Turkish

    Google Chrome

    Google Update Helper

    League of Legends

    Malwarebytes Anti-Malware version 1.75.0.1300

    Microsoft .NET Framework 4.5

    Microsoft Silverlight

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2005 Redistributable (x64)

    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

    Pando Media Booster

    PlanetSide 2

    Razer Synapse 2.0

    Realtek Ethernet Controller Driver

    Realtek High Definition Audio Driver

    Security Update for Microsoft .NET Framework 4.5 (KB2737083)

    Security Update for Microsoft .NET Framework 4.5 (KB2742613)

    Security Update for Microsoft .NET Framework 4.5 (KB2789648)

    Security Update for Microsoft .NET Framework 4.5 (KB2833957)

    Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)

    Security Update for Microsoft .NET Framework 4.5 (KB2861208)

    Security Update for Microsoft .NET Framework 4.5 (KB2898864)

    Skype™ 6.11

    Soldier Front 2

    Steam

    Visual Studio 2012 x64 Redistributables

    Visual Studio 2012 x86 Redistributables

    .

    ==== Event Viewer Messages From Past Week ========

    .

    2/24/2014 8:15:53 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom

    2/24/2014 12:32:02 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:  A system shutdown has already been scheduled.

    2/24/2014 12:32:02 AM, Error: Service Control Manager [7031]  - The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

    2/24/2014 12:32:02 AM, Error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

    2/24/2014 12:30:58 AM, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The WMI request could not be completed and should be retried.

    2/24/2014 12:29:25 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error:  A system shutdown has already been scheduled.

    2/24/2014 12:29:25 AM, Error: Service Control Manager [7031]  - The Power service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

    2/23/2014 8:48:30 PM, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147467243

    2/23/2014 8:48:29 PM, Error: Service Control Manager [7024]  - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147467243.

    2/23/2014 8:48:29 PM, Error: Microsoft-Windows-Bits-Client [16392]  - The BITS service failed to start.  Error 0x80004015.

    2/23/2014 8:48:28 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

    2/23/2014 8:48:28 PM, Error: Service Control Manager [7000]  - The Software Protection service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

    2/23/2014 8:15:39 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

    2/23/2014 8:15:23 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    2/23/2014 8:02:32 PM, Error: Service Control Manager [7034]  - The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

    2/23/2014 12:51:30 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

    2/23/2014 12:51:30 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

    2/23/2014 12:51:29 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

    2/23/2014 12:51:29 AM, Error: Service Control Manager [7000]  - The Windows Font Cache Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

    2/23/2014 11:53:15 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:  A system shutdown has already been scheduled.

    2/23/2014 1:16:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070216: Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2900986).

    2/22/2014 9:51:01 AM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.

    2/22/2014 9:37:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2757638).

    2/22/2014 9:37:43 AM, Error: volsnap [67]  - The shadow copy of volume C: being created failed to install.

    2/22/2014 9:17:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2862335).

    2/22/2014 8:57:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2509553).

    2/22/2014 8:37:34 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2758857).

    2/22/2014 8:17:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2770660).

    2/22/2014 7:57:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2845187).

    2/22/2014 7:37:23 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070216: Security Update for Windows 7 for x64-based Systems (KB2862973).

    2/22/2014 7:17:20 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2785220).

    2/22/2014 6:57:16 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115).

    2/22/2014 6:37:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2536275).

    2/22/2014 6:17:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2861855).

    2/22/2014 5:57:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2579686).

    2/22/2014 5:37:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2685939).

    2/22/2014 5:16:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452).

    2/22/2014 4:56:55 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599).

    2/22/2014 4:36:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2690533).

    2/22/2014 4:16:42 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2743555).

    2/22/2014 3:56:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2863240).

    2/22/2014 3:36:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2706045).

    2/22/2014 3:16:33 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2727528).

    2/22/2014 2:56:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Update for Windows 7 for x64-based Systems (KB2506014).

    2/22/2014 2:36:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Update for Windows 7 for x64-based Systems (KB2868116).

    2/22/2014 2:16:22 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2861698).

    2/22/2014 12:56:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2532531).

    2/22/2014 12:36:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2835364).

    2/22/2014 12:16:03 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070216: Security Update for Windows 7 for x64-based Systems (KB2653956).

    2/22/2014 10:28:06 PM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The pipe has been ended.

    2/22/2014 1:56:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2839894).

    2/22/2014 1:36:16 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2876331).

    2/22/2014 1:16:13 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Update for Windows 7 for x64-based Systems (KB2786081).

    2/21/2014 9:55:40 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2813430).

    2/21/2014 9:35:36 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2855844).

    2/21/2014 9:15:33 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2892074).

    2/21/2014 8:55:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2712808).

    2/21/2014 8:35:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2511455).

    2/21/2014 8:15:22 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2564958).

    2/21/2014 8:15:15 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2619339).

    2/21/2014 8:11:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2876284).

    2/21/2014 7:51:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2832414).

    2/21/2014 7:31:39 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2834886).

    2/21/2014 7:11:36 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2698365).

    2/21/2014 6:51:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2736422).

    2/21/2014 6:31:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2862152).

    2/21/2014 6:11:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2584146).

    2/21/2014 11:56:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2861191).

    2/21/2014 11:35:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2868623).

    2/21/2014 11:15:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2705219).

    2/21/2014 10:55:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2491683).

    2/21/2014 10:35:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2544893).

    2/21/2014 10:15:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB2654428).

    .

    ==== End Of File ===========================

     

     

    RogueKiller V8.8.9 _x64_ [Feb 24 2014] by Tigzy

    mail : tigzyRK<at>gmail<dot>com




     

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : Jon [Admin rights]

    Mode : Scan -- Date : 02/24/2014 08:28:38

    | ARK || FAK || MBR |

     

    ¤¤¤ Bad processes : 1 ¤¤¤

    [sUSP PATH] DAODx.exe -- C:\Windows\DAODx.exe [-] -> KILLED [TermProc]

     

    ¤¤¤ Registry Entries : 4 ¤¤¤

    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

     

    ¤¤¤ Scheduled tasks : 1 ¤¤¤

    [V2][sUSP PATH] RunDAOD : C:\Windows\DAODx.exe [-] -> FOUND

     

    ¤¤¤ Startup Entries : 0 ¤¤¤

     

    ¤¤¤ Web browsers : 0 ¤¤¤

     

    ¤¤¤ Browser Addons : 0 ¤¤¤

     

    ¤¤¤ Particular Files / Folders: ¤¤¤

    [Root.Zekos][File] rpcss.dll : C:\Windows\System32\rpcss.dll [-] --> FOUND

     

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

     

    ¤¤¤ External Hives: ¤¤¤

     

    ¤¤¤ Infection : Root.Zekos ¤¤¤

     

    ¤¤¤ HOSTS File: ¤¤¤

    --> %SystemRoot%\System32\drivers\etc\hosts

     

     

    127.0.0.1       localhost

     

     

    ¤¤¤ MBR Check: ¤¤¤

     

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) KINGSTON  SV300S37A120G SATA Disk Device +++++

    --- User ---

    [MBR] 101e0e3ad15f176c8864e9e44fa6fe78

    [bSP] 1a1d727b8a796a38cde720e73ba6ed22 : Windows 7/8 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

     

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD10 EZEX-00BN5A0 SATA Disk Device +++++

    --- User ---

    [MBR] 9cb1bced71435c7adcfa9f6c7ce45a2c

    [bSP] e56c48ed33e35c88510777fd9a8207b4 : Windows 7/8 MBR Code

    Partition table:

    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

     

    Finished : << RKreport[0]_S_02242014_082838.txt >>

    DCOM/Plug and Play/Power service failure

    in Resolved Malware Removal Logs

    Posted

    Hey, my computer keeps randomly restarting after a pop-up that says "Windows must now restart because of a DCOM server failure" or "Windows must now restart because Plug and Play has failed unexpectedly" ect.  I've seen solutions to this on a couple sites and I tried one but it seems they're all personalized, including the one on this site.  So if anyone could help me out, I'd greatly appreciate it.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.