Jump to content

win 7 rogue ads undetectable to all scans

monikernc
 Share

Recommended Posts

monikernc

monikernc

Posted
Posted

rogue ads playing on win7 laptop - have run malware bytes, spybot s&d, kaspersky tdsskill, zone alarm scans, ad aware, superantispyware.... can't run windows updates. slow. ads do not need an internet connection to play. scans came up fairly clean but did detect some items that were cleaned or quarantined.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

:welcome:

 

 

 

Add both of these to FireFox.

AdBlock and NoScript
https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

AdBlock for IE and Chrome

IE:
https://adblockplus.org/releases/adblock-plus-10-for-internet-explorer-released

Chrome:
https://adblockplus.org/category/adblock-plus-chrome/

 

 

Next:

 

 Lets collect additional information off the system to see if we can spot the issue.
    
    Please download DDS from the link below and save it to your desktop:
    Note: Be sure to select Save as Type > All Types
    
    Download one of the DDS tools from the location below and save to your Desktop
dds.scr - http://download.bleepingcomputer.com/sUBs/dds.scr
dds.com - http://download.bleepingcomputer.com/sUBs/dds.com
 
Double click dds.scr to run the tool.
 
It will automatically run; all you will see is a small message saying DDS is running in silent mode, then a message saying 2 logs shall be created on your Desktop.  
 
When done, DDS will have saved 2 logs to your desktop:
 1. DDS.txt
 2. Attach.txt Please attach both logs in your next reply.

 

Link to post
Share on other sites
monikernc

monikernc

Posted
  • Author
Posted

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by monikernc at 11:46:14 on 2014-01-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3885.1550 [GMT -5:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank

mWinlogon: Userinit = userinit.exe,
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll
mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\MONIKE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0A6B727D-0B1C-4C17-BED1-BEA2CBABEB95} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D3688B9B-860C-4BC3-9F90-6169F596323A}\078696C63702E6564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D3688B9B-860C-4BC3-9F90-6169F596323A}\163757 : DHCPNameServer = 152.10.2.222 152.10.2.223
TCP: Interfaces\{D3688B9B-860C-4BC3-9F90-6169F596323A}\65562796A7F6E602D494649443531303C4022453136302355636572756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D3688B9B-860C-4BC3-9F90-6169F596323A}\D45676 : DHCPNameServer = 192.168.0.1 205.171.3.25
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe"
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\monikernc\AppData\Roaming\Mozilla\Firefox\Profiles\mu7f33uw.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2014-01-01 12:54; ffxtlbr@zonealarm.com; C:\Users\monikernc\AppData\Roaming\Mozilla\Firefox\Profiles\mu7f33uw.default\extensions\ffxtlbr@zonealarm.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.hpOld0 - www.google.com

FF - user.js: extensions.zonealarm.id - c03fb7bb0000000000000023156b94cd
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16071
FF - user.js: extensions.zonealarm.vrsn - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsni - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.22.011:31:04
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1520
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - goughDev3
FF - user.js: extensions.zonealarm.instlRef - ZLN121259751742603-1520
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true

FF - user.js: extensions.zonealarm.newTab - true

.
============= SERVICES / DRIVERS ===============
.
R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\System32\drivers\nm3.sys [2010-6-9 46392]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-10-13 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe [2013-12-11 513736]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-21 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-21 701512]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-6 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-13 2314240]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-4-13 135560]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-13 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-2 271872]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-4-3 25928]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-1-1 1042272]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-6-18 54160]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-13 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-1-1 3921880]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-1-1 171416]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-8-16 15712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-30 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-30 1255736]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2012-6-25 29288]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2012-6-25 29288]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2012-6-25 29288]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2012-6-25 29288]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2012-6-25 29288]
.
=============== Created Last 30 ================
.
2014-01-02 04:42:59    59392    ----a-w-    C:\Windows\System32\drivers\TsUsbFlt.sys.bak
2014-01-02 04:41:59    60416    ----a-w-    C:\Windows\System32\drivers\processr.sys.bak
2014-01-02 04:40:59    273792    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys.bak
2014-01-02 04:39:59    410496    ----a-w-    C:\Windows\System32\drivers\iaStorV.sys.bak
2014-01-02 04:37:02    43584    ----a-w-    C:\Windows\System32\drivers\sisraid2.sys.bak
2014-01-02 04:36:57    171392    ----a-w-    C:\Windows\System32\drivers\scsiport.sys.bak
2014-01-02 04:36:31    35328    ----a-w-    C:\Windows\System32\drivers\ndiscap.sys.bak
2014-01-02 04:36:29    15360    ----a-w-    C:\Windows\System32\drivers\MTConfig.sys.bak
2014-01-02 04:36:28    32320    ----a-w-    C:\Windows\System32\drivers\mssmbios.sys.bak
2014-01-02 04:36:27    6784    ----a-w-    C:\Windows\System32\drivers\mspqm.sys.bak
2014-01-02 04:36:21    106560    ----a-w-    C:\Windows\System32\drivers\lsi_sas.sys.bak
2014-01-02 04:36:17    44112    ----a-w-    C:\Windows\System32\drivers\iirsp.sys.bak
2014-01-02 04:36:15    78720    ----a-w-    C:\Windows\System32\drivers\HpSAMD.sys.bak
2014-01-02 04:36:02    38912    ----a-w-    C:\Windows\System32\drivers\CompositeBus.sys.bak
2014-01-02 04:35:56    14976    ----a-w-    C:\Windows\System32\drivers\BrUsbMdm.sys.bak
2014-01-02 04:35:54    27008    ----a-w-    C:\Windows\System32\drivers\amdxata.sys.bak
2014-01-02 04:34:05    29288    ----a-w-    C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys.bak
2014-01-02 04:34:05    29288    ----a-w-    C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys.bak
2014-01-02 04:34:00    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys.bak
2014-01-02 04:33:57    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys.bak
2014-01-02 04:33:51    24656    ----a-w-    C:\Windows\System32\drivers\stexstor.sys.bak
2014-01-02 04:33:10    182864    ----a-w-    C:\Windows\System32\drivers\adpu320.sys.bak
2014-01-02 03:50:44    --------    d-----w-    C:\TDSSKiller_Quarantine
2014-01-02 03:35:25    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{18F046B3-8263-4650-8E60-35E589276202}\offreg.dll
2014-01-02 00:05:51    --------    d-----w-    C:\Users\monikernc\AppData\Roaming\LavasoftStatistics
2014-01-01 23:13:59    --------    d-----w-    C:\Program Files\Lavasoft
2014-01-01 23:13:06    --------    d-----w-    C:\Program Files\Common Files\Lavasoft
2014-01-01 21:55:45    --------    d-----w-    C:\Users\monikernc\AppData\Local\ElevatedDiagnostics
2014-01-01 18:54:28    21040    ----a-w-    C:\Windows\System32\sdnclean64.exe
2014-01-01 18:54:23    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-01 18:44:27    --------    d-----w-    C:\SUPERDelete
2014-01-01 18:34:51    8802128    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-01-01 18:34:45    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{18F046B3-8263-4650-8E60-35E589276202}\mpengine.dll
2014-01-01 17:58:32    --------    d-----w-    C:\Windows\System32\MRT
2014-01-01 16:40:44    --------    d-----w-    C:\Users\monikernc\AppData\Local\DoNotTrackPlus
2014-01-01 16:37:24    458584    ----a-w-    C:\Windows\System32\drivers\kl1.sys
2014-01-01 16:37:14    89944    ----a-w-    C:\Windows\System32\drivers\klflt.sys
2014-01-01 16:31:04    --------    d-----w-    C:\Program Files (x86)\Check Point Software Technologies LTD
2014-01-01 16:30:55    --------    d-----w-    C:\Program Files (x86)\CheckPoint
2014-01-01 16:30:15    --------    d-----w-    C:\ProgramData\CheckPoint
2013-12-22 21:19:08    --------    d-----w-    C:\Users\monikernc\AppData\Local\MFAData
.
==================== Find3M  ====================
.
2014-01-01 17:01:56    15712    ----a-w-    C:\Windows\System32\drivers\SWDUMon.sys
2013-11-26 17:25:52    267936    ------w-    C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 11:48:51.70 ===============
 

 

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/27/2011 7:29:26 AM
System Uptime: 1/2/2014 11:29:21 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc.         |  | U52F
Processor: Intel® Core i5 CPU       M 460  @ 2.53GHz | Socket 989 | 2534/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 577 GiB total, 453.409 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP111: 6/14/2013 4:06:37 PM - Scheduled Checkpoint
RP112: 6/18/2013 6:48:54 PM - Installed Java 7 Update 25 (64-bit)
RP113: 6/28/2013 9:19:13 AM - Scheduled Checkpoint
RP114: 7/12/2013 1:57:03 PM - Scheduled Checkpoint
RP115: 7/21/2013 7:41:47 PM - Scheduled Checkpoint
RP116: 7/24/2013 4:38:56 PM - Installed Microsoft PowerPoint Viewer
RP117: 8/3/2013 11:22:09 AM - Installed Microsoft Office Word Viewer 2003
RP118: 8/3/2013 11:34:02 AM - Installed Compatibility Pack for the 2007 Office system
RP119: 8/13/2013 2:41:17 PM - Scheduled Checkpoint
RP120: 8/16/2013 11:11:38 AM - Installed Microsoft Office Excel Viewer
RP121: 8/23/2013 7:22:10 PM - Scheduled Checkpoint
RP122: 8/31/2013 7:27:48 PM - Scheduled Checkpoint
RP123: 9/8/2013 1:40:51 PM - Scheduled Checkpoint
RP124: 9/21/2013 4:05:25 PM - Scheduled Checkpoint
RP125: 9/28/2013 5:24:53 PM - Scheduled Checkpoint
RP126: 10/6/2013 5:21:05 PM - Scheduled Checkpoint
RP127: 10/13/2013 8:49:38 PM - Scheduled Checkpoint
RP128: 10/24/2013 9:49:18 PM - Scheduled Checkpoint
RP129: 11/3/2013 10:30:57 AM - Scheduled Checkpoint
RP130: 12/22/2013 4:21:19 PM - Installed AVG 2014
RP131: 12/22/2013 4:23:05 PM - Installed AVG 2014
RP132: 1/1/2014 11:42:39 AM - Removed AVG 2014
RP133: 1/1/2014 11:45:47 AM - Removed AVG 2014
RP134: 1/1/2014 12:17:07 PM - Removed 7-Zip 9.20 (x64 edition)
RP135: 1/1/2014 12:21:40 PM - Removed inSSIDer
RP136: 1/1/2014 12:23:51 PM - Removed DriverUpdate
RP137: 1/1/2014 12:27:05 PM - Configured LabelPrint
RP138: 1/1/2014 12:56:21 PM - Windows Update
RP139: 1/1/2014 6:12:08 PM - AA11
RP140: 1/1/2014 10:23:16 PM - Removed Skype™ 6.11
RP141: 1/1/2014 10:25:47 PM - Removed Skype Click to Call
RP142: 1/2/2014 9:42:15 AM - Windows Update
RP143: 1/2/2014 10:09:32 AM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Ad-Aware Antivirus
AdAwareInstaller
AdAwareUpdater
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Alcor Micro USB Card Reader
Amazon Unbox Video
AntimalwareEngine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS AI Recovery
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS_Screensaver
ATK Package
Audacity 2.0.2
Best Buy pc app
Bonjour
CCleaner
Choice Guard
Compatibility Pack for the 2007 Office system
ControlDeck
CyberLink Power2Go
ETDWare PS/2-x64 7.0.5.11_WHQL
Express Gate
Fast Boot
Gephi 0.8.1
Google Earth
Google Update Helper
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HP Update
I.R.I.S. OCR
Intel PROSet Wireless
Intel WiMAX Tutorial
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® PROSet/Wireless WiFi Software
Intel® Turbo Boost Technology Monitor
Intel® Wireless Display
Intel® PROSet/Wireless WiMAX Software
iTunes
Java 7 Update 25 (64-bit)
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Network Monitor 3.4
Microsoft Network Monitor: NetworkMonitor Parsers 3.4
Microsoft Office 2010
Microsoft Office Excel Viewer
Microsoft Office Word Viewer 2003
Microsoft PowerPoint Viewer
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
NetLogo 5.0.2
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.4.1
QuickTime
R for Windows 2.15.1
Realtek High Definition Audio Driver
RStudio
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Spybot - Search & Destroy
SRS Premium Sound Control Panel
SUPERAntiSpyware
USB 2.0 VGA UVC WebCam
VideoLAN VLC media player 0.8.6f
Visual Studio 2008 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinFlash
Wireless Console 3
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Antivirus + Firewall
ZoneAlarm Security
ZoneAlarm Security Toolbar
.
==== Event Viewer Messages From Past Week ========
.
1/2/2014 9:58:43 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet/Wireless Event Log service to connect.
1/2/2014 9:58:43 AM, Error: Service Control Manager [7000]  - The Intel® PROSet/Wireless Event Log service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/2/2014 9:57:20 AM, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The WMI request could not be completed and should be retried.
1/2/2014 9:52:49 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:  A system shutdown has already been scheduled.
1/2/2014 9:52:20 AM, Error: Service Control Manager [7031]  - The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/2/2014 9:52:20 AM, Error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/2/2014 9:49:14 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070216: Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2900986).
1/2/2014 9:29:08 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
1/2/2014 12:50:26 AM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
1/2/2014 12:50:26 AM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
1/2/2014 12:23:52 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
1/2/2014 11:30:36 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the ZoneAlarm Privacy Service service to connect.
1/2/2014 11:30:36 AM, Error: Service Control Manager [7000]  - The ZoneAlarm Privacy Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/2/2014 10:12:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7 for x64-based Systems.
1/1/2014 7:18:33 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 87
1/1/2014 4:46:20 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
1/1/2014 4:24:14 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
1/1/2014 4:24:14 PM, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Scanner Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/1/2014 12:58:19 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 3 for x64-based Systems (KB2758694).
1/1/2014 12:41:28 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003]  - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll
1/1/2014 12:41:18 PM, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147467243
1/1/2014 12:40:45 PM, Error: Service Control Manager [7023]  - The Function Discovery Provider Host service terminated with the following error:  %%-2147467243
1/1/2014 12:40:45 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  %%-2147467243
1/1/2014 12:40:22 PM, Error: Service Control Manager [7023]  - The Windows Media Player Network Sharing Service service terminated with the following error:  The parameter is incorrect.
1/1/2014 12:40:22 PM, Error: Microsoft-Windows-WMPNSS-Service [14317]  - Service 'WMPNetworkSvc' was not initialized because CoInitializeSecurity encountered error 87. Restart your computer, and then try to restart the service.
1/1/2014 12:40:01 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:  A system shutdown has already been scheduled.
1/1/2014 11:38:14 AM, Error: Service Control Manager [7030]  - The TrueVector Internet Monitor service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
1/1/2014 10:55:05 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
1/1/2014 10:55:05 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/1/2014 10:55:05 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/1/2014 10:55:05 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/1/2014 10:55:02 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/1/2014 10:55:01 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/1/2014 10:54:55 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/1/2014 10:54:42 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache KLIF NetBIOS NetBT nm3 nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Vsdatant vwififlt Wanarpv6 WfpLwf
1/1/2014 10:54:36 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/1/2014 10:54:36 PM, Error: Service Control Manager [7001]  - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/1/2014 10:54:36 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
1/1/2014 10:54:36 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
1/1/2014 10:54:36 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
1/1/2014 10:54:36 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
1/1/2014 10:54:36 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
1/1/2014 10:54:36 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/1/2014 10:54:36 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/1/2014 10:54:36 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
1/1/2014 10:35:34 PM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================
 

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

First issue are these.

AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}

AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}

FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

I'll assume you don't want Ad-Aware so uninstall the AV and FW.

If using Windows add / remove doesn't work use this:

Download Revo Uninstaller Freeware and save it to your Desktop.

http://www.revouninstaller.com/start_freeware_download.html

•Install the program.

•Run the program and type in the search box " Ad-Aware ". Allow it to pull up results.

•Select any Ad-Aware product and uninstall them by turn. (Select the product and click on the Uninstall button).

Next:

Let's try the following program which will help us figure out more of what's going on with your computer and go from there.

Combofix will scan the computer for various types of threats.

Vista and Windows 7 / 8 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from this link

Click the link and select Save.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

IMPORTANT !!! Save ComboFix.exe to your Desktop

Note: Be sure to select Save as Type > All Types

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216

Double click on ComboFix.exe & follow the prompts.

Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

Note: If you have XP SP3, use the XP SP2 package.

Vista, Windows 7 or 8, skip the Recovery Console part

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Click on Yes, to continue scanning for malware.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

When the tool is finished, it will produce a report for you.

Please attach the C:\ComboFix.txt log on your next reply so that we can continue checking and cleaning the system.

Please save using the default Notepad format,

DO NOT USE WORD or any other office type of software.

DO NOT COPY & PASTE the log, send it as an attachment.

Reply to THIS ticket, DO NOT create a new one.

**Also please describe how your computer behaves at the moment.**

Link to post
Share on other sites
monikernc

monikernc

Posted
  • Author
Posted

sorry. i didn't read instructions. here are the dds and attach files as attachments. i am now getting a zonealarm alert that pev.dat is trying to communicate with svchost.exe by opening its process. i don't know whether to allow or deny and there there is no additional information available in the alert. i am suspicious of everything. still trying to run windows update and it continues to fail.

additional info: yesterday it appeared that my admin priviledges had been tampered with. couldn't adjust power settings. when i attempted new admin profile i got registry errors. those issues seem to have been resolved with the scans and cleanups run from any one of the many tools i used to attempt a cleanup yesterday. i could not start in safe mode with networking either - have not attempted that since. safe mode works without networking. ran kapersky from there and it found things it didn't find in normal mode.

 

the ads seem to run in twenty minutes (give or take) intervals - starts twenty mins after running for twenty mins. same ads over and over. don't need internet access to run.

 

i use this machine for schoolwork and school email. not a lot of surfing since last spring. was running avg but i uninstalled yesterday and installed zone labs zone alarm free edition.

 

i am going to deny the pev.dat request to communicate with svchost.exe for now

attach.txt

dds.txt

Link to post
Share on other sites
monikernc

monikernc

Posted
  • Author
Posted

fingers crossed but i think i got it using malwarebytes beta rootkit killer. i have heard no ads since it id'd the offending dll and replaced it with a backup. i have also been able to run windows update. i will repost to confirm or request additional assistance in morning. thanks.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to.

mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)

system-log.txt

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Great job,

After this you should be good to go.

We need to uninstall Combofix to totally remove what it found.

This will cause combofix to run again just enough to uninstall itself.

1.Click Start.

2.In the Start Search box, type **ComboFix /Uninstall** and click OK. Note the space between the X and the / it needs to be there.

Let me know how it's running now

Link to post
Share on other sites
monikernc

monikernc

Posted
  • Author
Posted

I just saw your post and will run the Combofix uninstall today. I reran Kaspersky tssdkill tool yesterday and it is showing quarantined items related to the trojan.patched. Do you know how to uninstall that or clear its quarantine safely. Malwarebytes also has some quarantined items - do I have to uninstall to clear those out too?

I still see some orphan processes in task manager that I suspect are related to this devil - any suggestions for a more thorough cleaning? I am no longer seeing/hearing bad behaviors but want to be sure this bad boy is really gone. Thanks.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Just open MBAM > open Quarantine and select delete.

 

The default quarantine folder is in the system disk root folder, e.g.:
C:\TDSSKiller_Quarantine  <--Delete the folder.

 

As for the ones you're seeing in Taskmanager > Right Click on them and get the properties (path of file), end the task for it and go to where it's located and delete it.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.