monikernc Posted January 2, 2014 ID:772083 Share Posted January 2, 2014 rogue ads playing on win7 laptop - have run malware bytes, spybot s&d, kaspersky tdsskill, zone alarm scans, ad aware, superantispyware.... can't run windows updates. slow. ads do not need an internet connection to play. scans came up fairly clean but did detect some items that were cleaned or quarantined. Link to post Share on other sites More sharing options...
LDTate Posted January 2, 2014 ID:772142 Share Posted January 2, 2014 Add both of these to FireFox.AdBlock and NoScripthttps://addons.mozilla.org/en-US/firefox/addon/adblock-plus/AdBlock for IE and ChromeIE:https://adblockplus.org/releases/adblock-plus-10-for-internet-explorer-releasedChrome:https://adblockplus.org/category/adblock-plus-chrome/ Next: Lets collect additional information off the system to see if we can spot the issue. Please download DDS from the link below and save it to your desktop: Note: Be sure to select Save as Type > All Types Download one of the DDS tools from the location below and save to your Desktopdds.scr - http://download.bleepingcomputer.com/sUBs/dds.scrdds.com - http://download.bleepingcomputer.com/sUBs/dds.com Double click dds.scr to run the tool. It will automatically run; all you will see is a small message saying DDS is running in silent mode, then a message saying 2 logs shall be created on your Desktop. When done, DDS will have saved 2 logs to your desktop: 1. DDS.txt 2. Attach.txt Please attach both logs in your next reply. Link to post Share on other sites More sharing options...
monikernc Posted January 2, 2014 Author ID:772144 Share Posted January 2, 2014 DDS.txtDDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 8.0.7601.17514Run by monikernc at 11:46:14 on 2014-01-02Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3885.1550 [GMT -5:00].AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exeC:\Windows\system32\WLANExt.exeC:\Windows\system32\FBAgent.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exeC:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Intel\WiMAX\Bin\AppSrv.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Intel\WiMAX\Bin\DMAgent.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exeC:\Program Files (x86)\ASUS\Splendid\ACMON.exeC:\Program Files\P4G\BatteryLife.exeC:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exeC:\Windows\AsScrPro.exeC:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Elantech\ETDCtrl.exeC:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exeC:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exeC:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exeC:\Windows\System32\igfxtray.exeC:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Elantech\ETDCtrlHelper.exeC:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exeC:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exeC:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exeC:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\SysWOW64\ACEngSvr.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Program Files\iPod\bin\iPodService.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankmWinlogon: Userinit = userinit.exe,BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dllBHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllBHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dllTB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dllmRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exemRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exemRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exemRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exemRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"StartupFolder: C:\Users\MONIKE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exeuPolicies-Explorer: NoDriveAutoRun = dword:0mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{0A6B727D-0B1C-4C17-BED1-BEA2CBABEB95} : DHCPNameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{D3688B9B-860C-4BC3-9F90-6169F596323A}\078696C63702E6564777F627B6 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{D3688B9B-860C-4BC3-9F90-6169F596323A}\163757 : DHCPNameServer = 152.10.2.222 152.10.2.223TCP: Interfaces\{D3688B9B-860C-4BC3-9F90-6169F596323A}\65562796A7F6E602D494649443531303C4022453136302355636572756 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{D3688B9B-860C-4BC3-9F90-6169F596323A}\D45676 : DHCPNameServer = 192.168.0.1 205.171.3.25Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>Notify: SDWinLogon - SDWinLogon.dllSSODL: WebCheck - <orphaned>x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exex64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exex64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Trayx64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplashx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe"x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\monikernc\AppData\Roaming\Mozilla\Firefox\Profiles\mu7f33uw.default\FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dllFF - plugin: C:\Windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2014-01-01 12:54; ffxtlbr@zonealarm.com; C:\Users\monikernc\AppData\Roaming\Mozilla\Firefox\Profiles\mu7f33uw.default\extensions\ffxtlbr@zonealarm.com.---- FIREFOX POLICIES ----FF - user.js: extensions.zonealarm.hpOld0 - www.google.comFF - user.js: extensions.zonealarm.id - c03fb7bb0000000000000023156b94cdFF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}FF - user.js: extensions.zonealarm.instlDay - 16071FF - user.js: extensions.zonealarm.vrsn - 1.8.22.0FF - user.js: extensions.zonealarm.vrsni - 1.8.22.0FF - user.js: extensions.zonealarm.vrsnTs - 1.8.22.011:31:04FF - user.js: extensions.zonealarm.prtnrId - checkpointFF - user.js: extensions.zonealarm.prdct - zonealarmFF - user.js: extensions.zonealarm.aflt - 1520FF - user.js: extensions.zonealarm.smplGrp - noneFF - user.js: extensions.zonealarm.tlbrId - goughDev3FF - user.js: extensions.zonealarm.instlRef - ZLN121259751742603-1520FF - user.js: extensions.zonealarm.dfltLng - enFF - user.js: extensions.zonealarm.excTlbr - falseFF - user.js: extensions.zonealarm.ffxUnstlRst - falseFF - user.js: extensions.zonealarm.admin - falseFF - user.js: extensions.zonealarm.autoRvrt - falseFF - user.js: extensions.zonealarm.rvrt - trueFF - user.js: extensions.zonealarm.hmpg - trueFF - user.js: extensions.zonealarm.newTab - true.============= SERVICES / DRIVERS ===============.R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\System32\drivers\nm3.sys [2010-6-9 46392]R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-10-13 379520]R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe [2013-12-11 513736]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-21 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-21 701512]R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-6 13784]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-13 2314240]R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-4-13 135560]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-13 56344]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-2 271872]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-4-3 25928]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]R3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-1-1 1042272]R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-6-18 39832]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-6-18 54160]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-13 61792]S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-1-1 3921880]S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-1-1 171416]S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-8-16 15712]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-30 59392]S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-30 1255736]S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2012-6-25 29288]S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2012-6-25 29288]S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2012-6-25 29288]S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2012-6-25 29288]S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2012-6-25 29288].=============== Created Last 30 ================.2014-01-02 04:42:59 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys.bak2014-01-02 04:41:59 60416 ----a-w- C:\Windows\System32\drivers\processr.sys.bak2014-01-02 04:40:59 273792 ----a-w- C:\Windows\System32\drivers\msiscsi.sys.bak2014-01-02 04:39:59 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys.bak2014-01-02 04:37:02 43584 ----a-w- C:\Windows\System32\drivers\sisraid2.sys.bak2014-01-02 04:36:57 171392 ----a-w- C:\Windows\System32\drivers\scsiport.sys.bak2014-01-02 04:36:31 35328 ----a-w- C:\Windows\System32\drivers\ndiscap.sys.bak2014-01-02 04:36:29 15360 ----a-w- C:\Windows\System32\drivers\MTConfig.sys.bak2014-01-02 04:36:28 32320 ----a-w- C:\Windows\System32\drivers\mssmbios.sys.bak2014-01-02 04:36:27 6784 ----a-w- C:\Windows\System32\drivers\mspqm.sys.bak2014-01-02 04:36:21 106560 ----a-w- C:\Windows\System32\drivers\lsi_sas.sys.bak2014-01-02 04:36:17 44112 ----a-w- C:\Windows\System32\drivers\iirsp.sys.bak2014-01-02 04:36:15 78720 ----a-w- C:\Windows\System32\drivers\HpSAMD.sys.bak2014-01-02 04:36:02 38912 ----a-w- C:\Windows\System32\drivers\CompositeBus.sys.bak2014-01-02 04:35:56 14976 ----a-w- C:\Windows\System32\drivers\BrUsbMdm.sys.bak2014-01-02 04:35:54 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys.bak2014-01-02 04:34:05 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys.bak2014-01-02 04:34:05 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys.bak2014-01-02 04:34:00 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys.bak2014-01-02 04:33:57 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys.bak2014-01-02 04:33:51 24656 ----a-w- C:\Windows\System32\drivers\stexstor.sys.bak2014-01-02 04:33:10 182864 ----a-w- C:\Windows\System32\drivers\adpu320.sys.bak2014-01-02 03:50:44 -------- d-----w- C:\TDSSKiller_Quarantine2014-01-02 03:35:25 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{18F046B3-8263-4650-8E60-35E589276202}\offreg.dll2014-01-02 00:05:51 -------- d-----w- C:\Users\monikernc\AppData\Roaming\LavasoftStatistics2014-01-01 23:13:59 -------- d-----w- C:\Program Files\Lavasoft2014-01-01 23:13:06 -------- d-----w- C:\Program Files\Common Files\Lavasoft2014-01-01 21:55:45 -------- d-----w- C:\Users\monikernc\AppData\Local\ElevatedDiagnostics2014-01-01 18:54:28 21040 ----a-w- C:\Windows\System32\sdnclean64.exe2014-01-01 18:54:23 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 22014-01-01 18:44:27 -------- d-----w- C:\SUPERDelete2014-01-01 18:34:51 8802128 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2014-01-01 18:34:45 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{18F046B3-8263-4650-8E60-35E589276202}\mpengine.dll2014-01-01 17:58:32 -------- d-----w- C:\Windows\System32\MRT2014-01-01 16:40:44 -------- d-----w- C:\Users\monikernc\AppData\Local\DoNotTrackPlus2014-01-01 16:37:24 458584 ----a-w- C:\Windows\System32\drivers\kl1.sys2014-01-01 16:37:14 89944 ----a-w- C:\Windows\System32\drivers\klflt.sys2014-01-01 16:31:04 -------- d-----w- C:\Program Files (x86)\Check Point Software Technologies LTD2014-01-01 16:30:55 -------- d-----w- C:\Program Files (x86)\CheckPoint2014-01-01 16:30:15 -------- d-----w- C:\ProgramData\CheckPoint2013-12-22 21:19:08 -------- d-----w- C:\Users\monikernc\AppData\Local\MFAData.==================== Find3M ====================.2014-01-01 17:01:56 15712 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys2013-11-26 17:25:52 267936 ------w- C:\Windows\System32\MpSigStub.exe.============= FINISH: 11:48:51.70 =============== Attach.txt.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 2/27/2011 7:29:26 AMSystem Uptime: 1/2/2014 11:29:21 AM (0 hours ago).Motherboard: ASUSTeK Computer Inc. | | U52FProcessor: Intel® Core i5 CPU M 460 @ 2.53GHz | Socket 989 | 2534/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 577 GiB total, 453.409 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP111: 6/14/2013 4:06:37 PM - Scheduled CheckpointRP112: 6/18/2013 6:48:54 PM - Installed Java 7 Update 25 (64-bit)RP113: 6/28/2013 9:19:13 AM - Scheduled CheckpointRP114: 7/12/2013 1:57:03 PM - Scheduled CheckpointRP115: 7/21/2013 7:41:47 PM - Scheduled CheckpointRP116: 7/24/2013 4:38:56 PM - Installed Microsoft PowerPoint ViewerRP117: 8/3/2013 11:22:09 AM - Installed Microsoft Office Word Viewer 2003RP118: 8/3/2013 11:34:02 AM - Installed Compatibility Pack for the 2007 Office systemRP119: 8/13/2013 2:41:17 PM - Scheduled CheckpointRP120: 8/16/2013 11:11:38 AM - Installed Microsoft Office Excel ViewerRP121: 8/23/2013 7:22:10 PM - Scheduled CheckpointRP122: 8/31/2013 7:27:48 PM - Scheduled CheckpointRP123: 9/8/2013 1:40:51 PM - Scheduled CheckpointRP124: 9/21/2013 4:05:25 PM - Scheduled CheckpointRP125: 9/28/2013 5:24:53 PM - Scheduled CheckpointRP126: 10/6/2013 5:21:05 PM - Scheduled CheckpointRP127: 10/13/2013 8:49:38 PM - Scheduled CheckpointRP128: 10/24/2013 9:49:18 PM - Scheduled CheckpointRP129: 11/3/2013 10:30:57 AM - Scheduled CheckpointRP130: 12/22/2013 4:21:19 PM - Installed AVG 2014RP131: 12/22/2013 4:23:05 PM - Installed AVG 2014RP132: 1/1/2014 11:42:39 AM - Removed AVG 2014RP133: 1/1/2014 11:45:47 AM - Removed AVG 2014RP134: 1/1/2014 12:17:07 PM - Removed 7-Zip 9.20 (x64 edition)RP135: 1/1/2014 12:21:40 PM - Removed inSSIDerRP136: 1/1/2014 12:23:51 PM - Removed DriverUpdateRP137: 1/1/2014 12:27:05 PM - Configured LabelPrintRP138: 1/1/2014 12:56:21 PM - Windows UpdateRP139: 1/1/2014 6:12:08 PM - AA11RP140: 1/1/2014 10:23:16 PM - Removed Skype™ 6.11RP141: 1/1/2014 10:25:47 PM - Removed Skype Click to CallRP142: 1/2/2014 9:42:15 AM - Windows UpdateRP143: 1/2/2014 10:09:32 AM - Windows Update.==== Installed Programs ======================.Acrobat.comAd-Aware AntivirusAdAwareInstallerAdAwareUpdaterAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.03)Alcor Micro USB Card ReaderAmazon Unbox VideoAntimalwareEngineApple Application SupportApple Mobile Device SupportApple Software UpdateASUS AI RecoveryASUS LifeFrame3ASUS Live UpdateASUS MultiFrameASUS Power4Gear HybridASUS SmartLogonASUS Splendid Video Enhancement TechnologyASUS Virtual CameraASUS_ScreensaverATK PackageAudacity 2.0.2Best Buy pc appBonjourCCleanerChoice GuardCompatibility Pack for the 2007 Office systemControlDeckCyberLink Power2GoETDWare PS/2-x64 7.0.5.11_WHQLExpress GateFast BootGephi 0.8.1Google EarthGoogle Update HelperHP Officejet 6500 E710n-z Basic Device SoftwareHP Officejet 6500 E710n-z HelpHP UpdateI.R.I.S. OCRIntel PROSet WirelessIntel WiMAX TutorialIntel® Control CenterIntel® Graphics Media Accelerator DriverIntel® Management Engine ComponentsIntel® PROSet/Wireless WiFi SoftwareIntel® Turbo Boost Technology MonitorIntel® Wireless DisplayIntel® PROSet/Wireless WiMAX SoftwareiTunesJava 7 Update 25 (64-bit)Junk Mail filter updateMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Network Monitor 3.4Microsoft Network Monitor: NetworkMonitor Parsers 3.4Microsoft Office 2010Microsoft Office Excel ViewerMicrosoft Office Word Viewer 2003Microsoft PowerPoint ViewerMicrosoft Search Enhancement PackMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Sync Framework Runtime Native v1.0 (x86)Microsoft Sync Framework Services Native v1.0 (x86)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Mozilla Firefox 22.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB973685)NetLogo 5.0.2Octoshape add-in for Adobe Flash PlayerOpenOffice.org 3.4.1QuickTimeR for Windows 2.15.1Realtek High Definition Audio DriverRStudioSafariSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Spybot - Search & DestroySRS Premium Sound Control PanelSUPERAntiSpywareUSB 2.0 VGA UVC WebCamVideoLAN VLC media player 0.8.6fVisual Studio 2008 x64 RedistributablesVisual Studio 2012 x64 RedistributablesVisual Studio 2012 x86 RedistributablesWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live MailWindows Live Photo GalleryWindows Live SyncWindows Live ToolbarWindows Live Upload ToolWindows Live WriterWinFlashWireless Console 3ZoneAlarm AntivirusZoneAlarm FirewallZoneAlarm Free Antivirus + FirewallZoneAlarm SecurityZoneAlarm Security Toolbar.==== Event Viewer Messages From Past Week ========.1/2/2014 9:58:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet/Wireless Event Log service to connect.1/2/2014 9:58:43 AM, Error: Service Control Manager [7000] - The Intel® PROSet/Wireless Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/2/2014 9:57:20 AM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The WMI request could not be completed and should be retried.1/2/2014 9:52:49 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.1/2/2014 9:52:20 AM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.1/2/2014 9:52:20 AM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.1/2/2014 9:49:14 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070216: Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2900986).1/2/2014 9:29:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.1/2/2014 12:50:26 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.1/2/2014 12:50:26 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.1/2/2014 12:23:52 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.1/2/2014 11:30:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ZoneAlarm Privacy Service service to connect.1/2/2014 11:30:36 AM, Error: Service Control Manager [7000] - The ZoneAlarm Privacy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/2/2014 10:12:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7 for x64-based Systems.1/1/2014 7:18:33 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 871/1/2014 4:46:20 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 211/1/2014 4:24:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.1/1/2014 4:24:14 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/1/2014 12:58:19 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 3 for x64-based Systems (KB2758694).1/1/2014 12:41:28 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll1/1/2014 12:41:18 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-21474672431/1/2014 12:40:45 PM, Error: Service Control Manager [7023] - The Function Discovery Provider Host service terminated with the following error: %%-21474672431/1/2014 12:40:45 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%-21474672431/1/2014 12:40:22 PM, Error: Service Control Manager [7023] - The Windows Media Player Network Sharing Service service terminated with the following error: The parameter is incorrect.1/1/2014 12:40:22 PM, Error: Microsoft-Windows-WMPNSS-Service [14317] - Service 'WMPNetworkSvc' was not initialized because CoInitializeSecurity encountered error 87. Restart your computer, and then try to restart the service.1/1/2014 12:40:01 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.1/1/2014 11:38:14 AM, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.1/1/2014 10:55:05 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.1/1/2014 10:55:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}1/1/2014 10:55:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}1/1/2014 10:55:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}1/1/2014 10:55:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}1/1/2014 10:55:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}1/1/2014 10:54:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}1/1/2014 10:54:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache KLIF NetBIOS NetBT nm3 nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Vsdatant vwififlt Wanarpv6 WfpLwf1/1/2014 10:54:36 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/1/2014 10:54:36 PM, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.1/1/2014 10:54:36 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.1/1/2014 10:54:36 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.1/1/2014 10:54:36 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.1/1/2014 10:54:36 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.1/1/2014 10:54:36 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.1/1/2014 10:54:36 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/1/2014 10:54:36 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.1/1/2014 10:54:36 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.1/1/2014 10:35:34 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control..==== End Of File =========================== Link to post Share on other sites More sharing options...
LDTate Posted January 2, 2014 ID:772153 Share Posted January 2, 2014 First issue are these. AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730} AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996} FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED} I'll assume you don't want Ad-Aware so uninstall the AV and FW. If using Windows add / remove doesn't work use this: Download Revo Uninstaller Freeware and save it to your Desktop. http://www.revouninstaller.com/start_freeware_download.html •Install the program. •Run the program and type in the search box " Ad-Aware ". Allow it to pull up results. •Select any Ad-Aware product and uninstall them by turn. (Select the product and click on the Uninstall button). Next: Let's try the following program which will help us figure out more of what's going on with your computer and go from there. Combofix will scan the computer for various types of threats. Vista and Windows 7 / 8 users: 1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator") Download ComboFix from this link Click the link and select Save. http://download.bleepingcomputer.com/sUBs/ComboFix.exe IMPORTANT !!! Save ComboFix.exe to your Desktop Note: Be sure to select Save as Type > All Types Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216 Double click on ComboFix.exe & follow the prompts. Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7. Note: If you have XP SP3, use the XP SP2 package. Vista, Windows 7 or 8, skip the Recovery Console part As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Click on Yes, to continue scanning for malware. Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Give it atleast 20-30 minutes to finish if needed. When the tool is finished, it will produce a report for you. Please attach the C:\ComboFix.txt log on your next reply so that we can continue checking and cleaning the system. Please save using the default Notepad format, DO NOT USE WORD or any other office type of software. DO NOT COPY & PASTE the log, send it as an attachment. Reply to THIS ticket, DO NOT create a new one. **Also please describe how your computer behaves at the moment.** Link to post Share on other sites More sharing options...
monikernc Posted January 2, 2014 Author ID:772159 Share Posted January 2, 2014 sorry. i didn't read instructions. here are the dds and attach files as attachments. i am now getting a zonealarm alert that pev.dat is trying to communicate with svchost.exe by opening its process. i don't know whether to allow or deny and there there is no additional information available in the alert. i am suspicious of everything. still trying to run windows update and it continues to fail.additional info: yesterday it appeared that my admin priviledges had been tampered with. couldn't adjust power settings. when i attempted new admin profile i got registry errors. those issues seem to have been resolved with the scans and cleanups run from any one of the many tools i used to attempt a cleanup yesterday. i could not start in safe mode with networking either - have not attempted that since. safe mode works without networking. ran kapersky from there and it found things it didn't find in normal mode. the ads seem to run in twenty minutes (give or take) intervals - starts twenty mins after running for twenty mins. same ads over and over. don't need internet access to run. i use this machine for schoolwork and school email. not a lot of surfing since last spring. was running avg but i uninstalled yesterday and installed zone labs zone alarm free edition. i am going to deny the pev.dat request to communicate with svchost.exe for nowattach.txtdds.txt Link to post Share on other sites More sharing options...
LDTate Posted January 2, 2014 ID:772169 Share Posted January 2, 2014 I need you to run Combofix and attach the scan results. Link to post Share on other sites More sharing options...
monikernc Posted January 2, 2014 Author ID:772170 Share Posted January 2, 2014 i was able to install the adblock and no script add ons to firefox. adblock fails in IE. Link to post Share on other sites More sharing options...
monikernc Posted January 2, 2014 Author ID:772175 Share Posted January 2, 2014 i am attempting combo fix now. getting a zone alarm alert for pev.3xe trying to change the system behavior for executable files - allow or deny. will deny. Link to post Share on other sites More sharing options...
LDTate Posted January 2, 2014 ID:772177 Share Posted January 2, 2014 Allow and you need to try and disable ZA when running Combofix Link to post Share on other sites More sharing options...
monikernc Posted January 2, 2014 Author ID:772205 Share Posted January 2, 2014 finally got combofix to run. quite a challenge under these conditions. log is attached. thank you. i am going to reactivate antivirus and firewall now and wait for your response.combofixlog.txt Link to post Share on other sites More sharing options...
LDTate Posted January 2, 2014 ID:772211 Share Posted January 2, 2014 How's it running now? Link to post Share on other sites More sharing options...
monikernc Posted January 2, 2014 Author ID:772350 Share Posted January 2, 2014 sorry. i had to do runs to the airport. i shut down when i sent the logs. i will reply when i get back. i didn't realize combofix would do a fix. thought it was just running another scan. stay tuned! and thanks. Link to post Share on other sites More sharing options...
monikernc Posted January 2, 2014 Author ID:772392 Share Posted January 2, 2014 just got home. and the darn ads are still running.....what is next? Link to post Share on other sites More sharing options...
monikernc Posted January 2, 2014 Author ID:772416 Share Posted January 2, 2014 this just popped up and i denied but did not 'remember this setting' what is going on here? Link to post Share on other sites More sharing options...
monikernc Posted January 2, 2014 Author ID:772419 Share Posted January 2, 2014 this is the error log from the IE Ad Block failed installAdblock Plus for IE_20140102181213.log Link to post Share on other sites More sharing options...
monikernc Posted January 3, 2014 Author ID:772617 Share Posted January 3, 2014 fingers crossed but i think i got it using malwarebytes beta rootkit killer. i have heard no ads since it id'd the offending dll and replaced it with a backup. i have also been able to run windows update. i will repost to confirm or request additional assistance in morning. thanks. Link to post Share on other sites More sharing options...
LDTate Posted January 3, 2014 ID:772714 Share Posted January 3, 2014 please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to. mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan) system-log.txt Link to post Share on other sites More sharing options...
monikernc Posted January 3, 2014 Author ID:772795 Share Posted January 3, 2014 here is the log from last night. i have been able to run windows updates and my admin rights are restored. no ads since the reboot after this scan last night.mbar-log-2014-01-02 (22-55-54).txt Link to post Share on other sites More sharing options...
LDTate Posted January 4, 2014 ID:773375 Share Posted January 4, 2014 Great job, After this you should be good to go. We need to uninstall Combofix to totally remove what it found. This will cause combofix to run again just enough to uninstall itself. 1.Click Start. 2.In the Start Search box, type **ComboFix /Uninstall** and click OK. Note the space between the X and the / it needs to be there. Let me know how it's running now Link to post Share on other sites More sharing options...
monikernc Posted January 5, 2014 Author ID:773768 Share Posted January 5, 2014 I just saw your post and will run the Combofix uninstall today. I reran Kaspersky tssdkill tool yesterday and it is showing quarantined items related to the trojan.patched. Do you know how to uninstall that or clear its quarantine safely. Malwarebytes also has some quarantined items - do I have to uninstall to clear those out too? I still see some orphan processes in task manager that I suspect are related to this devil - any suggestions for a more thorough cleaning? I am no longer seeing/hearing bad behaviors but want to be sure this bad boy is really gone. Thanks. Link to post Share on other sites More sharing options...
LDTate Posted January 5, 2014 ID:773944 Share Posted January 5, 2014 Just open MBAM > open Quarantine and select delete. The default quarantine folder is in the system disk root folder, e.g.:C:\TDSSKiller_Quarantine <--Delete the folder. As for the ones you're seeing in Taskmanager > Right Click on them and get the properties (path of file), end the task for it and go to where it's located and delete it. Link to post Share on other sites More sharing options...
LDTate Posted January 8, 2014 ID:775535 Share Posted January 8, 2014 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts