BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Pop Up Trojan
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Pop Up Trojan  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Pop Up Trojan
[ << Previous Thread | Next Thread >> ]

erud70
New Member


Date Joined May 2013
Total Posts : 2
 
   Posted 5/9/2013 6:38 AM (GMT +3)    Quote: Pop Up TrojanAlert an admin about: Pop Up Trojan
Every time I try to open one of my games, Firefox tabs keep popping up until I close the game launcher. Tried CCleaner, Malwarebytes, TDSSKiller...nothing works. Did your recommended Antivirus Scanning from the thread. The following is my Hijackthis, Malwarebytes, and DDs logs. Although I was not able to generate one with Hijackthis. I got this:

"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this

If that happens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts' (with quotes), and reboot.

Fir Vista: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'."

Here is my Malwarebytes log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.08.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Eric :: HAL [administrator]

5/8/2013 10:02:46 PM
mbam-log-2013-05-08 (22-02-46).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 445394
Time elapsed: 55 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here are my DDs logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Eric at 23:05:11 on 2013-05-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1954 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe
C:\Program Files\Microsoft Security Client\msseces.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://nyt.com/
mWinlogon: Userinit = c:\windows\syswow64\userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{071ED978-A481-4A29-BFDA-AF3DD0F8ED66} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 149.5.18.172 www.google-analytics.com.
Hosts: 149.5.18.172 ad-emea.doubleclick.net.
Hosts: 149.5.18.172 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\ouktv7xz.default\
FF - prefs.js: browser.startup.homepage - hxxp://nyt.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-04-15 21:09; {d4e0dc9c-c356-438e-afbe-dca439f4399d}; C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\ouktv7xz.default\extensions\{d4e0dc9c-c356-438e-afbe-dca439f4399d}
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-6-3 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-10-2 66360]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-6-3 16008]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-8-1 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-15 79360]
S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-6-3 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-6-4 130976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-3 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-3 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-09 00:53:25 -------- d-----w- C:\Users\Eric\AppData\Local\Apps
2013-05-09 00:53:24 -------- d-----w- C:\Users\Eric\AppData\Local\Deployment
2013-05-09 00:20:19 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-09 00:15:46 -------- d-----w- C:\Program Files (x86)\Pandora
2013-05-09 00:11:13 -------- d-----w- C:\Users\Eric\AppData\Local\Programs
2013-05-08 02:55:09 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{834B5374-AB65-4E3C-8F70-95DD71E1687A}\mpengine.dll
2013-05-06 21:45:02 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-02 22:37:37 -------- d-----w- C:\Program Files (x86)\Auslogics
2013-04-25 23:37:23 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{864A5E56-AE5F-4438-90DA-CCAFF30B5FBC}\gapaengine.dll
2013-04-23 21:18:43 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-17 22:34:48 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-16 01:07:52 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-16 01:07:32 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-04-16 01:07:32 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
.
==================== Find3M ====================
.
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-23 21:15:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 21:15:42 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-04 09:36:01 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-04 09:35:52 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-03-29 21:25:42 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2011-11-04 21:45:10 5173760 ----a-w- C:\Program Files\prime95.exe
.
============= FINISH: 23:05:39.98 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/3/2011 4:13:32 PM
System Uptime: 5/8/2013 9:57:16 PM (2 hours ago)
.
Motherboard: ASRock | | P43DE
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPUSocket | 3205/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 765.701 GiB free.
D: is CDROM ()
F: is FIXED (FAT32) - 298 GiB total, 68.48 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP388: 5/8/2013 6:23:36 PM - Installed DirectX
RP389: 5/8/2013 8:39:11 PM - Windows Modules Installer
RP390: 5/8/2013 8:59:48 PM - Windows Update
RP391: 5/8/2013 9:09:43 PM - Removed Safari
RP392: 5/8/2013 10:04:32 PM - Removed JavaFX 2.1.1
RP393: 5/8/2013 10:05:23 PM - Removed Java(TM) 6 Update 31
RP394: 5/8/2013 10:07:15 PM - Removed Java 7 Update 21
.
==== Hosts File Hijack ======================
.
Hosts: 149.5.18.172 www.google-analytics.com.
Hosts: 149.5.18.172 ad-emea.doubleclick.net.
Hosts: 149.5.18.172 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
3DMark 11
Adobe Acrobat X Pro
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Profiles
ArcSoft PhotoImpression 5
Auslogics Disk Defrag
Bonjour
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Core Temp 1.0 RC2
CPUID CPU-Z 1.59
Creative ALchemy
Creative Audio Console
Creative MediaSource 5
Creative Software AutoUpdate
Creative WaveStudio 7
D3DX10
Darksiders II
Data Lifeguard Diagnostic for Windows 1.24
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
Dual-Core Optimizer
DVD Profiler Version 3.8.2
EPSON Printer Software
eReg
Fraps
Futuremark SystemInfo
iCloud
IrfanView (remove only)
iTunes
Junk Mail filter update
Logitech Gaming Software
Logitech Gaming Software 8.40
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MobileMe Control Panel
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Neverwinter
OCCT 4.0.0
OpenAL
Pandora
Picasa 3
QuickTime
Sapphire TRIXX
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Steam
swMSM
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VitalSource Bookshelf
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
5/8/2013 9:58:19 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
5/8/2013 9:58:12 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.
5/8/2013 9:58:12 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.
5/8/2013 9:58:12 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.
5/8/2013 9:57:22 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
5/8/2013 9:55:22 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\RKHit.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/8/2013 9:54:16 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/8/2013 9:53:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/8/2013 9:53:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/8/2013 9:53:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/8/2013 9:53:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/8/2013 9:53:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/8/2013 9:53:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/8/2013 9:53:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/8/2013 9:53:13 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
5/8/2013 7:30:00 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/8/2013 7:29:57 PM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting.
5/1/2013 5:14:23 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/1/2013 5:14:23 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 5/9/2013 9:12 AM (GMT +3)    Quote: Pop Up TrojanAlert an admin about: Pop Up Trojan
Hi erud70 smile





Looks like your hostsfile are infected, I´ll therefore suggest you proceed as follows.


Please download Combofix from:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


 And save to the desktop.


After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC:
Exit all windows that are currently open on your computer.
To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.

 
Double-click on the combofix icon found on your desktop.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

erud70
New Member


Date Joined May 2013
Total Posts : 2
 
   Posted 5/9/2013 5:01 PM (GMT +3)    Quote: Pop Up TrojanAlert an admin about: Pop Up Trojan
Thanks, Touch. I am at work right now, but will try that when I get home this afternoon. Tell me; is it worth it to try to fix this stuff, or would it be just easier to wipe my system and start over? What I mean is, will this completely remove the threat, or does it just kind of "quarantine" it where it doesn't affect the operation of the computer? I don't think I can handle having it just being castrated as opposed to removing it altogether.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 5/10/2013 7:36 AM (GMT +3)    Quote: Pop Up TrojanAlert an admin about: Pop Up Trojan
From what I can see in the log, is it only hostsfile there are infected, which will be replaced with combofix.


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 
New Topic Locked Topic Printable version of : Pop Up Trojan
 
Forum Information
Currently it is Sunday, September 21, 2014 9:07 PM (GMT +3)
There are a total of 60,611 posts in 13,319 threads.
In the last 3 days there were 2 new threads and 4 reply posts. View Active Threads
Who's Online
This forum has 36378 registered members. Please welcome our newest member, nightzkung.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Two Questions - Changelog & License (2)9/21/2014 1:01:38 AM (Hamlet)
Crackling Audio With Bullguard (8)9/20/2014 2:21:23 PM (Robert Mateescu)
I definitely have Malware, I've tried everything I know how to do (1)9/19/2014 6:47:25 PM (Robert Mateescu)