Pop Up Trojan

Posted 5/9/2013 3:38 AM
#95582
User avatar

erud70 Member

Date Joined Nov 2016
Total Posts: 2
Every time I try to open one of my games, Firefox tabs keep popping up until I close the game launcher. Tried CCleaner, Malwarebytes, TDSSKiller...nothing works. Did your recommended Antivirus Scanning from the thread. The following is my Hijackthis, Malwarebytes, and DDs logs. Although I was not able to generate one with Hijackthis. I got this: <br/> <br/>"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this <br/> <br/>If that happens, you need to edit the file yourself. To do this, click Start, Run and type: <br/> <br/>notepad C:\Windows\System32\drivers\etc\hosts <br/> <br/>and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts' (with quotes), and reboot. <br/> <br/>Fir Vista: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'." <br/> <br/>Here is my Malwarebytes log: <br/> <br/>Malwarebytes Anti-Malware 1.75.0.1300 <br/>www.malwarebytes.org <br/> <br/>Database version: v2013.05.08.08 <br/> <br/>Windows 7 Service Pack 1 x64 NTFS <br/>Internet Explorer 8.0.7601.17514 <br/>Eric :: HAL [administrator] <br/> <br/>5/8/2013 10:02:46 PM <br/>mbam-log-2013-05-08 (22-02-46).txt <br/> <br/>Scan type: Full scan (C:\|) <br/>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM <br/>Scan options disabled: P2P <br/>Objects scanned: 445394 <br/>Time elapsed: 55 minute(s), 33 second(s) <br/> <br/>Memory Processes Detected: 0 <br/>(No malicious items detected) <br/> <br/>Memory Modules Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Keys Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Values Detected: 0 <br/>(No malicious items detected) <br/> <br/>Registry Data Items Detected: 0 <br/>(No malicious items detected) <br/> <br/>Folders Detected: 0 <br/>(No malicious items detected) <br/> <br/>Files Detected: 0 <br/>(No malicious items detected) <br/> <br/>(end) <br/> <br/>Here are my DDs logs: <br/> <br/>DDS (Ver_2012-11-20.01) - NTFS_AMD64 <br/>Internet Explorer: 8.0.7601.17514 <br/>Run by Eric at 23:05:11 on 2013-05-08 <br/>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1954 [GMT -4:00] <br/>. <br/>AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} <br/>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} <br/>. <br/>============== Running Processes =============== <br/>. <br/>C:\Windows\system32\lsm.exe <br/>C:\Windows\system32\svchost.exe -k DcomLaunch <br/>C:\Windows\system32\svchost.exe -k RPCSS <br/>c:\Program Files\Microsoft Security Client\MsMpEng.exe <br/>C:\Windows\system32\atiesrxx.exe <br/>C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted <br/>C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted <br/>C:\Windows\system32\svchost.exe -k LocalService <br/>C:\Windows\system32\svchost.exe -k netsvcs <br/>C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe <br/>C:\Windows\system32\svchost.exe -k NetworkService <br/>C:\Windows\system32\atieclxx.exe <br/>C:\Windows\System32\spoolsv.exe <br/>C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork <br/>C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe <br/>C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>C:\Program Files\Bonjour\mDNSResponder.exe <br/>C:\Windows\system32\taskeng.exe <br/>C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation <br/>C:\Windows\system32\taskhost.exe <br/>C:\Windows\system32\Dwm.exe <br/>C:\Windows\system32\svchost.exe -k imgsvc <br/>C:\Windows\Explorer.EXE <br/>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE <br/>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe <br/>C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe <br/>C:\Program Files\Microsoft Security Client\msseces.exe <br/>c:\Program Files\Microsoft Security Client\NisSrv.exe <br/>C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted <br/>C:\Program Files\Logitech Gaming Software\LCore.exe <br/>C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe <br/>C:\Windows\system32\SearchIndexer.exe <br/>C:\Windows\SysWOW64\CtHelper.exe <br/>C:\Program Files\Windows Media Player\wmpnetwk.exe <br/>C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe <br/>C:\Program Files (x86)\iTunes\iTunesHelper.exe <br/>C:\Program Files\iPod\bin\iPodService.exe <br/>C:\Windows\System32\svchost.exe -k LocalServicePeerNet <br/>C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe <br/>C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe <br/>C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe <br/>C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe <br/>C:\Program Files (x86)\Mozilla Firefox\firefox.exe <br/>C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe <br/>C:\Windows\system32\wuauclt.exe <br/>C:\Windows\system32\svchost.exe -k SDRSVC <br/>C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe <br/>C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe <br/>C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe <br/>C:\Windows\system32\taskhost.exe <br/>C:\Windows\system32\wbem\wmiprvse.exe <br/>C:\Windows\System32\cscript.exe <br/>. <br/>============== Pseudo HJT Report =============== <br/>. <br/>uStart Page = hxxp://nyt.com/ <br/>mWinlogon: Userinit = c:\windows\syswow64\userinit.exe, <br/>BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> <br/>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll <br/>BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll <br/>BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL <br/>BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll <br/>TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll <br/>TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll <br/>mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL <br/>mRun: [CTHelper] CTHELPER.EXE <br/>mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" <br/>mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" <br/>mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" <br/>mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe <br/>mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime <br/>mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun <br/>mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" <br/>dRun: [CtxfiReg] CTXFIREG.exe /FAIL1 <br/>StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe <br/>uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 <br/>mPolicies-Explorer: NoActiveDesktop = dword:1 <br/>mPolicies-Explorer: NoActiveDesktopChanges = dword:1 <br/>mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 <br/>mPolicies-System: ConsentPromptBehaviorUser = dword:3 <br/>mPolicies-System: EnableUIADesktopToggle = dword:0 <br/>mPolicies-System: PromptOnSecureDesktop = dword:0 <br/>IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 <br/>IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html <br/>IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html <br/>IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html <br/>IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html <br/>IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 <br/>IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 <br/>IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll <br/>IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll <br/>IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll <br/>IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll <br/>Trusted Zone: clonewarsadventures.com <br/>Trusted Zone: freerealms.com <br/>Trusted Zone: soe.com <br/>Trusted Zone: sony.com <br/>DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab <br/>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab <br/>DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab <br/>DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab <br/>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab <br/>DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab <br/>DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab <br/>DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab <br/>DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab <br/>TCP: NameServer = 192.168.1.1 <br/>TCP: Interfaces\{071ED978-A481-4A29-BFDA-AF3DD0F8ED66} : DHCPNameServer = 192.168.1.1 <br/>Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL <br/>Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll <br/>SSODL: WebCheck - <orphaned> <br/>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL <br/>x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey <br/>x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized <br/>x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll <br/>x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll <br/>x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL <br/>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> <br/>x64-SSODL: WebCheck - <orphaned> <br/>Hosts: 149.5.18.172 www.google-analytics.com. <br/>Hosts: 149.5.18.172 ad-emea.doubleclick.net. <br/>Hosts: 149.5.18.172 www.statcounter.com. <br/>Hosts: 108.163.215.51 www.google-analytics.com. <br/>Hosts: 108.163.215.51 ad-emea.doubleclick.net. <br/>. <br/>Note: multiple HOSTS entries found. Please refer to Attach.txt <br/>. <br/>================= FIREFOX =================== <br/>. <br/>FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\ouktv7xz.default\ <br/>FF - prefs.js: browser.startup.homepage - hxxp://nyt.com/ <br/>FF - prefs.js: network.proxy.type - 0 <br/>FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL <br/>FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL <br/>FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll <br/>FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll <br/>FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll <br/>FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll <br/>FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll <br/>FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll <br/>FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll <br/>FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll <br/>FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll <br/>FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll <br/>FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll <br/>FF - plugin: C:\Windows\SysWOW64\npmproxy.dll <br/>FF - ExtSQL: 2013-04-15 21:09; {d4e0dc9c-c356-438e-afbe-dca439f4399d}; C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\ouktv7xz.default\extensions\{d4e0dc9c-c356-438e-afbe-dca439f4399d} <br/>. <br/>============= SERVICES / DRIVERS =============== <br/>. <br/>R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] <br/>R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640] <br/>R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008] <br/>R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256] <br/>R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808] <br/>R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648] <br/>R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048] <br/>R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-6-3 22408] <br/>R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-10-2 66360] <br/>R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-6-3 16008] <br/>R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] <br/>R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392] <br/>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] <br/>S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] <br/>S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808] <br/>S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-8-1 79360] <br/>S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-15 79360] <br/>S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648] <br/>S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912] <br/>S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912] <br/>S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048] <br/>S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-6-3 48488] <br/>S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] <br/>S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-6-4 130976] <br/>S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-3 59392] <br/>S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] <br/>S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-3 1255736] <br/>S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] <br/>. <br/>=============== Created Last 30 ================ <br/>. <br/>2013-05-09 00:53:25 -------- d-----w- C:\Users\Eric\AppData\Local\Apps <br/>2013-05-09 00:53:24 -------- d-----w- C:\Users\Eric\AppData\Local\Deployment <br/>2013-05-09 00:20:19 -------- d-----w- C:\TDSSKiller_Quarantine <br/>2013-05-09 00:15:46 -------- d-----w- C:\Program Files (x86)\Pandora <br/>2013-05-09 00:11:13 -------- d-----w- C:\Users\Eric\AppData\Local\Programs <br/>2013-05-08 02:55:09 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{834B5374-AB65-4E3C-8F70-95DD71E1687A}\mpengine.dll <br/>2013-05-06 21:45:02 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll <br/>2013-05-02 22:37:37 -------- d-----w- C:\Program Files (x86)\Auslogics <br/>2013-04-25 23:37:23 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{864A5E56-AE5F-4438-90DA-CCAFF30B5FBC}\gapaengine.dll <br/>2013-04-23 21:18:43 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys <br/>2013-04-17 22:34:48 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin <br/>2013-04-16 01:07:52 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe <br/>2013-04-16 01:07:32 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe <br/>2013-04-16 01:07:32 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe <br/>. <br/>==================== Find3M ==================== <br/>. <br/>2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe <br/>2013-04-23 21:15:42 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl <br/>2013-04-23 21:15:42 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe <br/>2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys <br/>2013-04-04 09:36:01 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll <br/>2013-04-04 09:35:52 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll <br/>2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr <br/>2013-03-29 21:25:42 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys <br/>2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe <br/>2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll <br/>2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe <br/>2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe <br/>2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll <br/>2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe <br/>2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys <br/>2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll <br/>2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll <br/>2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll <br/>2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll <br/>2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll <br/>2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll <br/>2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll <br/>2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll <br/>2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll <br/>2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll <br/>2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll <br/>2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll <br/>2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys <br/>2011-11-04 21:45:10 5173760 ----a-w- C:\Program Files\prime95.exe <br/>. <br/>============= FINISH: 23:05:39.98 =============== <br/> <br/> <br/>UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. <br/>IF REQUESTED, ZIP IT UP & ATTACH IT <br/>. <br/>DDS (Ver_2012-11-20.01) <br/>. <br/>Microsoft Windows 7 Home Premium <br/>Boot Device: \Device\HarddiskVolume1 <br/>Install Date: 6/3/2011 4:13:32 PM <br/>System Uptime: 5/8/2013 9:57:16 PM (2 hours ago) <br/>. <br/>Motherboard: ASRock | | P43DE <br/>Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPUSocket | 3205/267mhz <br/>. <br/>==== Disk Partitions ========================= <br/>. <br/>C: is FIXED (NTFS) - 931 GiB total, 765.701 GiB free. <br/>D: is CDROM () <br/>F: is FIXED (FAT32) - 298 GiB total, 68.48 GiB free. <br/>. <br/>==== Disabled Device Manager Items ============= <br/>. <br/>==== System Restore Points =================== <br/>. <br/>RP388: 5/8/2013 6:23:36 PM - Installed DirectX <br/>RP389: 5/8/2013 8:39:11 PM - Windows Modules Installer <br/>RP390: 5/8/2013 8:59:48 PM - Windows Update <br/>RP391: 5/8/2013 9:09:43 PM - Removed Safari <br/>RP392: 5/8/2013 10:04:32 PM - Removed JavaFX 2.1.1 <br/>RP393: 5/8/2013 10:05:23 PM - Removed Java(TM) 6 Update 31 <br/>RP394: 5/8/2013 10:07:15 PM - Removed Java 7 Update 21 <br/>. <br/>==== Hosts File Hijack ====================== <br/>. <br/>Hosts: 149.5.18.172 www.google-analytics.com. <br/>Hosts: 149.5.18.172 ad-emea.doubleclick.net. <br/>Hosts: 149.5.18.172 www.statcounter.com. <br/>Hosts: 108.163.215.51 www.google-analytics.com. <br/>Hosts: 108.163.215.51 ad-emea.doubleclick.net. <br/>Hosts: 108.163.215.51 www.statcounter.com. <br/>. <br/>==== Installed Programs ====================== <br/>. <br/>3DMark 11 <br/>Adobe Acrobat X Pro <br/>Adobe AIR <br/>Adobe Flash Player 11 ActiveX <br/>Adobe Flash Player 11 Plugin <br/>Adobe Reader XI (11.0.02) <br/>Adobe Shockwave Player 12.0 <br/>AMD Accelerated Video Transcoding <br/>AMD APP SDK Runtime <br/>AMD Catalyst Install Manager <br/>AMD Drag and Drop Transcoding <br/>AMD Media Foundation Decoders <br/>Apple Application Support <br/>Apple Mobile Device Support <br/>Apple Software Update <br/>Application Profiles <br/>ArcSoft PhotoImpression 5 <br/>Auslogics Disk Defrag <br/>Bonjour <br/>Catalyst Control Center <br/>Catalyst Control Center - Branding <br/>Catalyst Control Center Graphics Previews Common <br/>Catalyst Control Center InstallProxy <br/>Catalyst Control Center Localization All <br/>ccc-utility64 <br/>CCC Help Chinese Standard <br/>CCC Help Chinese Traditional <br/>CCC Help Czech <br/>CCC Help Danish <br/>CCC Help Dutch <br/>CCC Help English <br/>CCC Help Finnish <br/>CCC Help French <br/>CCC Help German <br/>CCC Help Greek <br/>CCC Help Hungarian <br/>CCC Help Italian <br/>CCC Help Japanese <br/>CCC Help Korean <br/>CCC Help Norwegian <br/>CCC Help Polish <br/>CCC Help Portuguese <br/>CCC Help Russian <br/>CCC Help Spanish <br/>CCC Help Swedish <br/>CCC Help Thai <br/>CCC Help Turkish <br/>CCleaner <br/>Core Temp 1.0 RC2 <br/>CPUID CPU-Z 1.59 <br/>Creative ALchemy <br/>Creative Audio Console <br/>Creative MediaSource 5 <br/>Creative Software AutoUpdate <br/>Creative WaveStudio 7 <br/>D3DX10 <br/>Darksiders II <br/>Data Lifeguard Diagnostic for Windows 1.24 <br/>Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition <br/>Dropbox <br/>Dual-Core Optimizer <br/>DVD Profiler Version 3.8.2 <br/>EPSON Printer Software <br/>eReg <br/>Fraps <br/>Futuremark SystemInfo <br/>iCloud <br/>IrfanView (remove only) <br/>iTunes <br/>Junk Mail filter update <br/>Logitech Gaming Software <br/>Logitech Gaming Software 8.40 <br/>Malwarebytes Anti-Malware version 1.75.0.1300 <br/>Mesh Runtime <br/>Messenger Companion <br/>Microsoft .NET Framework 4 Client Profile <br/>Microsoft .NET Framework 4 Extended <br/>Microsoft Application Error Reporting <br/>Microsoft Games for Windows - LIVE Redistributable <br/>Microsoft Games for Windows Marketplace <br/>Microsoft Office 2010 Service Pack 1 (SP1) <br/>Microsoft Office Access MUI (English) 2010 <br/>Microsoft Office Access Setup Metadata MUI (English) 2010 <br/>Microsoft Office Excel MUI (English) 2010 <br/>Microsoft Office Home and Business 2010 <br/>Microsoft Office Office 64-bit Components 2010 <br/>Microsoft Office OneNote MUI (English) 2010 <br/>Microsoft Office Outlook Connector <br/>Microsoft Office Outlook MUI (English) 2010 <br/>Microsoft Office PowerPoint MUI (English) 2010 <br/>Microsoft Office Proof (English) 2010 <br/>Microsoft Office Proof (French) 2010 <br/>Microsoft Office Proof (Spanish) 2010 <br/>Microsoft Office Proofing (English) 2010 <br/>Microsoft Office Publisher MUI (English) 2010 <br/>Microsoft Office Shared 64-bit MUI (English) 2010 <br/>Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 <br/>Microsoft Office Shared MUI (English) 2010 <br/>Microsoft Office Shared Setup Metadata MUI (English) 2010 <br/>Microsoft Office Single Image 2010 <br/>Microsoft Office Word MUI (English) 2010 <br/>Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit <br/>Microsoft Security Client <br/>Microsoft Security Essentials <br/>Microsoft Silverlight <br/>Microsoft SQL Server 2005 Compact Edition [ENU] <br/>Microsoft Visual C++ 2005 Redistributable <br/>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 <br/>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 <br/>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 <br/>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 <br/>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 <br/>MobileMe Control Panel <br/>Mozilla Firefox 20.0.1 (x86 en-US) <br/>Mozilla Maintenance Service <br/>MSVCRT <br/>MSVCRT_amd64 <br/>Neverwinter <br/>OCCT 4.0.0 <br/>OpenAL <br/>Pandora <br/>Picasa 3 <br/>QuickTime <br/>Sapphire TRIXX <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) <br/>Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) <br/>Security Update for Microsoft .NET Framework 4 Extended (KB2487367) <br/>Security Update for Microsoft .NET Framework 4 Extended (KB2656351) <br/>Security Update for Microsoft .NET Framework 4 Extended (KB2736428) <br/>Security Update for Microsoft .NET Framework 4 Extended (KB2742595) <br/>Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition <br/>Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition <br/>Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition <br/>Security Update for Microsoft Office 2010 (KB2553091) <br/>Security Update for Microsoft Office 2010 (KB2553096) <br/>Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition <br/>Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition <br/>Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition <br/>Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition <br/>Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition <br/>Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition <br/>Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition <br/>Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition <br/>Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition <br/>Steam <br/>swMSM <br/>Ubisoft Game Launcher <br/>Update for Microsoft .NET Framework 4 Client Profile (KB2468871) <br/>Update for Microsoft .NET Framework 4 Client Profile (KB2533523) <br/>Update for Microsoft .NET Framework 4 Client Profile (KB2600217) <br/>Update for Microsoft .NET Framework 4 Extended (KB2468871) <br/>Update for Microsoft .NET Framework 4 Extended (KB2533523) <br/>Update for Microsoft .NET Framework 4 Extended (KB2600217) <br/>Update for Microsoft Office 2010 (KB2494150) <br/>Update for Microsoft Office 2010 (KB2553065) <br/>Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition <br/>Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition <br/>Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition <br/>Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition <br/>Update for Microsoft Office 2010 (KB2566458) <br/>Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition <br/>Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition <br/>Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition <br/>Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition <br/>Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition <br/>Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition <br/>Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition <br/>Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition <br/>Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition <br/>Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition <br/>Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition <br/>Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition <br/>VitalSource Bookshelf <br/>Windows Live Communications Platform <br/>Windows Live Essentials <br/>Windows Live Family Safety <br/>Windows Live ID Sign-in Assistant <br/>Windows Live Installer <br/>Windows Live Language Selector <br/>Windows Live Mail <br/>Windows Live Mesh <br/>Windows Live Mesh ActiveX Control for Remote Connections <br/>Windows Live Messenger <br/>Windows Live Messenger Companion Core <br/>Windows Live MIME IFilter <br/>Windows Live Movie Maker <br/>Windows Live Photo Common <br/>Windows Live Photo Gallery <br/>Windows Live PIMT Platform <br/>Windows Live Remote Client <br/>Windows Live Remote Client Resources <br/>Windows Live Remote Service <br/>Windows Live Remote Service Resources <br/>Windows Live SOXE <br/>Windows Live SOXE Definitions <br/>Windows Live UX Platform <br/>Windows Live UX Platform Language Pack <br/>Windows Live Writer <br/>Windows Live Writer Resources <br/>. <br/>==== Event Viewer Messages From Past Week ======== <br/>. <br/>5/8/2013 9:58:19 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. <br/>5/8/2013 9:58:12 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied. <br/>5/8/2013 9:58:12 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied. <br/>5/8/2013 9:58:12 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005. <br/>5/8/2013 9:57:22 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. <br/>5/8/2013 9:55:22 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\RKHit.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. <br/>5/8/2013 9:54:16 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. <br/>5/8/2013 9:53:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} <br/>5/8/2013 9:53:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} <br/>5/8/2013 9:53:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} <br/>5/8/2013 9:53:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} <br/>5/8/2013 9:53:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} <br/>5/8/2013 9:53:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} <br/>5/8/2013 9:53:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf <br/>5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. <br/>5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. <br/>5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. <br/>5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. <br/>5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. <br/>5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. <br/>5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. <br/>5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. <br/>5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. <br/>5/8/2013 9:53:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. <br/>5/8/2013 9:53:13 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start. <br/>5/8/2013 7:30:00 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state. <br/>5/8/2013 7:29:57 PM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting. <br/>5/1/2013 5:14:23 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. <br/>5/1/2013 5:14:23 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. <br/>. <br/>==== End Of File ===========================
Posted 5/9/2013 6:12 AM
#95583
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hi erud70 User image <br/> <br/> <br/> <br/> <br/> <br/>Looks like your hostsfile are infected, I´ll therefore suggest you proceed as follows. <br/> <br/> <br/>Please download Combofix from: <br/>http://download.bleepingcomputer.com/sUBs/ComboFix.exe</div> <br/> <br/> And save to the desktop. <br/> <br/> <br/>After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC: <br/>Exit all windows that are currently open on your computer. <br/>To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer. <br/> <br/> <br/>Double-click on the combofix icon found on your desktop. <br/> <br/>Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. <br/> <br/> When finished, it will produce a logfile located at C:\combofix.txt. <br/> <br/> <br/>Post the contents of that log in your next reply

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 5/9/2013 2:01 PM
#95585
User avatar

erud70 Member

Date Joined Nov 2016
Total Posts: 2
Thanks, Touch. I am at work right now, but will try that when I get home this afternoon. Tell me; is it worth it to try to fix this stuff, or would it be just easier to wipe my system and start over? What I mean is, will this completely remove the threat, or does it just kind of "quarantine" it where it doesn't affect the operation of the computer? I don't think I can handle having it just being castrated as opposed to removing it altogether.
Posted 5/10/2013 4:36 AM
#95589
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
From what I can see in the log, is it only hostsfile there are infected, which will be replaced with combofix.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, December 11, 2016, 1:24 AM (GMT +1)
There are a total of 61,164 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 4 reply posts.

Who's online

This forum has 37,970 registered members. Please welcome our newest member, MJD.
There are currently no users on-line.