We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Malwarebytes Log
Options

kws
Posts: 43 Forumite
in Techie Stuff
Hello,
I am working my way through the Malware removal thread, but it will take me a few days as I only have limited time available during the week.
My laptop has been having problems for the last week or so, since I downloaded and installed MS Visual Studio.
The symptoms are that when I shut down, it hangs displaying the logging off screen (or installing updates) and does not shut down - I eventually had to switch it off by holding down the power button until it closed.
Also, I have been having problems with MS Office (2013) freezing at random intervals.
I ran Malwarebytes quick scan last night and the log file is below. I also ran a full scan this evening as I saw that the quick one had identified some malware and that was clean.
Unfortunately, however the laptop still seems to hang when I restart or shut it down.
Any ideas would be gratefully received and I will continue with the additional steps in the guide over the next few evenings.
I am working my way through the Malware removal thread, but it will take me a few days as I only have limited time available during the week.
My laptop has been having problems for the last week or so, since I downloaded and installed MS Visual Studio.
The symptoms are that when I shut down, it hangs displaying the logging off screen (or installing updates) and does not shut down - I eventually had to switch it off by holding down the power button until it closed.
Also, I have been having problems with MS Office (2013) freezing at random intervals.
I ran Malwarebytes quick scan last night and the log file is below. I also ran a full scan this evening as I saw that the quick one had identified some malware and that was clean.
Unfortunately, however the laptop still seems to hang when I restart or shut it down.
Malwarebytes Anti-Malware 1.70.0.1100
Database version: v2013.03.26.14
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
XXX :: LAPTOP [administrator]
26/03/2013 22:11:35
mbam-log-2013-03-26 (22-11-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 332082
Time elapsed: 4 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|909683 (Trojan.Agent.Gen) -> Data: C:\Users\XXX\AppData\Local\Temp\909683\svhost.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Trojan.MSIL) -> Data: C:\Users\XXX\AppData\Roaming\install\server++.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\Users\XXX\AppData\Local\Temp\909683\svhost.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\XXX\AppData\Roaming\install\server++.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Users\XXX\AppData\Local\Temp\activate.exe (Backdoor.MSIL.PGen) -> Quarantined and deleted successfully.
C:\Users\XXX\AppData\Local\Temp\bssgvp.exe (Backdoor.MSIL.PGen) -> Quarantined and deleted successfully.
C:\Users\XXX\AppData\Local\Temp\909683\net4.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
(end)
Any ideas would be gratefully received and I will continue with the additional steps in the guide over the next few evenings.
0
Comments
-
Post me a DDS log - should take 2-3 minutes.
Download DDS from the link below and save it to your desktop:
Link
After you've downloaded it and saved it to your desktop:- Double click DDS to run it.
- When it's finished, DDS will open two logs:
- DDS.txt
- Attach.txt
Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)0 -
Thanks for the reply, I have downloaded and run DDs and the results from the DDS.txt file are below.
FYI, although the log says it ran in a couple of minutes at 00:35, I actually kicked it off at 23:45 and the progress bar shot to 75% and then sat there, so I left it running when I went to bed.DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2
Run by XXX at 0:35:32 on 2013-03-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4000.1852 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\lpksetup.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\nurago web meter\nurago-Reporting.exe
C:\Program Files (x86)\nurago web meter\nurago-Updater.exe
C:\Program Files (x86)\nuragoLSPService\nuragoLSPService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files (x86)\nurago web meter\nurago-TrayIcon.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\nuragoLSPService\nurago-WatchDog.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WerFault.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\nurago web meter\Chrome Extension\nurago-Chrome-Helper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: wxDownload Class: {0B01D45B-A3EF-3CAA-9C80-462508E68725} - C:\ProgramData\wxDownload\5098457b08dd0.ocx
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: nurago web meter: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\nurago web meter\Gacela2.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130307224502.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: nurago web meter: {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - C:\Program Files (x86)\nurago web meter\Gacela2.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [nurago-WatchDog] "C:\Program Files (x86)\nuragoLSPService\nurago-WatchDog.exe" /Debug
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\XXX\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NURAGO~1.LNK - C:\Program Files (x86)\nurago web meter\nurago-TrayIcon.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: Microsoft Excel'e &Ver - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - {80A21664-E813-4F79-B965-2058C0F7A84C} - C:\Program Files (x86)\nurago web meter\Gacela2.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
LSP: C:\Windows\System32\nuragoLSPService.DLL
LSP: %windir%\system32\vsocklib.dll
TCP: NameServer = 195.186.1.162 195.186.4.162
TCP: Interfaces\{1B402B83-3833-436B-938C-23E9B4ED348D} : DHCPNameServer = 195.186.1.162 195.186.4.162
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\wxdown~1\sprote~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: Notepad.exe - "C:\Program Files (x86)\TextPad 6\TextPad.exe" -n
x64-mStart Page = hxxp://asus.msn.com
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: nurago web meter: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\nurago web meter\x64\Gacela2.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130307224449.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: nurago web meter: {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - C:\Program Files (x86)\nurago web meter\x64\Gacela2.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - {80A21664-E813-4F79-B965-2058C0F7A84C} - C:\Program Files (x86)\nurago web meter\x64\Gacela2.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: Notepad.exe - "C:\Program Files (x86)\TextPad 6\TextPad.exe" -n
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\hnkzh8rz.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL -
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-08 07:29; [EMAIL="gacela2@nurago.com"]gacela2@nurago.com[/EMAIL]; C:\Program Files (x86)\nurago web meter
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-6-22 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-6-22 340216]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-3-9 70296]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-11-29 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-8-24 92800]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-13 48488]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-8-16 70112]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-9-16 138024]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-16 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-9-16 76912]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-8-16 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-8-16 515968]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-14 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-8-16 106552]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-26 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-26 30208]
.
=============== Created Last 30 ================
.
2013-03-27 16:01:48 383608 ----a-w- C:\Windows\SysWow64\nuragoLSPService64.dll
2013-03-27 16:01:47 316024 ----a-w- C:\Windows\SysWow64\nuragoLSPService.dll
2013-03-26 21:10:22
d
w- C:\Users\XXX\AppData\Roaming\Malwarebytes
2013-03-26 21:10:04
d
w- C:\ProgramData\Malwarebytes
2013-03-26 21:10:03 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-26 21:10:03
d
w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-20 20:47:58 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-17 16:29:53
d
w- C:\Program Files\CCleaner
2013-03-17 16:07:35
d
w- C:\ProgramData\APN
2013-03-17 14:47:07
d
w- C:\Users\XXX\AppData\Local\ElevatedDiagnostics
2013-03-17 10:46:54
d
w- C:\Windows\PCHEALTH
2013-03-17 10:45:42
d
w- C:\Program Files\Microsoft Analysis Services
2013-03-17 10:45:42
d
w- C:\Program Files (x86)\Microsoft Analysis Services
2013-03-17 09:34:18 1066368 ----a-w- C:\ProgramData\Microsoft\WDExpress\11.0\1033\ResourceCache.dll
2013-03-17 09:33:13
d
w- C:\Program Files (x86)\NuGet
2013-03-17 09:28:25
d
w- C:\Program Files (x86)\Common Files\Merge Modules
2013-03-17 09:25:00
d
w- C:\Program Files (x86)\Common Files\Microsoft
2013-03-17 09:24:51
d
w- C:\Program Files (x86)\Windows Kits
2013-03-17 09:22:58
d
w- C:\Program Files (x86)\Microsoft Help Viewer
2013-03-17 09:21:52
d
w- C:\Windows\SysWow64\1033
2013-03-17 09:21:52
d
w- C:\Windows\System32\1033
2013-03-17 09:21:40
d
w- C:\Program Files\Microsoft SQL Server
2013-03-17 09:21:40
d
w- C:\Program Files (x86)\Microsoft SQL Server
2013-03-17 09:21:15
d
w- C:\Program Files\Microsoft SQL Server Compact Edition
2013-03-17 09:20:05
d
w- C:\Program Files (x86)\Microsoft Visual Studio 11.0
2013-03-17 09:07:53
d
w- C:\ProgramData\regid.1991-06.com.microsoft
2013-03-17 08:38:53
d
w- C:\78b16a95dce4d77da3
2013-03-16 20:26:58
d
w- C:\Users\XXX\AppData\Roaming\install
2013-03-13 18:23:13 15859416 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-03-09 14:08:40 67224 ----a-w- C:\Windows\System32\vsocklib.dll
2013-03-09 14:08:40 63128 ----a-w- C:\Windows\SysWow64\vsocklib.dll
2013-03-09 14:08:39 70296 ----a-w- C:\Windows\System32\drivers\vsock.sys
2013-03-09 14:08:36 67664 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2013-03-09 14:08:36 33360 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2013-03-09 14:07:49 357456 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2013-03-09 14:07:48 436304 ----a-w- C:\Windows\SysWow64\vmnat.exe
2013-03-09 14:07:47 30800 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2013-03-09 14:07:43 933968 ----a-w- C:\Windows\System32\vnetlib64.dll
2013-03-09 14:07:39 52376 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2013-03-09 14:07:27
d
w- C:\Program Files\Common Files\VMware
2013-03-09 14:07:07
d
w- C:\Program Files (x86)\VMware
2013-03-09 14:07:07
d
w- C:\Program Files (x86)\Common Files\VMware
2013-03-07 21:44:29 34384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2013-03-07 17:16:37 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 17:09:35 383608 ----a-w- C:\Windows\System32\nuragoLSPService64.DLL
2013-03-02 12:46:45
d
w- C:\Program Files (x86)\nurago web meter
2013-03-02 12:45:48
d
w- C:\Program Files (x86)\nuragoLSPService
2013-02-26 08:47:42 4832864 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2013-02-26 08:47:24 25361008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL0 -
Remainder of DDS log2013-02-26 01:27:48 62104 ----a-w- C:\Windows\System32\vmnetbridge.dll
2013-02-26 01:27:48 48792 ----a-w- C:\Windows\System32\vnetinst.dll
2013-02-26 01:27:48 45720 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
2013-02-26 01:27:48 24216 ----a-w- C:\Windows\System32\drivers\vmnet.sys
2013-02-26 01:27:48 20120 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2013-02-25 23:59:16 360528 ----a-w- C:\Windows\SysWow64\vmnc.dll
.
==================== Find3M ====================
.
2013-03-27 21:51:57 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2013-03-13 18:23:25 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 18:23:25 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-07 17:16:23 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-22 20:45:53 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-19 12:59:06 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-02-19 12:56:26 340216 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-02-19 12:56:14 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-02-19 12:55:26 10728 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2013-02-19 12:55:14 106552 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2013-02-19 12:54:32 771536 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-02-19 12:53:42 515968 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-02-19 12:53:02 309840 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-02-19 12:52:44 179280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UXXXimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UXXXimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 0:37:01.54 ===============0 -
From the mbam logs you were/are infected with a backdoor/keylogger that steals information from your PC. I would use a clean computer (not this one) to change any passwords etc asap.
http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=2342824#none
https://www.virustotal.com/en/file/e952b3a4f7515168a222fdcab2937e0bdcbc133d890528998da50ce9f6d9c095/analysis/
http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=PWS%3AWin32%2FZbot.AHY
This is legit, but are you aware it's installed and what it is?
nurago web meter :https://dtp1.nurago.com/privacy.html#nrg
It's taking up quite a lot of resources.
This I would say is adware:BHO: wxDownload Class: {0B01D45B-A3EF-3CAA-9C80-462508E68725} - C:\ProgramData\wxDownload\5098457b08dd0.ocx AppInit_DLLs= c:\progra~2\wxdown~1\sprote~1.dll
I would guess it has an extension in chrome too.
Post the contents of attach.txt, the other log created by DDS.
Then, download aswMBR and save it to your Desktop.
http://public.avast.com/~gmerek/aswMBR.exe- Right click aswMBR.exe & choose "Run as Administrator" to run it.
- Click YES to the prompt to download Avast virus definitions
- When the virus definitions have downloaded, click the Scan button.
- Wait till the scan reports "Scan finished successfully"
- Click Save log & save the log to your desktop.
- Click OK
- Two files will be created, aswMBR.txt & a file named MBR.dat
- Click EXIT.
- Copy & Paste the contents of aswMBR.txt into your next reply.
0 -
A simple Factory restore would wipe all the rubbish off and make it clean, and be a lot quicker.
Time you play around removing this and that, and you might still be infected.
factory restore usually takes around 30min or less. So you'll need to reinstall a couple of programs, thats why its recommended to BACKUP either weekly or daily depending on what your doing.0 -
A simple Factory restore would wipe all the rubbish off and make it clean, and be a lot quicker.
It would be, but I would then need to re-download and install all the various packages that I've put on since I got the laptop and deal with 2 years of updates.
Plus I have about 70 gig of files that are not backed up locally, so I would have to download them all from the corporate server, which has download limits in place to prevent unauthorised leeching of files (and my broadband is very slow).
So a restore will have to remain a last resort if I can't solve it any other way.0 -
From the mbam logs you were/are infected with a backdoor/keylogger that steals information from your PC. I would use a clean computer (not this one) to change any passwords etc asap.
http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=2342824#none
https://www.virustotal.com/en/file/e952b3a4f7515168a222fdcab2937e0bdcbc133d890528998da50ce9f6d9c095/analysis/
http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=PWS%13AWin132%2FZbot.AHY
Passwords were all reset as soon as I saw the results of the scan.
Fortunately, we have very poor memory and so store passwords etc in a text file and copy and paste them into the browser.
Internet banking also uses additional protection (txt to registered mobile etc) so that should be safeThis is legit, but are you aware it's installed and what it is?
nurago web meter :https://dtp1.nurago.com/privacy.html#nrg
It's taking up quite a lot of resources.
Yes I was aware it is there and know what it is - OH installed it and it will be removed once she gets her initial payment for having it.This I would say is adware:BHO: wxDownload Class: {0B01D45B-A3EF-3CAA-9C80-462508E68725} - C:\ProgramData\wxDownload\5098457b08dd0.ocx AppInit_DLLs= c:\progra~2\wxdown~1\sprote~1.dll
I would guess it has an extension in chrome too.
I will remove that later on - the Chrome extension is inactive as I remember Chrome highlighting it when it updated and I left it deactivated.Post the contents of attach.txt, the other log created by DDS.
Then, download aswMBR and save it to your Desktop.
http://public.avast.com/~gmerek/aswMBR.exe- Right click aswMBR.exe & choose "Run as Administrator" to run it.
- Click YES to the prompt to download Avast virus definitions
- When the virus definitions have downloaded, click the Scan button.
- Wait till the scan reports "Scan finished successfully"
- Click Save log & save the log to your desktop.
- Click OK
- Two files will be created, aswMBR.txt & a file named MBR.dat
- Click EXIT.
- Copy & Paste the contents of aswMBR.txt into your next reply.
Will post attach.txt in the next message and also download and run aswMBR.
Thanks again for all your help.0 -
No problem.
The adware problem isn't so much of a problem if you've disabled it in chrome. It'll only run if you launch IE.
The pc's likely clean of any active infection right now, but we'll check a few things and make sure.
I'm going out for tea in a short while but will check in again later.0 -
Attach.txt as requested.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 21/06/2012 19:26:46
System Uptime: 27/03/2013 22:51:10 (2 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K54L
Processor: Intel(R) Celeron(R) CPU B800 @ 1.50GHz | CPU 1 | 1500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 207.285 GiB free.is FIXED (NTFS) - 394 GiB total, 287.05 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP198: 20/03/2013 06:18:15 - Windows Update
RP200: 21/03/2013 21:40:12 - Windows Update
RP201: 22/03/2013 06:19:32 - Windows Update
RP204: 26/03/2013 22:03:10 - Windows Update
RP205: 26/03/2013 22:28:02 - Windows Update
RP206: 27/03/2013 05:36:17 - Windows Update
RP207: 27/03/2013 22:48:03 - Windows Update
.
==== Installed Programs ======================
.
??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
??????? Windows Live Mesh ActiveX ???
???????? ?????????? Windows Live
?????????? Windows Live
7-Zip 9.20
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.6)
Alcor Micro USB Card Reader
Amazon Kindle
Apple Application Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS AI Recovery
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ASUS_Screensaver
AsusVibe2.0
Atheros Driver Installation Program
ATK Package
Bonjour
Bookworm Deluxe
CCleaner
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Cooking Dash
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Definition update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Entity Framework Designer for Visual Studio 2012 - enu
ETDWare PS/2-X64 8.0.5.1_WHQL
Fast Boot
FileZilla Client 3.6.0.2
Free YouTube Downloader 3.5.134
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galer!a fotogr!fica de Windows Live
Game Park Console
GIMP 2.8.0
Google Chrome
Google Update Helper
Governor of Poker
Graboid Video 3.58
Graboid Video 3.58 Setup
Hotel Dash Suite Success
iCloud
InstantOn for NB
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Java 7 Update 17
Java Auto Updater
JavaFX 2.1.1
Jewel Quest 3
Junk Mail filter update
Kindle Previewer
Luxor 3
Mahjongg dimensions
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee AntiVirus Plus
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft Help Viewer 2.0
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
Microsoft Office 64-bit Components 2013
Microsoft Office File Validation Add-In
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 64-bit MUI (English) 2013
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL Compiler Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (11.1.20828.01)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visio MUI (English) 2013
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86-x64 Compilers
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Express 2012 for Windows Desktop
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Word MUI (English) 2013
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MySQL Connector C 6.0.2
MySQL Connector C++ 1.1.0
MySQL Connector J
MySQL Connector Net 6.5.4
MySQL Connector/ODBC 5.1
MySQL Documents 5.5
MySQL Examples and Samples 5.5
MySQL Installer
MySQL Notifier 1.0.3
MySQL Server 5.5
MySQL Workbench 5.2 CE
Nuance PDF Reader
nurago web meter
OpenOffice.org 3.4.1
Outils de v!rification linguistique 2013 de Microsoft Office!- Français
PHP 5.3.21
Plants vs Zombies
Prerequisites for SSDT
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
RedMon - Redirection Port Monitor
S?????? f?t???af??? t?? Windows Live
Scratch
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Shared C Run-time for x64
Skype™ 6.1
Sonic Focus
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
syncables desktop SE
TeamViewer 7
TextPad 6
tools-linux
Update for (KB2504637)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft Access 2013 (KB2760350) 32-Bit Edition
Update for Microsoft Excel 2013 (KB2760339) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2760512) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2760556) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726961) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2727105) 32-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 32-Bit Edition
Update for Microsoft Office 2013 (KB2752094) 32-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760311) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768333) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768349) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768355) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2768011) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2727079) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2727013) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2768356) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2752090) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2767856) 32-Bit Edition
Update for Microsoft Visual Studio 2012 (KB2781514)
Update for Microsoft Word 2013 (KB2760244) 32-Bit Edition
Update for Microsoft Word 2013 (KB2767854) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.0.1
VMware Player
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
WinFlash
WinZip 17.0
Wireless Console 3
World of Goo
WxDownload Expansion
wxDownload Fast 0.6.0
.
==== Event Viewer Messages From Past Week ========
.
28/03/2013 00:36:03, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McShield service.
27/03/2013 22:57:21, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
27/03/2013 22:50:48, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
27/03/2013 22:50:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service nuragoLSPService with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
27/03/2013 22:50:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaSvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
27/03/2013 22:49:54, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
27/03/2013 22:49:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
27/03/2013 22:49:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
27/03/2013 22:49:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/03/2013 22:49:44, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO discache spldr Wanarpv6
27/03/2013 22:49:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
27/03/2013 22:03:42, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service.
27/03/2013 22:03:12, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service.
27/03/2013 18:53:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
26/03/2013 22:29:44, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4.5 on Windows 7, Vista, Windows Server 2008 and Windows Server 2008 R2 for x64 (KB2770445).
26/03/2013 21:59:06, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
26/03/2013 21:59:06, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/03/2013 21:59:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
26/03/2013 21:56:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ATKWMIACPIIO DfsC discache mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
26/03/2013 21:56:36, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2013 21:56:36, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/2013 21:56:36, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/2013 21:56:36, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2013 21:56:36, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2013 21:56:36, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/2013 21:56:36, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2013 21:56:36, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/2013 21:56:36, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2013 21:56:36, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2013 21:56:36, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2013 21:56:36, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2013 21:56:36, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2013 21:56:36, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/2013 21:56:36, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
24/03/2013 03:12:17, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000003451, 0xfffff6fc4005e1b8, 0xfffffa800b473340, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032413-19749-01.
23/03/2013 07:13:00, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8003ced060, 0xfffff80004ab4748, 0xfffffa800b099700). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032313-31715-01.
21/03/2013 17:26:12, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================0 -
aswMBR.txt is below.
I didn't get the "Scan Finished" message, but the Save Log button became active after it had sat there doing nothing for a whileaswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-28 19:17:20
19:17:20.303 OS Version: Windows x64 6.1.7601 Service Pack 1
19:17:20.303 Number of processors: 2 586 0x2A07
19:17:20.304 ComputerName: LAPTOP UserName: XXX
19:17:21.382 Initialize success
19:18:50.179 AVAST engine defs: 13032800
19:19:03.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:19:03.112 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
19:19:03.226 Disk 0 MBR read successfully
19:19:03.229 Disk 0 MBR scan
19:19:03.234 Disk 0 Windows 7 default MBR code
19:19:03.238 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
19:19:03.245 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 286161 MB offset 52430848
19:19:03.266 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 403641 MB offset 638488576
19:19:03.286 Disk 0 scanning C:\Windows\system32\drivers
19:19:13.355 Service scanning
19:19:38.464 Modules scanning
19:19:38.474 Disk 0 trace - called modules:
19:19:38.500 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
19:19:38.508 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d0d790]
19:19:38.513 3 CLASSPNP.SYS[fffff880011b743f] -> nt!IofCallDriver -> [0xfffffa800479ab20]
19:19:38.520 5 ACPI.sys[fffff88000f507a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80047a0050]
19:19:40.115 AVAST engine scan C:\Windows
19:19:42.582 AVAST engine scan C:\Windows\system32
19:30:47.435 Disk 0 MBR has been saved successfully to "C:\Users\XXX\Downloads\MBR.dat"
19:30:47.448 The log file has been saved successfully to "C:\Users\XXX\Downloads\aswMBR.txt"0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards