We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Malwarebytes Log

Options
kws
kws Posts: 43 Forumite
Hello,

I am working my way through the Malware removal thread, but it will take me a few days as I only have limited time available during the week.

My laptop has been having problems for the last week or so, since I downloaded and installed MS Visual Studio.

The symptoms are that when I shut down, it hangs displaying the logging off screen (or installing updates) and does not shut down - I eventually had to switch it off by holding down the power button until it closed.

Also, I have been having problems with MS Office (2013) freezing at random intervals.

I ran Malwarebytes quick scan last night and the log file is below. I also ran a full scan this evening as I saw that the quick one had identified some malware and that was clean.

Unfortunately, however the laptop still seems to hang when I restart or shut it down.
Malwarebytes Anti-Malware 1.70.0.1100


Database version: v2013.03.26.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
XXX :: LAPTOP [administrator]

26/03/2013 22:11:35
mbam-log-2013-03-26 (22-11-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 332082
Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|909683 (Trojan.Agent.Gen) -> Data: C:\Users\XXX\AppData\Local\Temp\909683\svhost.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Trojan.MSIL) -> Data: C:\Users\XXX\AppData\Roaming\install\server++.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\XXX\AppData\Local\Temp\909683\svhost.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\XXX\AppData\Roaming\install\server++.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Users\XXX\AppData\Local\Temp\activate.exe (Backdoor.MSIL.PGen) -> Quarantined and deleted successfully.
C:\Users\XXX\AppData\Local\Temp\bssgvp.exe (Backdoor.MSIL.PGen) -> Quarantined and deleted successfully.
C:\Users\XXX\AppData\Local\Temp\909683\net4.exe (Trojan.MSIL) -> Quarantined and deleted successfully.

(end)

Any ideas would be gratefully received and I will continue with the additional steps in the guide over the next few evenings.
«13

Comments

  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Post me a DDS log - should take 2-3 minutes.

    Download DDS from the link below and save it to your desktop:

    Link

    After you've downloaded it and saved it to your desktop:
    • Double click DDS to run it.
    • When it's finished, DDS will open two logs:
    1. DDS.txt
    2. Attach.txt
    Save both reports to your desktop.

    Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)
  • kws
    kws Posts: 43 Forumite
    Thanks for the reply, I have downloaded and run DDs and the results from the DDS.txt file are below.

    FYI, although the log says it ran in a couple of minutes at 00:35, I actually kicked it off at 23:45 and the progress bar shot to 75% and then sat there, so I left it running when I went to bed.
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2
    Run by XXX at 0:35:32 on 2013-03-28
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4000.1852 [GMT 0:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\lpksetup.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\SysWOW64\NLSSRV32.EXE
    C:\Program Files (x86)\nurago web meter\nurago-Reporting.exe
    C:\Program Files (x86)\nurago web meter\nurago-Updater.exe
    C:\Program Files (x86)\nuragoLSPService\nuragoLSPService.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Windows\SysWOW64\vmnat.exe
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Windows\SysWOW64\vmnetdhcp.exe
    C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    C:\Program Files (x86)\nurago web meter\nurago-TrayIcon.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files (x86)\nuragoLSPService\nurago-WatchDog.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\WerFault.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\nurago web meter\Chrome Extension\nurago-Chrome-Helper.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uDefault_Page_URL = hxxp://asus.msn.com
    mStart Page = hxxp://asus.msn.com
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: wxDownload Class: {0B01D45B-A3EF-3CAA-9C80-462508E68725} - C:\ProgramData\wxDownload\5098457b08dd0.ocx
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    BHO: nurago web meter: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\nurago web meter\Gacela2.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130307224502.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: nurago web meter: {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - C:\Program Files (x86)\nurago web meter\Gacela2.dll
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
    mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
    mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [nurago-WatchDog] "C:\Program Files (x86)\nuragoLSPService\nurago-WatchDog.exe" /Debug
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\XXX\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NURAGO~1.LNK - C:\Program Files (x86)\nurago web meter\nurago-TrayIcon.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office15\EXCEL.EXE/3000
    IE: Microsoft Excel'e &Ver - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office15\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    IE: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - {80A21664-E813-4F79-B965-2058C0F7A84C} - C:\Program Files (x86)\nurago web meter\Gacela2.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    LSP: C:\Windows\System32\nuragoLSPService.DLL
    LSP: %windir%\system32\vsocklib.dll
    TCP: NameServer = 195.186.1.162 195.186.4.162
    TCP: Interfaces\{1B402B83-3833-436B-938C-23E9B4ED348D} : DHCPNameServer = 195.186.1.162 195.186.4.162
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= c:\progra~2\wxdown~1\sprote~1.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    IFEO: Notepad.exe - "C:\Program Files (x86)\TextPad 6\TextPad.exe" -n
    x64-mStart Page = hxxp://asus.msn.com
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: nurago web meter: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files (x86)\nurago web meter\x64\Gacela2.dll
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130307224449.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: nurago web meter: {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - C:\Program Files (x86)\nurago web meter\x64\Gacela2.dll
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
    x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - {80A21664-E813-4F79-B965-2058C0F7A84C} - C:\Program Files (x86)\nurago web meter\x64\Gacela2.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-IFEO: Notepad.exe - "C:\Program Files (x86)\TextPad 6\TextPad.exe" -n
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\hnkzh8rz.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: keyword.URL -
    FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
    FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-02-08 07:29; [EMAIL="gacela2&#64;nurago.com"]gacela2@nurago.com[/EMAIL]; C:\Program Files (x86)\nurago web meter
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-6-22 771536]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-6-22 340216]
    R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-3-9 70296]
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
    R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-11-29 379520]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
    R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-8-24 92800]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
    R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-13 48488]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-8-16 70112]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-9-16 138024]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-16 317440]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-9-16 76912]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-8-16 309840]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-8-16 515968]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
    S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-14 196440]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-8-16 106552]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-26 19456]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-26 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-26 30208]
    .
    =============== Created Last 30 ================
    .
    2013-03-27 16:01:48 383608 ----a-w- C:\Windows\SysWow64\nuragoLSPService64.dll
    2013-03-27 16:01:47 316024 ----a-w- C:\Windows\SysWow64\nuragoLSPService.dll
    2013-03-26 21:10:22
    d
    w- C:\Users\XXX\AppData\Roaming\Malwarebytes
    2013-03-26 21:10:04
    d
    w- C:\ProgramData\Malwarebytes
    2013-03-26 21:10:03 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-03-26 21:10:03
    d
    w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-03-20 20:47:58 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    2013-03-17 16:29:53
    d
    w- C:\Program Files\CCleaner
    2013-03-17 16:07:35
    d
    w- C:\ProgramData\APN
    2013-03-17 14:47:07
    d
    w- C:\Users\XXX\AppData\Local\ElevatedDiagnostics
    2013-03-17 10:46:54
    d
    w- C:\Windows\PCHEALTH
    2013-03-17 10:45:42
    d
    w- C:\Program Files\Microsoft Analysis Services
    2013-03-17 10:45:42
    d
    w- C:\Program Files (x86)\Microsoft Analysis Services
    2013-03-17 09:34:18 1066368 ----a-w- C:\ProgramData\Microsoft\WDExpress\11.0\1033\ResourceCache.dll
    2013-03-17 09:33:13
    d
    w- C:\Program Files (x86)\NuGet
    2013-03-17 09:28:25
    d
    w- C:\Program Files (x86)\Common Files\Merge Modules
    2013-03-17 09:25:00
    d
    w- C:\Program Files (x86)\Common Files\Microsoft
    2013-03-17 09:24:51
    d
    w- C:\Program Files (x86)\Windows Kits
    2013-03-17 09:22:58
    d
    w- C:\Program Files (x86)\Microsoft Help Viewer
    2013-03-17 09:21:52
    d
    w- C:\Windows\SysWow64\1033
    2013-03-17 09:21:52
    d
    w- C:\Windows\System32\1033
    2013-03-17 09:21:40
    d
    w- C:\Program Files\Microsoft SQL Server
    2013-03-17 09:21:40
    d
    w- C:\Program Files (x86)\Microsoft SQL Server
    2013-03-17 09:21:15
    d
    w- C:\Program Files\Microsoft SQL Server Compact Edition
    2013-03-17 09:20:05
    d
    w- C:\Program Files (x86)\Microsoft Visual Studio 11.0
    2013-03-17 09:07:53
    d
    w- C:\ProgramData\regid.1991-06.com.microsoft
    2013-03-17 08:38:53
    d
    w- C:\78b16a95dce4d77da3
    2013-03-16 20:26:58
    d
    w- C:\Users\XXX\AppData\Roaming\install
    2013-03-13 18:23:13 15859416 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2013-03-09 14:08:40 67224 ----a-w- C:\Windows\System32\vsocklib.dll
    2013-03-09 14:08:40 63128 ----a-w- C:\Windows\SysWow64\vsocklib.dll
    2013-03-09 14:08:39 70296 ----a-w- C:\Windows\System32\drivers\vsock.sys
    2013-03-09 14:08:36 67664 ----a-w- C:\Windows\System32\drivers\vmx86.sys
    2013-03-09 14:08:36 33360 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
    2013-03-09 14:07:49 357456 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
    2013-03-09 14:07:48 436304 ----a-w- C:\Windows\SysWow64\vmnat.exe
    2013-03-09 14:07:47 30800 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
    2013-03-09 14:07:43 933968 ----a-w- C:\Windows\System32\vnetlib64.dll
    2013-03-09 14:07:39 52376 ----a-w- C:\Windows\System32\drivers\hcmon.sys
    2013-03-09 14:07:27
    d
    w- C:\Program Files\Common Files\VMware
    2013-03-09 14:07:07
    d
    w- C:\Program Files (x86)\VMware
    2013-03-09 14:07:07
    d
    w- C:\Program Files (x86)\Common Files\VMware
    2013-03-07 21:44:29 34384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
    2013-03-07 17:16:37 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-07 17:09:35 383608 ----a-w- C:\Windows\System32\nuragoLSPService64.DLL
    2013-03-02 12:46:45
    d
    w- C:\Program Files (x86)\nurago web meter
    2013-03-02 12:45:48
    d
    w- C:\Program Files (x86)\nuragoLSPService
    2013-02-26 08:47:42 4832864 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
    2013-02-26 08:47:24 25361008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
  • kws
    kws Posts: 43 Forumite
    Remainder of DDS log
    2013-02-26 01:27:48 62104 ----a-w- C:\Windows\System32\vmnetbridge.dll
    2013-02-26 01:27:48 48792 ----a-w- C:\Windows\System32\vnetinst.dll
    2013-02-26 01:27:48 45720 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
    2013-02-26 01:27:48 24216 ----a-w- C:\Windows\System32\drivers\vmnet.sys
    2013-02-26 01:27:48 20120 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
    2013-02-25 23:59:16 360528 ----a-w- C:\Windows\SysWow64\vmnc.dll
    .
    ==================== Find3M ====================
    .
    2013-03-27 21:51:57 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
    2013-03-13 18:23:25 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-13 18:23:25 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-03-07 17:16:23 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-02-22 20:45:53 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-02-19 12:59:06 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2013-02-19 12:56:26 340216 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2013-02-19 12:56:14 182752 ----a-w- C:\Windows\System32\mfevtps.exe
    2013-02-19 12:55:26 10728 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2013-02-19 12:55:14 106552 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2013-02-19 12:54:32 771536 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
    2013-02-19 12:53:42 515968 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2013-02-19 12:53:02 309840 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2013-02-19 12:52:44 179280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
    2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
    2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
    2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
    2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UXXXimation.dll
    2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
    2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
    2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
    2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
    2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
    2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UXXXimation.dll
    2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
    2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
    2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
    2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    .
    ============= FINISH: 0:37:01.54 ===============
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    From the mbam logs you were/are infected with a backdoor/keylogger that steals information from your PC. I would use a clean computer (not this one) to change any passwords etc asap.

    http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=2342824#none
    https://www.virustotal.com/en/file/e952b3a4f7515168a222fdcab2937e0bdcbc133d890528998da50ce9f6d9c095/analysis/
    http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=PWS%3AWin32%2FZbot.AHY


    This is legit, but are you aware it's installed and what it is?

    nurago web meter :https://dtp1.nurago.com/privacy.html#nrg

    It's taking up quite a lot of resources.

    This I would say is adware:
    BHO: wxDownload Class: {0B01D45B-A3EF-3CAA-9C80-462508E68725} - C:\ProgramData\wxDownload\5098457b08dd0.ocx
    
    AppInit_DLLs= c:\progra~2\wxdown~1\sprote~1.dll
    
    I would guess it has an extension in chrome too.


    Post the contents of attach.txt, the other log created by DDS.

    Then, download aswMBR and save it to your Desktop.

    http://public.avast.com/~gmerek/aswMBR.exe
    • Right click aswMBR.exe & choose "Run as Administrator" to run it.
    • Click YES to the prompt to download Avast virus definitions
    • When the virus definitions have downloaded, click the Scan button.
    • Wait till the scan reports "Scan finished successfully"
    • Click Save log & save the log to your desktop.
    • Click OK
    • Two files will be created, aswMBR.txt & a file named MBR.dat
    • Click EXIT.
    • Copy & Paste the contents of aswMBR.txt into your next reply.
    Don't click to fix anything, just post the log
  • andy2004
    andy2004 Posts: 1,309 Forumite
    A simple Factory restore would wipe all the rubbish off and make it clean, and be a lot quicker.
    Time you play around removing this and that, and you might still be infected.
    factory restore usually takes around 30min or less. So you'll need to reinstall a couple of programs, thats why its recommended to BACKUP either weekly or daily depending on what your doing.
  • kws
    kws Posts: 43 Forumite
    andy2004 wrote: »
    A simple Factory restore would wipe all the rubbish off and make it clean, and be a lot quicker.

    It would be, but I would then need to re-download and install all the various packages that I've put on since I got the laptop and deal with 2 years of updates.

    Plus I have about 70 gig of files that are not backed up locally, so I would have to download them all from the corporate server, which has download limits in place to prevent unauthorised leeching of files (and my broadband is very slow).

    So a restore will have to remain a last resort if I can't solve it any other way.
  • kws
    kws Posts: 43 Forumite
    waddler_8 wrote: »

    Passwords were all reset as soon as I saw the results of the scan.

    Fortunately, we have very poor memory and so store passwords etc in a text file and copy and paste them into the browser.

    Internet banking also uses additional protection (txt to registered mobile etc) so that should be safe

    waddler_8 wrote: »
    This is legit, but are you aware it's installed and what it is?

    nurago web meter :https://dtp1.nurago.com/privacy.html#nrg

    It's taking up quite a lot of resources.

    Yes I was aware it is there and know what it is - OH installed it and it will be removed once she gets her initial payment for having it.
    waddler_8 wrote: »
    This I would say is adware:
    BHO: wxDownload Class: {0B01D45B-A3EF-3CAA-9C80-462508E68725} - C:\ProgramData\wxDownload\5098457b08dd0.ocx
    
    AppInit_DLLs= c:\progra~2\wxdown~1\sprote~1.dll
    
    I would guess it has an extension in chrome too.

    I will remove that later on - the Chrome extension is inactive as I remember Chrome highlighting it when it updated and I left it deactivated.
    waddler_8 wrote: »
    Post the contents of attach.txt, the other log created by DDS.

    Then, download aswMBR and save it to your Desktop.

    http://public.avast.com/~gmerek/aswMBR.exe
    • Right click aswMBR.exe & choose "Run as Administrator" to run it.
    • Click YES to the prompt to download Avast virus definitions
    • When the virus definitions have downloaded, click the Scan button.
    • Wait till the scan reports "Scan finished successfully"
    • Click Save log & save the log to your desktop.
    • Click OK
    • Two files will be created, aswMBR.txt & a file named MBR.dat
    • Click EXIT.
    • Copy & Paste the contents of aswMBR.txt into your next reply.
    Don't click to fix anything, just post the log

    Will post attach.txt in the next message and also download and run aswMBR.

    Thanks again for all your help.
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    No problem.

    The adware problem isn't so much of a problem if you've disabled it in chrome. It'll only run if you launch IE.

    The pc's likely clean of any active infection right now, but we'll check a few things and make sure.

    I'm going out for tea in a short while but will check in again later.
  • kws
    kws Posts: 43 Forumite
    Attach.txt as requested
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 21/06/2012 19:26:46
    System Uptime: 27/03/2013 22:51:10 (2 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | K54L
    Processor: Intel(R) Celeron(R) CPU B800 @ 1.50GHz | CPU 1 | 1500/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 279 GiB total, 207.285 GiB free.
    D: is FIXED (NTFS) - 394 GiB total, 287.05 GiB free.
    E: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP198: 20/03/2013 06:18:15 - Windows Update
    RP200: 21/03/2013 21:40:12 - Windows Update
    RP201: 22/03/2013 06:19:32 - Windows Update
    RP204: 26/03/2013 22:03:10 - Windows Update
    RP205: 26/03/2013 22:28:02 - Windows Update
    RP206: 27/03/2013 05:36:17 - Windows Update
    RP207: 27/03/2013 22:48:03 - Windows Update
    .
    ==== Installed Programs ======================
    .
    ??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
    ???? ??? Windows Live
    ???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
    ???? Windows Live
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
    ??????? Windows Live Mesh ActiveX ???
    ???????? ?????????? Windows Live
    ?????????? Windows Live
    7-Zip 9.20
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.6)
    Alcor Micro USB Card Reader
    Amazon Kindle
    Apple Application Support
    Apple Software Update
    Asmedia ASM104x USB 3.0 Host Controller Driver
    ASUS AI Recovery
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Live Update
    ASUS Power4Gear Hybrid
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    ASUS WebStorage
    ASUS_Screensaver
    AsusVibe2.0
    Atheros Driver Installation Program
    ATK Package
    Bonjour
    Bookworm Deluxe
    CCleaner
    Contrôle ActiveX Windows Live Mesh pour connexions à distance
    Control ActiveX de Windows Live Mesh para conexiones remotas
    Controlo ActiveX do Windows Live Mesh para Ligações Remotas
    Cooking Dash
    CyberLink LabelPrint
    CyberLink Power2Go
    D3DX10
    Definition update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
    Entity Framework Designer for Visual Studio 2012 - enu
    ETDWare PS/2-X64 8.0.5.1_WHQL
    Fast Boot
    FileZilla Client 3.6.0.2
    Free YouTube Downloader 3.5.134
    Galeria de Fotografias do Windows Live
    Galerie de photos Windows Live
    Galer!a fotogr!fica de Windows Live
    Game Park Console
    GIMP 2.8.0
    Google Chrome
    Google Update Helper
    Governor of Poker
    Graboid Video 3.58
    Graboid Video 3.58 Setup
    Hotel Dash Suite Success
    iCloud
    InstantOn for NB
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Java 7 Update 17
    Java Auto Updater
    JavaFX 2.1.1
    Jewel Quest 3
    Junk Mail filter update
    Kindle Previewer
    Luxor 3
    Mahjongg dimensions
    Malwarebytes Anti-Malware version 1.70.0.1100
    McAfee AntiVirus Plus
    Mesh Runtime
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5
    Microsoft .NET Framework 4.5 Multi-Targeting Pack
    Microsoft .NET Framework 4.5 SDK
    Microsoft Access MUI (English) 2013
    Microsoft Access Setup Metadata MUI (English) 2013
    Microsoft Application Error Reporting
    Microsoft DCF MUI (English) 2013
    Microsoft Excel MUI (English) 2013
    Microsoft Groove MUI (English) 2013
    Microsoft Help Viewer 2.0
    Microsoft InfoPath MUI (English) 2013
    Microsoft Lync MUI (English) 2013
    Microsoft Money Plus
    Microsoft Money Shared Libraries
    Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
    Microsoft Office 64-bit Components 2013
    Microsoft Office File Validation Add-In
    Microsoft Office OSM MUI (English) 2013
    Microsoft Office OSM UX MUI (English) 2013
    Microsoft Office Professional Plus 2013
    Microsoft Office Proofing (English) 2013
    Microsoft Office Proofing Tools 2013 - English
    Microsoft Office Proofing Tools 2013 - Español
    Microsoft Office Shared 64-bit MUI (English) 2013
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
    Microsoft Office Shared MUI (English) 2013
    Microsoft Office Shared Setup Metadata MUI (English) 2013
    Microsoft OneNote MUI (English) 2013
    Microsoft Outlook MUI (English) 2013
    Microsoft PowerPoint MUI (English) 2013
    Microsoft Publisher MUI (English) 2013
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2012 Command Line Utilities
    Microsoft SQL Server 2012 Data-Tier App Framework
    Microsoft SQL Server 2012 Express LocalDB
    Microsoft SQL Server 2012 Management Objects
    Microsoft SQL Server 2012 Management Objects (x64)
    Microsoft SQL Server 2012 Native Client
    Microsoft SQL Server 2012 T-SQL Language Service
    Microsoft SQL Server 2012 Transact-SQL Compiler Service
    Microsoft SQL Server 2012 Transact-SQL ScriptDom
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU
    Microsoft SQL Server Data Tools - enu (11.1.20828.01)
    Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
    Microsoft System CLR Types for SQL Server 2012
    Microsoft System CLR Types for SQL Server 2012 (x64)
    Microsoft Visio MUI (English) 2013
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
    Microsoft Visual C++ 2012 Core Libraries
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86-x64 Compilers
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
    Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU
    Microsoft Visual Studio 2012 Preparation
    Microsoft Visual Studio 2012 Shell (Minimum)
    Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
    Microsoft Visual Studio 2012 Shell (Minimum) Resources
    Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
    Microsoft Visual Studio Express 2012 for Windows Desktop
    Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
    Microsoft Visual Studio Team Foundation Server 2012 Object Model
    Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
    Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
    Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
    Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
    Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
    Microsoft Word MUI (English) 2013
    Mozilla Firefox 15.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MySQL Connector C 6.0.2
    MySQL Connector C++ 1.1.0
    MySQL Connector J
    MySQL Connector Net 6.5.4
    MySQL Connector/ODBC 5.1
    MySQL Documents 5.5
    MySQL Examples and Samples 5.5
    MySQL Installer
    MySQL Notifier 1.0.3
    MySQL Server 5.5
    MySQL Workbench 5.2 CE
    Nuance PDF Reader
    nurago web meter
    OpenOffice.org 3.4.1
    Outils de v!rification linguistique 2013 de Microsoft Office!- Français
    PHP 5.3.21
    Plants vs Zombies
    Prerequisites for SSDT
    Raccolta foto di Windows Live
    Realtek High Definition Audio Driver
    RedMon - Redirection Port Monitor
    S?????? f?t???af??? t?? Windows Live
    Scratch
    Security Update for Microsoft .NET Framework 4.5 (KB2737083)
    Security Update for Microsoft .NET Framework 4.5 (KB2742613)
    Security Update for Microsoft .NET Framework 4.5 (KB2789648)
    Shared C Run-time for x64
    Skype™ 6.1
    Sonic Focus
    St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
    syncables desktop SE
    TeamViewer 7
    TextPad 6
    tools-linux
    Update for (KB2504637)
    Update for Microsoft .NET Framework 4.5 (KB2750147)
    Update for Microsoft Access 2013 (KB2760350) 32-Bit Edition
    Update for Microsoft Excel 2013 (KB2760339) 32-Bit Edition
    Update for Microsoft Lync 2013 (KB2760512) 32-Bit Edition
    Update for Microsoft Lync 2013 (KB2760556) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2726961) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2727105) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2752025) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2752094) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2752101) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2760311) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2768333) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2768349) 32-Bit Edition
    Update for Microsoft Office 2013 (KB2768355) 32-Bit Edition
    Update for Microsoft OneNote 2013 (KB2768011) 32-Bit Edition
    Update for Microsoft Outlook 2013 (KB2727079) 32-Bit Edition
    Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition
    Update for Microsoft PowerPoint 2013 (KB2727013) 32-Bit Edition
    Update for Microsoft SkyDrive Pro (KB2768356) 32-Bit Edition
    Update for Microsoft Visio 2013 (KB2752090) 32-Bit Edition
    Update for Microsoft Visio Viewer 2013 (KB2767856) 32-Bit Edition
    Update for Microsoft Visual Studio 2012 (KB2781514)
    Update for Microsoft Word 2013 (KB2760244) 32-Bit Edition
    Update for Microsoft Word 2013 (KB2767854) 32-Bit Edition
    VC80CRTRedist - 8.0.50727.6195
    VLC media player 1.0.1
    VMware Player
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Fotogalerie
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
    Windows Live Mesh ActiveX control for remote connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Windows Software Development Kit
    Windows Software Development Kit DirectX x64 Remote
    Windows Software Development Kit DirectX x86 Remote
    Windows Software Development Kit for Windows Store Apps
    Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
    Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
    WinFlash
    WinZip 17.0
    Wireless Console 3
    World of Goo
    WxDownload Expansion
    wxDownload Fast 0.6.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    28/03/2013 00:36:03, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McShield service.
    27/03/2013 22:57:21, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    27/03/2013 22:50:48, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    27/03/2013 22:50:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service nuragoLSPService with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
    27/03/2013 22:50:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaSvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
    27/03/2013 22:49:54, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    27/03/2013 22:49:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    27/03/2013 22:49:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    27/03/2013 22:49:51, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    27/03/2013 22:49:44, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO discache spldr Wanarpv6
    27/03/2013 22:49:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    27/03/2013 22:03:42, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service.
    27/03/2013 22:03:12, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service.
    27/03/2013 18:53:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    26/03/2013 22:29:44, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4.5 on Windows 7, Vista, Windows Server 2008 and Windows Server 2008 R2 for x64 (KB2770445).
    26/03/2013 21:59:06, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    26/03/2013 21:59:06, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    26/03/2013 21:59:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    26/03/2013 21:56:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ATKWMIACPIIO DfsC discache mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
    26/03/2013 21:56:36, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    26/03/2013 21:56:36, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    26/03/2013 21:56:36, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    26/03/2013 21:56:36, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    26/03/2013 21:56:36, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    26/03/2013 21:56:36, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    26/03/2013 21:56:36, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    26/03/2013 21:56:36, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    26/03/2013 21:56:36, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    26/03/2013 21:56:36, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
    26/03/2013 21:56:36, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    26/03/2013 21:56:36, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    26/03/2013 21:56:36, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    26/03/2013 21:56:36, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    26/03/2013 21:56:36, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    24/03/2013 03:12:17, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000003451, 0xfffff6fc4005e1b8, 0xfffffa800b473340, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032413-19749-01.
    23/03/2013 07:13:00, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa8003ced060, 0xfffff80004ab4748, 0xfffffa800b099700). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032313-31715-01.
    21/03/2013 17:26:12, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    .
    ==== End Of File ===========================
  • kws
    kws Posts: 43 Forumite
    aswMBR.txt is below.

    I didn't get the "Scan Finished" message, but the Save Log button became active after it had sat there doing nothing for a while
    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-03-28 19:17:20
    19:17:20.303 OS Version: Windows x64 6.1.7601 Service Pack 1
    19:17:20.303 Number of processors: 2 586 0x2A07
    19:17:20.304 ComputerName: LAPTOP UserName: XXX
    19:17:21.382 Initialize success
    19:18:50.179 AVAST engine defs: 13032800
    19:19:03.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    19:19:03.112 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
    19:19:03.226 Disk 0 MBR read successfully
    19:19:03.229 Disk 0 MBR scan
    19:19:03.234 Disk 0 Windows 7 default MBR code
    19:19:03.238 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
    19:19:03.245 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 286161 MB offset 52430848
    19:19:03.266 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 403641 MB offset 638488576
    19:19:03.286 Disk 0 scanning C:\Windows\system32\drivers
    19:19:13.355 Service scanning
    19:19:38.464 Modules scanning
    19:19:38.474 Disk 0 trace - called modules:
    19:19:38.500 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    19:19:38.508 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d0d790]
    19:19:38.513 3 CLASSPNP.SYS[fffff880011b743f] -> nt!IofCallDriver -> [0xfffffa800479ab20]
    19:19:38.520 5 ACPI.sys[fffff88000f507a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80047a0050]
    19:19:40.115 AVAST engine scan C:\Windows
    19:19:42.582 AVAST engine scan C:\Windows\system32
    19:30:47.435 Disk 0 MBR has been saved successfully to "C:\Users\XXX\Downloads\MBR.dat"
    19:30:47.448 The log file has been saved successfully to "C:\Users\XXX\Downloads\aswMBR.txt"
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.8K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.8K Work, Benefits & Business
  • 598.7K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 257.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.