Askitbasket
Posts: 20 +0
Hi,
I have been handed my parents' laptop which had ceased to work work properly, constantly freezing and crashing and refusing to bring up task manager (I have resolved the task manager issue). I suspect that it has had a virus as it seems that all restore points have been deleted and although it works fine in safe mode, certain functions are disabled - for instance, I cannot successfully install WinZip in safe mode or run Windows Update.
I have run MalwareBytes and AVG AntiVirus neither of which seem to be picking up on anything now although when I was first given the laptop MalwareBytes showed the following:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.24.08
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16518
Trevor Askew :: ADMIN-PC [administrator]
Protection: Disabled
24/02/2014 19:15:45
mbam-log-2014-02-24 (19-15-45).txt
Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 525532
Time elapsed: 1 hour(s), 19 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Trevor Askew\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Users\Trevor Askew\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Trevor Askew\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
Files Detected: 8
C:\Users\Trevor Askew\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Program Files\Yamicsoft\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Users\Trevor Askew\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Trevor Askew\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.36.zip (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Trevor Askew\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Windows\AutoKMS\AutoKMS.exe (Trojan.AutoKMS) -> Quarantined and deleted successfully.
C:\Users\Trevor Askew\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Trevor Askew\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
(end)
I really have no idea what the problem is but Windows Update is effected. There are 10 important updates and 2 optional updates waiting but the machine crashes or shows different errors (code 80080005, Update error 0x80070057).
Here are the required logs. I will have to come back with attach.zip once I've emailed it to a different machine as there is no zip software on this laptop and I can't install any at the mo.
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.45.2
Run by Trevor Askew at 10:18:50 on 2014-03-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2798.1936 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Trevor Askew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trevor Askew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trevor Askew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trevor Askew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/news/
mWinlogon: Userinit = userinit.exe,
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uPolicies-Explorer: NoSMBalloonTip = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: AlwaysShowClassicMenu = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{88A16F2A-0A6E-4EDC-B132-32908B9EB21E} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9195632A-3D43-453E-9283-F7DBB23C92A1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{ABD7045A-47E2-4322-9F59-5C9848598915} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B019A00C-9C33-49B4-99E3-B5832017911D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E08AC00C-A051-4A2D-B8D2-9B61288E468D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E08AC00C-A051-4A2D-B8D2-9B61288E468D}\458656023427F666470205279667164756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E08AC00C-A051-4A2D-B8D2-9B61288E468D}\45E4341405933333343473 : DHCPNameServer = 192.168.254.254 158.152.1.58 158.152.1.43
TCP: Interfaces\{F06727F2-2CFE-47FF-9457-D033EDAC8947} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F06727F2-2CFE-47FF-9457-D033EDAC8947}\4786563627F66647E6564777F627B6 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Trevor Askew\AppData\Roaming\Mozilla\Firefox\Profiles\o0ia5c1w.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\Trevor Askew\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.shownSelectionUI - true
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\System32\drivers\tdrpm258.sys [2011-11-4 1477728]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2012-9-18 93696]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2007-8-3 11392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2012-9-18 395264]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-11-4 252512]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-17 111616]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-24 25928]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-30 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2009-9-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2009-9-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2009-9-19 161280]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;C:\Windows\System32\drivers\ss_bserd.sys [2009-9-19 128000]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-30 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-30 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-4 1255736]
S4 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-4 2480048]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
S4 bcm44amd64;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\Windows\System32\drivers\b44amd64.sys [2009-6-10 87552]
S4 GPAdjustTimeService;1st Clock Adjust Time Service;C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe [2011-11-4 467968]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-24 418376]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-24 701512]
S4 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S4 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
S4 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-9-18 571248]
.
=============== Created Last 30 ================
.
2014-03-13 10:11:12 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{49ED1786-9A6E-4D5E-B830-24DE646FFC60}\mpengine.dll
2014-02-26 20:56:44 -------- d-----w- C:\Windows\System32\catroot2
2014-02-26 20:45:26 -------- d-----w- C:\305f745cb616afef03
2014-02-26 20:38:18 -------- d-----w- C:\e80c5d5eac2e40bb5d
2014-02-26 20:33:26 -------- d-----w- C:\9e57315bccc1cf1830572e63ef6651
2014-02-26 20:29:28 -------- d-----w- C:\fbbea87022103b5980b43194
2014-02-26 20:09:48 -------- d-----w- C:\194403d297f0ba2975ea
2014-02-26 19:41:42 -------- d-----w- C:\41ea927c0745558d4dec
2014-02-26 18:43:13 -------- d-----w- C:\110a89b55e2b126d7e82
2014-02-26 18:00:23 -------- d-----w- C:\b471deb78347cdb009fe4a9ff0
2014-02-26 17:56:08 -------- d-----w- C:\Windows\CheckSur
2014-02-25 22:49:37 -------- d-----w- C:\bb76062229a22df25d86b4af
2014-02-25 22:17:14 -------- d-----w- C:\Windows\pss
2014-02-25 21:31:49 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9813178D-8BC3-4829-9EC1-6DA6CB1736BD}\gapaengine.dll
2014-02-25 19:52:01 49940480 ----a-w- C:\Program Files (x86)\GUT8B4E.tmp
2014-02-25 19:52:01 -------- d-----w- C:\Program Files (x86)\GUM8B4D.tmp
2014-02-24 19:15:00 -------- d-----w- C:\Users\Trevor Askew\AppData\Roaming\Malwarebytes
2014-02-24 19:14:48 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-24 19:14:47 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-24 19:14:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-24 18:54:45 49940480 ----a-w- C:\Program Files (x86)\GUT16AC.tmp
2014-02-24 18:54:45 -------- d-----w- C:\Program Files (x86)\GUM166C.tmp
2014-02-24 09:59:40 17858952 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-02-24 08:45:36 -------- d-----w- C:\b5aee3c68e601a84e3487f62e78a
2014-02-23 18:51:36 49940480 ----a-w- C:\Program Files (x86)\GUTB970.tmp
2014-02-23 18:51:36 -------- d-----w- C:\Program Files (x86)\GUMB96F.tmp
2014-02-23 11:05:25 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-17 23:02:53 -------- d-----w- C:\56495baeda607afbeaf46775857d09
2014-02-17 07:10:38 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-17 07:10:37 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-17 07:10:37 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-17 07:10:37 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-16 17:52:55 -------- d-----w- C:\ProgramData\Auslogics
2014-02-16 17:52:37 -------- d-----w- C:\Users\Trevor Askew\AppData\Local\Programs
2014-02-16 17:44:00 -------- d-----w- C:\Users\Trevor Askew\AppData\Roaming\Foresight Software
2014-02-16 17:44:00 -------- d-----w- C:\Users\Trevor Askew\AppData\Roaming\DriverCure
2014-02-16 17:43:49 -------- d-----w- C:\ProgramData\Foresight Software
2014-02-16 08:05:44 49940480 ----a-w- C:\Program Files (x86)\GUT2FFC.tmp
2014-02-16 08:05:44 -------- d-----w- C:\Program Files (x86)\GUM2FFB.tmp
2014-02-14 03:04:21 -------- d-----w- C:\78350512c3c6282363
2014-02-14 03:01:46 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-14 03:01:46 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
==================== Find3M ====================
.
2014-02-24 10:03:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-24 10:03:08 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-27 14:54:09 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 10:20:20.01 ===============
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.13.03
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16518
Trevor Askew :: ADMIN-PC [administrator]
13/03/2014 10:30:22
mbam-log-2014-03-13 (10-30-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242105
Time elapsed: 5 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Thanks in advance for any help.
I have been handed my parents' laptop which had ceased to work work properly, constantly freezing and crashing and refusing to bring up task manager (I have resolved the task manager issue). I suspect that it has had a virus as it seems that all restore points have been deleted and although it works fine in safe mode, certain functions are disabled - for instance, I cannot successfully install WinZip in safe mode or run Windows Update.
I have run MalwareBytes and AVG AntiVirus neither of which seem to be picking up on anything now although when I was first given the laptop MalwareBytes showed the following:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.24.08
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16518
Trevor Askew :: ADMIN-PC [administrator]
Protection: Disabled
24/02/2014 19:15:45
mbam-log-2014-02-24 (19-15-45).txt
Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 525532
Time elapsed: 1 hour(s), 19 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Trevor Askew\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Users\Trevor Askew\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Trevor Askew\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
Files Detected: 8
C:\Users\Trevor Askew\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Program Files\Yamicsoft\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Users\Trevor Askew\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Trevor Askew\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.36.zip (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Trevor Askew\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Windows\AutoKMS\AutoKMS.exe (Trojan.AutoKMS) -> Quarantined and deleted successfully.
C:\Users\Trevor Askew\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Trevor Askew\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
(end)
I really have no idea what the problem is but Windows Update is effected. There are 10 important updates and 2 optional updates waiting but the machine crashes or shows different errors (code 80080005, Update error 0x80070057).
Here are the required logs. I will have to come back with attach.zip once I've emailed it to a different machine as there is no zip software on this laptop and I can't install any at the mo.
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.45.2
Run by Trevor Askew at 10:18:50 on 2014-03-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2798.1936 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Trevor Askew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trevor Askew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trevor Askew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Trevor Askew\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/news/
mWinlogon: Userinit = userinit.exe,
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uPolicies-Explorer: NoSMBalloonTip = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: AlwaysShowClassicMenu = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{88A16F2A-0A6E-4EDC-B132-32908B9EB21E} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9195632A-3D43-453E-9283-F7DBB23C92A1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{ABD7045A-47E2-4322-9F59-5C9848598915} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B019A00C-9C33-49B4-99E3-B5832017911D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E08AC00C-A051-4A2D-B8D2-9B61288E468D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E08AC00C-A051-4A2D-B8D2-9B61288E468D}\458656023427F666470205279667164756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E08AC00C-A051-4A2D-B8D2-9B61288E468D}\45E4341405933333343473 : DHCPNameServer = 192.168.254.254 158.152.1.58 158.152.1.43
TCP: Interfaces\{F06727F2-2CFE-47FF-9457-D033EDAC8947} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F06727F2-2CFE-47FF-9457-D033EDAC8947}\4786563627F66647E6564777F627B6 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Trevor Askew\AppData\Roaming\Mozilla\Firefox\Profiles\o0ia5c1w.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\Trevor Askew\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.shownSelectionUI - true
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\System32\drivers\tdrpm258.sys [2011-11-4 1477728]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2012-9-18 93696]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2007-8-3 11392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2012-9-18 395264]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-11-4 252512]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-17 111616]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-24 25928]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-30 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2009-9-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2009-9-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2009-9-19 161280]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;C:\Windows\System32\drivers\ss_bserd.sys [2009-9-19 128000]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-30 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-30 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-4 1255736]
S4 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-4 2480048]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
S4 bcm44amd64;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\Windows\System32\drivers\b44amd64.sys [2009-6-10 87552]
S4 GPAdjustTimeService;1st Clock Adjust Time Service;C:\Program Files (x86)\1st Clock\1stClockAdjustTimeSvc.exe [2011-11-4 467968]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-24 418376]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-24 701512]
S4 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S4 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
S4 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-9-18 571248]
.
=============== Created Last 30 ================
.
2014-03-13 10:11:12 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{49ED1786-9A6E-4D5E-B830-24DE646FFC60}\mpengine.dll
2014-02-26 20:56:44 -------- d-----w- C:\Windows\System32\catroot2
2014-02-26 20:45:26 -------- d-----w- C:\305f745cb616afef03
2014-02-26 20:38:18 -------- d-----w- C:\e80c5d5eac2e40bb5d
2014-02-26 20:33:26 -------- d-----w- C:\9e57315bccc1cf1830572e63ef6651
2014-02-26 20:29:28 -------- d-----w- C:\fbbea87022103b5980b43194
2014-02-26 20:09:48 -------- d-----w- C:\194403d297f0ba2975ea
2014-02-26 19:41:42 -------- d-----w- C:\41ea927c0745558d4dec
2014-02-26 18:43:13 -------- d-----w- C:\110a89b55e2b126d7e82
2014-02-26 18:00:23 -------- d-----w- C:\b471deb78347cdb009fe4a9ff0
2014-02-26 17:56:08 -------- d-----w- C:\Windows\CheckSur
2014-02-25 22:49:37 -------- d-----w- C:\bb76062229a22df25d86b4af
2014-02-25 22:17:14 -------- d-----w- C:\Windows\pss
2014-02-25 21:31:49 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9813178D-8BC3-4829-9EC1-6DA6CB1736BD}\gapaengine.dll
2014-02-25 19:52:01 49940480 ----a-w- C:\Program Files (x86)\GUT8B4E.tmp
2014-02-25 19:52:01 -------- d-----w- C:\Program Files (x86)\GUM8B4D.tmp
2014-02-24 19:15:00 -------- d-----w- C:\Users\Trevor Askew\AppData\Roaming\Malwarebytes
2014-02-24 19:14:48 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-24 19:14:47 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-24 19:14:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-24 18:54:45 49940480 ----a-w- C:\Program Files (x86)\GUT16AC.tmp
2014-02-24 18:54:45 -------- d-----w- C:\Program Files (x86)\GUM166C.tmp
2014-02-24 09:59:40 17858952 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-02-24 08:45:36 -------- d-----w- C:\b5aee3c68e601a84e3487f62e78a
2014-02-23 18:51:36 49940480 ----a-w- C:\Program Files (x86)\GUTB970.tmp
2014-02-23 18:51:36 -------- d-----w- C:\Program Files (x86)\GUMB96F.tmp
2014-02-23 11:05:25 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-17 23:02:53 -------- d-----w- C:\56495baeda607afbeaf46775857d09
2014-02-17 07:10:38 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-17 07:10:37 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-17 07:10:37 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-17 07:10:37 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-16 17:52:55 -------- d-----w- C:\ProgramData\Auslogics
2014-02-16 17:52:37 -------- d-----w- C:\Users\Trevor Askew\AppData\Local\Programs
2014-02-16 17:44:00 -------- d-----w- C:\Users\Trevor Askew\AppData\Roaming\Foresight Software
2014-02-16 17:44:00 -------- d-----w- C:\Users\Trevor Askew\AppData\Roaming\DriverCure
2014-02-16 17:43:49 -------- d-----w- C:\ProgramData\Foresight Software
2014-02-16 08:05:44 49940480 ----a-w- C:\Program Files (x86)\GUT2FFC.tmp
2014-02-16 08:05:44 -------- d-----w- C:\Program Files (x86)\GUM2FFB.tmp
2014-02-14 03:04:21 -------- d-----w- C:\78350512c3c6282363
2014-02-14 03:01:46 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-14 03:01:46 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
==================== Find3M ====================
.
2014-02-24 10:03:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-24 10:03:08 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-27 14:54:09 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 10:20:20.01 ===============
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.13.03
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16518
Trevor Askew :: ADMIN-PC [administrator]
13/03/2014 10:30:22
mbam-log-2014-03-13 (10-30-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242105
Time elapsed: 5 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Thanks in advance for any help.