Jump to content

Recommended Posts

Hoping someone with similar experience/more knwledge might be able help me. My desktop items disappeared when I started my laptop, my internet wouldn't load and I had to force shutdown - the computer would not shut down as it said task scheduler was still running.

I have run Malware bytes virus detector (fast and full scan) but it turned up nothing. I also have followed instructions found in other forums about making sure the desktop items box is checked and reloading the explorer.exe file through Windows task manager. When I tried to do the latter my computer froze and I had to force shutdown again.

Strange thing is that sometimes when I turn my laptop on the icons have reappeared and the internet and everything else is working fine, but the next time I reboot everything is gone again. It's getting really frustrating...

Any ideas what is causing this? Thanks in advance for your help.

Hugh

Link to post
Share on other sites

Hello Hugh and welcome to MalwareBytes forum.

Have you run a full scan of the system with your Antivirus ?

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Download DDS and save it to your desktop from http://download.bleepingcomputer.com/sUBs/dds.com here

or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

On Vista/ Windows 7/ Windows 8 do a RIGHT-click on dds and select Run As Administrator :excl:

On Windows XP double click dds to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

Follow and answer the prompts as appropriate.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Link to post
Share on other sites

Hi Maurice,

Thanks for you help, very much appreciated. Attached files to follow:

RKill output:

Rkill 2.4.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/03/2013 11:41:57 AM in x86 mode.

Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 03/03/2013 11:42:10 AM

Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

Attach.text:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 26/05/2010 11:53:14

System Uptime: 03/03/2013 10:53:56 (1 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R530/R730

Processor: Intel® Core i3 CPU M 330 @ 2.13GHz | CPU 1 | 2133/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 141 GiB total, 95.601 GiB free.

D: is FIXED (NTFS) - 141 GiB total, 133.964 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP352: 25/01/2013 20:27:44 - Windows Update

RP353: 29/01/2013 20:49:16 - Windows Update

RP354: 06/02/2013 21:55:08 - Windows Update

RP355: 13/02/2013 21:19:04 - Windows Update

RP356: 13/02/2013 21:48:23 - Windows Update

RP357: 19/02/2013 20:58:23 - Windows Update

RP358: 24/02/2013 21:51:05 - Windows Update

RP359: 01/03/2013 21:51:40 - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office system

ABBYY FineReader 9.0 Sprint

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Manager

Adobe Reader XI (11.0.02)

Alice Greenfingers

AnyPC Client

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Client Installation Program

µTorrent

avast! Free Antivirus

BatteryLifeExtender

Bonjour

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite

CyberLink LabelPrint

CyberLink Power2Go

CyberLink PowerDirector

CyberLink PowerDVD 8

CyberLink PowerProducer

CyberLink YouCam

Dairy Dash

Easy Display Manager

Easy Network Manager

Easy SpeedUp Manager

EasyBatteryManager

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Event Manager

EPSON Scan

EPSON SX420W Series Manual

EPSON SX420W Series Network Guide

EPSON SX420W Series Printer Uninstall

EpsonNet Print

EpsonNet Setup 3.2

Evernote v. 4.6

Farm Frenzy 2

Game Pack

Gephi 0.8.1

Go-Go Gourmet

IBM SPSS Statistics 19

iCloud

Intel® Graphics Media Accelerator Driver

Intel® Rapid Storage Technology

IrfanView (remove only)

iTunes

Java 7 Update 9

Java Auto Updater

Java 6 Update 29

JetBrains Omea Reader

Junk Mail filter update

Malwarebytes Anti-Malware version 1.70.0.1100

Marvell Miniport Driver

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

MobileMe Control Panel

Mozilla Firefox 19.0 (x86 en-GB)

Mozilla Maintenance Service

MSVCRT

Office 2007 Add-in - Microsoft Save as PDF or XPS (Beta)

PhotoScape

Python 2.6 matplotlib-1.0.1

Python 2.6 numpy-1.5.1

Python 2.6 PyYAML-3.09

Python 3.3.0

Python nltk-2.0b9

QuickTime

Realtek High Definition Audio Driver

Samsung Recovery Solution 4

Samsung Support Center

Samsung Update Plus

SamsungMovie

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Skype Toolbars

Skype™ 5.10

Synaptics Pointing Device Driver

TweetDeck

UCINET 6

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition

User Guide

Veetle TV 0.9.18

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

28/02/2013 19:59:15, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

03/03/2013 10:55:07, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Oberon Media Game Console service service to connect.

03/03/2013 10:55:07, Error: Service Control Manager [7000] - The Oberon Media Game Console service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

02/03/2013 16:55:37, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

02/03/2013 16:55:37, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

02/03/2013 16:54:37, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

02/03/2013 16:54:07, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

02/03/2013 16:53:37, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.

02/03/2013 07:41:28, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

.

==== End Of File ===========================

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.9.2

Run by SAMSUNG at 11:43:46 on 2013-03-03

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2933.1710 [GMT 0:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\taskhost.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\windows\system32\taskeng.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe

C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe

C:\windows\system32\wuauclt.exe

C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\System32\Notepad.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\System32\svchost.exe -k secsvcs

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\System32\svchost.exe -k LocalServicePeerNet

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>

BHO: COmeaHelper Object: {09628AAA-66AD-4FA2-82E2-698185B66463} - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Omea: {35402C01-1777-4159-9ABA-3480BA70D90A} - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll

TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [Epson Stylus SX420W(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigce.exe /fu "c:\windows\temp\E_SEA32.tmp" /EF "HKCU"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

uRun: [AdobeBridge] <no file>

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"

mRun: [updatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [APLangApp] "c:\program files\anypc client\APLangApp.exe"

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\samsung\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: Clip and Edit - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll/1000

IE: Clip and Save - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll/1001

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Subscribe to Feed - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll/1002

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{3487739D-B9E8-4923-A2E6-7848E298067D} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{3487739D-B9E8-4923-A2E6-7848E298067D}\0736078696C6F6D656E616 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{3487739D-B9E8-4923-A2E6-7848E298067D}\354796D602D49664960223 : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{3487739D-B9E8-4923-A2E6-7848E298067D}\4516C6B64516C6B6562323A626 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{3487739D-B9E8-4923-A2E6-7848E298067D}\56465727F616D6 : DHCPNameServer = 158.223.0.200 158.223.0.201

TCP: Interfaces\{3487739D-B9E8-4923-A2E6-7848E298067D}\661626279636 : DHCPNameServer = 87.194.255.154 87.194.255.155

TCP: Interfaces\{3487739D-B9E8-4923-A2E6-7848E298067D}\74F6C64637D696478637 : DHCPNameServer = 10.162.0.3

TCP: Interfaces\{3487739D-B9E8-4923-A2E6-7848E298067D}\75563747F574275656E677963686F5C4962627162797 : DHCPNameServer = 192.168.4.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\samsung\appdata\roaming\mozilla\firefox\profiles\ps3h65u3.default\

FF - prefs.js: browser.startup.homepage - startpage.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-30 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-30 361032]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-1-14 10752]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-30 21256]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-30 58680]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-6 44808]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-1-14 125696]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-1-14 209920]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]

S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [2010-5-26 44312]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-5-26 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-25 1343400]

.

=============== Created Last 30 ================

.

2013-03-01 22:47:53 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-01 22:47:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-03-01 22:45:07 -------- d-----w- c:\users\samsung\appdata\local\Programs

2013-03-01 21:52:27 6954968 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ef51e3af-b0dc-4850-9e8b-11e7412455bb}\mpengine.dll

2013-02-15 22:04:52 208448 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2013-02-13 21:49:55 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

.

==================== Find3M ====================

.

2013-03-02 07:44:18 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-02 07:44:18 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-17 01:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe

2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-01-05 05:02:17 3957608 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-05 05:02:17 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-04 04:55:21 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-04 04:55:09 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-01-04 04:50:40 169984 ----a-w- c:\windows\system32\winsrv.dll

2013-01-04 04:46:33 293376 ----a-w- c:\windows\system32\KernelBase.dll

2013-01-04 03:00:30 2345984 ----a-w- c:\windows\system32\win32k.sys

2013-01-04 02:59:29 271360 ----a-w- c:\windows\system32\conhost.exe

2013-01-04 02:43:35 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-01-04 02:43:34 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-01-04 02:43:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-04 02:43:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-12-16 14:25:27 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:25:19 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-08 15:08:25 205 ----a-w- c:\windows\system32\lsprst7.dll

.

============= FINISH: 11:44:22.94 ===============

I realise that Malware Bytes is not a substitute for an anti-virus, I have Avast.

Link to post
Share on other sites
  • Root Admin

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

Link to post
Share on other sites

Apologies, uTorrent uninstalled. New logs below:

RKill:

Rkill 2.4.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/03/2013 12:55:57 PM in x86 mode.

Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 03/03/2013 12:56:05 PM

Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)

Attach.txt

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 26/05/2010 11:53:14

System Uptime: 03/03/2013 10:53:56 (2 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R530/R730

Processor: Intel® Core i3 CPU M 330 @ 2.13GHz | CPU 1 | 1855/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 141 GiB total, 95.598 GiB free.

D: is FIXED (NTFS) - 141 GiB total, 133.964 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP352: 25/01/2013 20:27:44 - Windows Update

RP353: 29/01/2013 20:49:16 - Windows Update

RP354: 06/02/2013 21:55:08 - Windows Update

RP355: 13/02/2013 21:19:04 - Windows Update

RP356: 13/02/2013 21:48:23 - Windows Update

RP357: 19/02/2013 20:58:23 - Windows Update

RP358: 24/02/2013 21:51:05 - Windows Update

RP359: 01/03/2013 21:51:40 - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office system

ABBYY FineReader 9.0 Sprint

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Manager

Adobe Reader XI (11.0.02)

Alice Greenfingers

AnyPC Client

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Client Installation Program

avast! Free Antivirus

BatteryLifeExtender

Bonjour

Compatibility Pack for the 2007 Office system

CyberLink DVD Suite

CyberLink LabelPrint

CyberLink Power2Go

CyberLink PowerDirector

CyberLink PowerDVD 8

CyberLink PowerProducer

CyberLink YouCam

Dairy Dash

Easy Display Manager

Easy Network Manager

Easy SpeedUp Manager

EasyBatteryManager

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Event Manager

EPSON Scan

EPSON SX420W Series Manual

EPSON SX420W Series Network Guide

EPSON SX420W Series Printer Uninstall

EpsonNet Print

EpsonNet Setup 3.2

Evernote v. 4.6

Farm Frenzy 2

Game Pack

Gephi 0.8.1

Go-Go Gourmet

IBM SPSS Statistics 19

iCloud

Intel® Graphics Media Accelerator Driver

Intel® Rapid Storage Technology

IrfanView (remove only)

iTunes

Java 7 Update 9

Java Auto Updater

Java 6 Update 29

JetBrains Omea Reader

Junk Mail filter update

Malwarebytes Anti-Malware version 1.70.0.1100

Marvell Miniport Driver

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

MobileMe Control Panel

Mozilla Firefox 19.0 (x86 en-GB)

Mozilla Maintenance Service

MSVCRT

Office 2007 Add-in - Microsoft Save as PDF or XPS (Beta)

PhotoScape

Python 2.6 matplotlib-1.0.1

Python 2.6 numpy-1.5.1

Python 2.6 PyYAML-3.09

Python 3.3.0

Python nltk-2.0b9

QuickTime

Realtek High Definition Audio Driver

Samsung Recovery Solution 4

Samsung Support Center

Samsung Update Plus

SamsungMovie

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Skype Toolbars

Skype™ 5.10

Synaptics Pointing Device Driver

TweetDeck

UCINET 6

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition

User Guide

Veetle TV 0.9.18

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

28/02/2013 19:59:15, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

03/03/2013 10:55:07, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Oberon Media Game Console service service to connect.

03/03/2013 10:55:07, Error: Service Control Manager [7000] - The Oberon Media Game Console service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

02/03/2013 16:55:37, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

02/03/2013 16:55:37, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

02/03/2013 16:54:37, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

02/03/2013 16:54:07, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

02/03/2013 16:53:37, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.

02/03/2013 07:41:28, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

.

==== End Of File ===========================

DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.9.2

Run by SAMSUNG at 12:56:54 on 2013-03-03

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2933.1416 [GMT 0:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\taskhost.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\windows\system32\taskeng.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCE.EXE

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe

C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe

C:\windows\system32\wuauclt.exe

C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE

C:\Program Files\Evernote\Evernote\Evernote.exe

C:\Program Files\Evernote\Evernote\EvernoteTray.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\System32\Notepad.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\System32\svchost.exe -k secsvcs

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\System32\svchost.exe -k LocalServicePeerNet

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>

BHO: COmeaHelper Object: {09628AAA-66AD-4FA2-82E2-698185B66463} - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Omea: {35402C01-1777-4159-9ABA-3480BA70D90A} - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll

TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [Epson Stylus SX420W(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigce.exe /fu "c:\windows\temp\E_SEA32.tmp" /EF "HKCU"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

uRun: [AdobeBridge] <no file>

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"

mRun: [updatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [APLangApp] "c:\program files\anypc client\APLangApp.exe"

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\samsung\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: Clip and Edit - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll/1000

IE: Clip and Save - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll/1001

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Subscribe to Feed - c:\program files\jetbrains\omea reader\IexploreOmeaW.dll/1002

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{3487739D-B9E8-4923-A2E6-7848E298067D} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{3487739D-B9E8-4923-A2E6-7848E298067D}\0736078696C6F6D656E616 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{3487739D-B9E8-4923-A2E6-7848E298067D}\354796D602D49664960223 : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{3487739D-B9E8-4923-A2E6-7848E298067D}\4516C6B64516C6B6562323A626 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{3487739D-B9E8-4923-A2E6-7848E298067D}\56465727F616D6 : DHCPNameServer = 158.223.0.200 158.223.0.201

TCP: Interfaces\{3487739D-B9E8-4923-A2E6-7848E298067D}\661626279636 : DHCPNameServer = 87.194.255.154 87.194.255.155

TCP: Interfaces\{3487739D-B9E8-4923-A2E6-7848E298067D}\74F6C64637D696478637 : DHCPNameServer = 10.162.0.3

TCP: Interfaces\{3487739D-B9E8-4923-A2E6-7848E298067D}\75563747F574275656E677963686F5C4962627162797 : DHCPNameServer = 192.168.4.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\samsung\appdata\roaming\mozilla\firefox\profiles\ps3h65u3.default\

FF - prefs.js: browser.startup.homepage - startpage.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-30 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-30 361032]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-1-14 10752]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-30 21256]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-30 58680]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-6 44808]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-1-14 125696]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-1-14 209920]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]

S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [2010-5-26 44312]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-5-26 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-25 1343400]

.

=============== Created Last 30 ================

.

2013-03-01 22:47:53 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-01 22:47:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-03-01 22:45:07 -------- d-----w- c:\users\samsung\appdata\local\Programs

2013-03-01 21:52:27 6954968 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ef51e3af-b0dc-4850-9e8b-11e7412455bb}\mpengine.dll

2013-02-15 22:04:52 208448 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2013-02-13 21:49:55 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

.

==================== Find3M ====================

.

2013-03-02 07:44:18 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-02 07:44:18 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-17 01:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe

2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-01-05 05:02:17 3957608 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-05 05:02:17 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-04 04:55:21 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-04 04:55:09 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-01-04 04:50:40 169984 ----a-w- c:\windows\system32\winsrv.dll

2013-01-04 04:46:33 293376 ----a-w- c:\windows\system32\KernelBase.dll

2013-01-04 03:00:30 2345984 ----a-w- c:\windows\system32\win32k.sys

2013-01-04 02:59:29 271360 ----a-w- c:\windows\system32\conhost.exe

2013-01-04 02:43:35 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-01-04 02:43:34 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-01-04 02:43:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-04 02:43:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-12-16 14:25:27 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:25:19 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-08 15:08:25 205 ----a-w- c:\windows\system32\lsprst7.dll

.

============= FINISH: 12:57:09.01 ===============

Link to post
Share on other sites

Older versions of Java pose a security risk. Uninstall Java 7 Update 9

Java Auto Updater

Java 6 Update 29

And if you do not need Java for the programs that you use, keep Java off your system .

How to disable Java in various browsers : http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse

Also see No, Seriously, Just Disable Java in Your Browser Right Now

Brian Krebs posted on 1 March 2013 of a new zero-day vulnerability

cf https://krebsonsecurity.com/2013/03/new-java-0-day-attack-echoes-bit9-breach/

As he noted in his closing,

Most consumers can get by without Java installed, or least not plugged into the browser. Because of the prevalence of threats targeting Java installations, I’d urge these users to remove Java or unplug it from the browser. If this is too much trouble, consider adopting a dual-browser approach, keeping Java unplugged from your main browser, and plugged in to a secondary browser that you only use to visit sites that require the plugin.

Now then, How's the internet connection that you mentioned at the very start ?

Have you done a full scan with AVAST! {after making sure it is all-current with updates} ?

Desktop items ?

If it is just a very slow desktop icon population on-screen when the system 1st loads, that is not unusual.

We'd like to have a current description of the issues at hand.

From a review of the logs here, there does not appear to be a malware infection.

It would be a good idea for you to review closely all the application programs that are auto-loaded with Windows startup and to trim back on those.

iTunesHelper, Adobe ARM, QuickTime Task & PowerDVD8 are some examples of apps that can be removed from auto-startup.

Edited by Maurice Naggar
Link to post
Share on other sites

Thanks Maurice. Will remove Java this evening and also the apps you suggested from auto-start-up. i'll also do a full scan with Avast.

Regarding the internet connection, it seems okay with the other computer in the flat. Not sure about actual speeds.

The strange thing about the problem is that sometimes thae computer loads with the desktop items displayed and all works fine. Other times the desktop items do not load, inernet does not work and I have to force shut down by turning the laptop off with the power switch. there seems to be no rhyme or reason as to whether it works or not (although i'm hoping there is a reason - on that I can fix)

I have seen elsewhere people claiming Infrarecorder is the problem but I don't think I have this downloaded or running, unless it is part of the standard windows package...

Link to post
Share on other sites

To the very best of my knowledge, no, Infrarecorder is not part of Windows. ;-) :D

As to the rest, maybe, just maybe, your RAM may be on the edge.

How old is this system?

You may want to think about running a Windows memory diagnostic test.

Link to post
Share on other sites

Sorry for slow reply - been hectic at work. I ran a Windows Memory diagnostic test but it didn't pick up any problems. The system isn't that old, a couple of years maybe. It's a Samsung R530 Laptop.

Not sure of this throws any light on the situation but when the desktop items don't appear (or, as has happened a couple of times now, I turn on my computer and it is simply a black screen) and I have to force shutdown, the program still running seems to always be TaskEng (Task Scheduler Engine). This may be perfectly normal but thought I would mention it anyway.

Given that I have run two full anti-virus scans and an anti-malware scan i'm guessing the problem must be something to do with the system itself.

Link to post
Share on other sites

Let's have you get a new diagnostic report for review. Please read over carefully this and then do.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

OR If you have the Windows o.s. DVD, then To enter System Recovery Options, by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt i_arrow-l.gif

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-03-2013 01

Ran by SYSTEM at 07-03-2013 22:32:45

Running from H:\

Windows 7 Home Premium (X86) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [8120864 2009-12-14] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-09] (Synaptics Incorporated)

HKLM\...\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)

HKLM\...\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-06-03] (CyberLink)

HKLM\...\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)

HKLM\...\Run: [updatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" [222504 2008-01-03] (CyberLink Corp.)

HKLM\...\Run: [updatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [218408 2008-12-03] (CyberLink Corp.)

HKLM\...\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2009-07-20] (CyberLink Corp.)

HKLM\...\Run: [APLangApp] "C:\Program Files\AnyPC Client\APLangApp.exe" [13312 2009-11-19] (DoctorSoft)

HKLM\...\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-19] (CyberLink Corp.)

HKLM\...\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-01] (Apple Inc.)

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)

HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)

HKU\SAMSUNG\...\Run: [Epson Stylus SX420W(Network)] C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "C:\windows\TEMP\E_SEA32.tmp" /EF "HKCU" [200704 2009-09-13] (SEIKO EPSON CORPORATION)

HKU\SAMSUNG\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]

HKU\SAMSUNG\...\Run: [AdobeBridge] [x]

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Startup: C:\Users\SAMSUNG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

==================== Services (Whitelisted) ===================

2 ABBYY.Licensing.FineReader.Sprint.9.0; "C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service [759048 2009-05-14] (ABBYY)

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)

2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)

2 OberonGameConsoleService; "C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe" [44312 2009-08-13] ()

2 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-07] ()

==================== Drivers (Whitelisted) ====================

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-10-30] (AVAST Software)

2 aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [58680 2012-10-30] (AVAST Software)

1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-10-15] (AVAST Software)

1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [738504 2012-10-30] (AVAST Software)

1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [361032 2012-10-30] (AVAST Software)

1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-10-30] (AVAST Software)

3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-03-07 22:20 - 2013-03-07 22:20 - 00000000 ____D C:\FRST

2013-03-07 14:02 - 2013-03-07 14:03 - 00909818 ____A (Farbar) C:\Users\SAMSUNG\Downloads\FRST.exe

2013-03-03 04:56 - 2013-03-03 04:56 - 00688992 ____R (Swearware) C:\Users\SAMSUNG\Downloads\dds(1).com

2013-03-03 04:55 - 2013-03-03 04:55 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\SAMSUNG\Downloads\rkill(2).scr

2013-03-03 03:57 - 2013-03-03 03:57 - 00016425 ____A C:\Users\SAMSUNG\Desktop\DDS (Desktop problem).txt

2013-03-03 03:57 - 2013-03-03 03:57 - 00002012 ____A C:\Users\SAMSUNG\Desktop\Rkill (Desktop problem).txt

2013-03-03 03:56 - 2013-03-03 03:56 - 00008592 ____A C:\Users\SAMSUNG\Desktop\Attach (desktop problem).txt

2013-03-03 03:44 - 2013-03-03 04:57 - 00016587 ____A C:\Users\SAMSUNG\Desktop\dds.txt

2013-03-03 03:44 - 2013-03-03 04:57 - 00008582 ____A C:\Users\SAMSUNG\Desktop\attach.txt

2013-03-03 03:43 - 2013-03-03 03:43 - 00688992 ____R (Swearware) C:\Users\SAMSUNG\Downloads\dds.com

2013-03-03 03:41 - 2013-03-03 04:56 - 00002010 ____A C:\Users\SAMSUNG\Desktop\Rkill.txt

2013-03-03 03:38 - 2013-03-03 03:38 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\SAMSUNG\Downloads\rkill(1).scr

2013-03-01 14:47 - 2013-03-01 14:47 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-03-01 14:47 - 2013-03-01 14:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-03-01 14:47 - 2012-12-14 08:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-03-01 14:44 - 2013-03-01 14:44 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\SAMSUNG\Downloads\mbam-setup-1.70.0.1100.exe

2013-02-21 23:29 - 2013-02-21 23:29 - 00000000 ____D C:\Users\SAMSUNG\Documents\SF network analysis manual

2013-02-21 23:26 - 2013-02-21 23:26 - 00000000 ____D C:\Users\SAMSUNG\Documents\SocNetV-0.81

2013-02-19 13:47 - 2013-02-19 13:47 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-02-17 10:08 - 2013-02-17 10:08 - 00000000 ____D C:\Users\SAMSUNG\Downloads\Jive Bunny and The Mastermixers - The Album

2013-02-13 13:50 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-02-13 13:50 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-02-13 13:50 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-02-13 13:50 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-02-13 13:50 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-02-13 13:50 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-02-13 13:50 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-02-13 13:50 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-02-13 13:50 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-02-13 13:50 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-02-13 13:50 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-02-13 13:50 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-02-13 13:50 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-02-13 13:50 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-02-13 13:49 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-02-13 13:49 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-02-13 13:25 - 2013-01-04 21:02 - 03957608 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2013-02-13 13:25 - 2013-01-04 21:02 - 03902312 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-02-13 13:25 - 2013-01-03 20:55 - 01287528 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-02-13 13:25 - 2013-01-03 20:55 - 00187240 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2013-02-13 13:25 - 2013-01-03 20:50 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-02-13 13:25 - 2013-01-03 20:46 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2013-02-13 13:25 - 2013-01-03 20:46 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 20:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 19:00 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-02-13 13:25 - 2013-01-03 18:59 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2013-02-13 13:25 - 2013-01-03 18:43 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 18:43 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 18:43 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-02-13 13:25 - 2013-01-03 18:43 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-02-10 13:21 - 2013-02-17 10:03 - 00000000 ____D C:\Users\SAMSUNG\Documents\Job apps & Competencies

2013-02-10 13:20 - 2013-02-10 13:20 - 00000000 ____D C:\Users\SAMSUNG\Documents\Cobra

==================== One Month Modified Files and Folders ========

2013-03-07 22:20 - 2013-03-07 22:20 - 00000000 ____D C:\FRST

2013-03-07 14:29 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-03-07 14:29 - 2009-07-13 20:39 - 00143879 ____A C:\Windows\setupact.log

2013-03-07 14:28 - 2010-01-13 19:03 - 02078840 ____A C:\Windows\WindowsUpdate.log

2013-03-07 14:28 - 2009-07-13 20:34 - 00014736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-03-07 14:28 - 2009-07-13 20:34 - 00014736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-03-07 14:03 - 2013-03-07 14:02 - 00909818 ____A (Farbar) C:\Users\SAMSUNG\Downloads\FRST.exe

2013-03-07 13:44 - 2012-05-08 07:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-03-04 15:11 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles

2013-03-04 14:45 - 2011-05-11 03:08 - 00000000 ____D C:\Program Files\Java

2013-03-03 04:57 - 2013-03-03 03:44 - 00016587 ____A C:\Users\SAMSUNG\Desktop\dds.txt

2013-03-03 04:57 - 2013-03-03 03:44 - 00008582 ____A C:\Users\SAMSUNG\Desktop\attach.txt

2013-03-03 04:56 - 2013-03-03 04:56 - 00688992 ____R (Swearware) C:\Users\SAMSUNG\Downloads\dds(1).com

2013-03-03 04:56 - 2013-03-03 03:41 - 00002010 ____A C:\Users\SAMSUNG\Desktop\Rkill.txt

2013-03-03 04:55 - 2013-03-03 04:55 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\SAMSUNG\Downloads\rkill(2).scr

2013-03-03 04:53 - 2012-10-02 04:48 - 00000000 ____D C:\Users\SAMSUNG\AppData\Roaming\uTorrent

2013-03-03 04:36 - 2012-01-19 03:38 - 00000000 ____D C:\Users\SAMSUNG\Documents\Blog stuff

2013-03-03 03:57 - 2013-03-03 03:57 - 00016425 ____A C:\Users\SAMSUNG\Desktop\DDS (Desktop problem).txt

2013-03-03 03:57 - 2013-03-03 03:57 - 00002012 ____A C:\Users\SAMSUNG\Desktop\Rkill (Desktop problem).txt

2013-03-03 03:56 - 2013-03-03 03:56 - 00008592 ____A C:\Users\SAMSUNG\Desktop\Attach (desktop problem).txt

2013-03-03 03:43 - 2013-03-03 03:43 - 00688992 ____R (Swearware) C:\Users\SAMSUNG\Downloads\dds.com

2013-03-03 03:38 - 2013-03-03 03:38 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\SAMSUNG\Downloads\rkill(1).scr

2013-03-02 06:21 - 2010-01-13 19:52 - 00658970 ____A C:\Windows\PFRO.log

2013-03-02 01:26 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Cursors

2013-03-01 23:44 - 2012-05-08 07:59 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-03-01 23:44 - 2011-11-10 01:35 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-03-01 14:47 - 2013-03-01 14:47 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-03-01 14:47 - 2013-03-01 14:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-03-01 14:44 - 2013-03-01 14:44 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\SAMSUNG\Downloads\mbam-setup-1.70.0.1100.exe

2013-02-21 23:29 - 2013-02-21 23:29 - 00000000 ____D C:\Users\SAMSUNG\Documents\SF network analysis manual

2013-02-21 23:26 - 2013-02-21 23:26 - 00000000 ____D C:\Users\SAMSUNG\Documents\SocNetV-0.81

2013-02-21 23:14 - 2010-05-26 03:00 - 00000000 ____D C:\Users\SAMSUNG\AppData\Local\Microsoft Help

2013-02-21 23:12 - 2010-05-26 03:00 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-02-21 13:27 - 2012-04-25 01:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-02-19 13:47 - 2013-02-19 13:47 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-02-17 10:08 - 2013-02-17 10:08 - 00000000 ____D C:\Users\SAMSUNG\Downloads\Jive Bunny and The Mastermixers - The Album

2013-02-17 10:03 - 2013-02-10 13:21 - 00000000 ____D C:\Users\SAMSUNG\Documents\Job apps & Competencies

2013-02-14 23:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-02-14 23:31 - 2009-07-13 20:33 - 03828744 ____A C:\Windows\System32\FNTCACHE.DAT

2013-02-11 11:30 - 2012-11-21 06:23 - 00000000 ____D C:\Users\SAMSUNG\Documents\Python stuff

2013-02-10 13:26 - 2012-12-11 12:47 - 00000000 ____D C:\Users\SAMSUNG\Documents\Admin

2013-02-10 13:25 - 2012-12-03 03:24 - 00000000 ____D C:\Users\SAMSUNG\Documents\SPSSInc

2013-02-10 13:20 - 2013-02-10 13:20 - 00000000 ____D C:\Users\SAMSUNG\Documents\Cobra

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys

[2012-12-12 05:45] - [2012-09-06 08:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-02-06 13:55:27

Restore point made on: 2013-02-13 13:19:21

Restore point made on: 2013-02-13 13:48:29

Restore point made on: 2013-02-19 12:58:39

Restore point made on: 2013-02-24 13:51:17

Restore point made on: 2013-03-01 13:51:56

Restore point made on: 2013-03-04 14:44:35

Restore point made on: 2013-03-04 14:45:54

Restore point made on: 2013-03-06 13:42:29

==================== Memory info ===========================

Percentage of memory in use: 15%

Total physical RAM: 2932.55 MB

Available physical RAM: 2469.71 MB

Total Pagefile: 2930.82 MB

Available Pagefile: 2467.22 MB

Total Virtual: 2047.88 MB

Available Virtual: 1969.62 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:141.49 GB) (Free:95.65 GB) NTFS

2 Drive e: () (Fixed) (Total:141.5 GB) (Free:133.96 GB) NTFS

3 Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:3.42 GB) NTFS ==>[system with boot components (obtained from reading drive)]

5 Drive h: (INTENSO) (Removable) (Total:30.11 GB) (Free:25.43 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 Online 30 GB 0 B

Partitions of Disk 0:

===============

Disk ID: 8AC1535F

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 15 GB 1024 KB

Partition 2 Primary 100 MB 15 GB

Partition 3 Primary 141 GB 15 GB

Partition 4 Primary 141 GB 156 GB

=========================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F RECOVERY NTFS Partition 15 GB Healthy Hidden

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 141 GB Healthy

=========================================================

Disk: 0

Partition 4

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E NTFS Partition 141 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: 00000001

Partition ### Type Size Offset

------------- ---------------- ------- -------

* Partition 1 Primary 30 GB 0 B

=========================================================

Disk: 1

There is no partition selected.

There is no partition selected.

Please select a partition and try again.

=========================================================

Last Boot: 2013-03-05 11:42

==================== End Of Log ============================

Link to post
Share on other sites

I don't see malware signs in that log. Remove and secure away the flash-USB-drive.

Restart Windows in normal mode.

What I do notice is quiet a bit of Cyberlink / CyberlinkDVD applets set to start with Windows. You should look into trimming down programs that auto-start with Windows.

You may want to consider getting Winpatrol 2013 to help you in that regard. www.wimpatrol.com

Trim down the auto-start 3rd-party apps to only those that are a must. Examples of the latter are antivirus, MBAM, security apps, network/connectivity drivers.

You do not need instant messenger programs or email or drawing programs, for example, to auto-start.

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other services

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.