Freezes after sleep mode/logout freeze

[Tak1337]

Hello. I was directed here from the virus section by Jahrusso after we conducted a clean sweep of my machine. http://forums.malwarebytes.org/index.php?showtopic=126271&st=0 I have two issues:

1) The computer after sleep mode will not connect to the internet and freezes in general.

2) The computer will not restart after sleep mode and gets stuck on the windows log out blue screen for windows 7 64 bit. This includes hard shutdown by holding down the restart button. I must pull the laptop battery out to get it to shut down.

I have a Samsung RF511 laptop. This laptop worked in all functions until about a month ago. I have not installed new programs recently enough to warrant the change in operation.

Any help would be greatly appreciated!

[AdvancedSetup]

That could potentially be an issue that simply may not get fixed without rebuilding the computer from scratch but we can take a look at a few things.

For now please run the following so we can get an updated set of logs.

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool.

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:

1. DDS.txt
   
2. Attach.txt
   

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file in most cases.
  

[Tak1337]

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/14/2011 8:53:21 PM

System Uptime: 5/20/2013 9:29:39 AM (2 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RF511/RF411/RF711

Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 179 GiB total, 25.813 GiB free.

D: is FIXED (NTFS) - 266 GiB total, 176.923 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: Broadcom BCM2070 Bluetooth 3.0 +HS USB Device

Device ID: USB\VID_0A5C&PID_219C\90A4DE51C394

Manufacturer: Broadcom

Name: Broadcom BCM2070 Bluetooth 3.0 +HS USB Device

PNP Device ID: USB\VID_0A5C&PID_219C\90A4DE51C394

Service: BTHUSB

.

==== System Restore Points ===================

.

RP428: 5/20/2013 8:18:57 AM - End of disinfection

RP429: 5/20/2013 8:33:38 AM - Device Driver Package Install: SunplusIT Imaging devices

.

==== Installed Programs ======================

.

ActivClient x64

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03)

Adobe Shockwave Player 11.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Free Antivirus

Batman: Arkham Asylum GOTY Edition

BatteryLifeExtender

Battlefield 3™

Battlelog Web Plugins

Bing Rewards Client Installer

Bonjour

Broadcom Wireless Utility

ChargeableUSB

Cisco Connect

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CopyTrans Suite Remove Only

Counter-Strike

D3DX10

Fast Start

FINAL FANTASY XIV

FINAL FANTASY XIV - A Realm Reborn (Beta Version)

Google Chrome

Guild Wars 2

Hamster Free ZIP Archiver 1.2.0.6

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Deskjet 1000 J110 series Basic Device Software

HP Deskjet 1000 J110 series Help

HP Photo Creations

HP Update

InstaCodecs

Intel® Control Center

Intel® Processor Graphics

iTunes

Java 7 Update 21

Java Auto Updater

Java 6 Update 39

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft IntelliPoint 8.2

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MotioninJoy ds3 driver version 0.6.0003

Movie Color Enhancer

MSVCRT

NVIDIA 3D Vision Controller Driver 314.22

NVIDIA Control Panel 314.22

NVIDIA Graphics Driver 314.22

NVIDIA Install Application

NVIDIA Optimus 1.12.12

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Update 1.12.12

NVIDIA Update Components

OpenOffice.org 3.3

Origin

PCSX2 - Playstation 2 Emulator

Pinnacle Game Profiler

Portal

Portal 2

PunkBuster Services

QuickTime

Ralink RT2870 Wireless LAN Card

Realtek Ethernet Controller Driver

Renesas Electronics USB 3.0 Host Controller Driver

RIFT

Samsung Kies

Samsung Update Plus

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Skype™ 5.10

Steam

swMSM

System Requirements Lab for Intel

Team Fortress 2

Team Fortress Classic

TeamSpeak 3 Client

The Elder Scrolls IV: Oblivion

The Elder Scrolls V: Skyrim

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VLC media player 1.0.1

WebCam SCB-1100N

WIDCOMM Bluetooth Software

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Yahoo! Detect

.

==== End Of File ===========================

[Tak1337]

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2

Run by Deviator at 11:01:39 on 2013-05-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8104.5637 [GMT -7:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE

C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Ralink\Common\RaRegistry.exe

C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Ralink\Common\RaUI.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\WebCam SCB-1100N\Monitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

C:\Users\Deviator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Deviator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Deviator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Deviator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\Deviator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Deviator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Deviator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uSearch Bar = Preserve

mWinlogon: Userinit = userinit.exe,

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

uRun: [Google Update] "C:\Users\Deviator\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [HFALoader] C:\Program Files (x86)\Hamster Soft\Free ZIP Archiver\Hamster.Archiver.UI.exe -loader

mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [WebCam SCB-1100N_Monitor] C:\Program Files (x86)\WebCam SCB-1100N\monitor.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: EnableSecureUIAPath = dword:1

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

TCP: NameServer = 216.136.95.2 64.132.94.250 192.168.1.1

TCP: Interfaces\{8F991575-58FC-4950-8697-DB214942CB21}\052796E6365637377237020284F6573756 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{8F991575-58FC-4950-8697-DB214942CB21}\24F6C6F6723702B496E67646F6D602 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{8F991575-58FC-4950-8697-DB214942CB21}\34963736F67363437393 : DHCPNameServer = 216.136.95.2 64.132.94.250 192.168.1.1

TCP: Interfaces\{8F991575-58FC-4950-8697-DB214942CB21}\7596E6475627963736F6D696E676 : DHCPNameServer = 216.136.95.2 64.132.94.250 192.168.1.1

TCP: Interfaces\{8F991575-58FC-4950-8697-DB214942CB21}\C696E6B6379737 : DHCPNameServer = 64.233.217.5 64.233.217.2

TCP: Interfaces\{E1C51D8C-EAE1-4F71-B5FD-C0995AAE7C77}\76F677966696D22383836303 : DHCPNameServer = 10.59.0.1

TCP: Interfaces\{E1C51D8C-EAE1-4F71-B5FD-C0995AAE7C77}\76F677966696D22383836313 : DHCPNameServer = 10.59.0.1

TCP: Interfaces\{E1C51D8C-EAE1-4F71-B5FD-C0995AAE7C77}\76F677966696D22383837363 : DHCPNameServer = 10.59.0.1

TCP: Interfaces\{E1C51D8C-EAE1-4F71-B5FD-C0995AAE7C77}\76F677966696D22383838393 : DHCPNameServer = 10.59.0.1

TCP: Interfaces\{E68D6D45-5460-4323-8CF5-BF4B7779FDCD} : DHCPNameServer = 216.136.95.2 64.132.94.250 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe

x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"

x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-5-20 30496]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-4 984144]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-8-4 370288]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2011-8-16 13824]

R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-8-4 25232]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-4 71600]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-10 44808]

R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2011-12-9 374112]

R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2011-12-9 451936]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-2 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-2 181248]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-15 425064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-8-20 349736]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-2-27 39464]

S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2012-2-26 31216]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-4-19 102936]

S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-4-19 37344]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-9-7 117520]

S3 RaMediaServer;RaMediaServer;C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [2011-12-9 619872]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-4-19 203544]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-16 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2012-7-30 29288]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2012-7-30 29288]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2012-7-30 29288]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2012-7-30 29288]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2012-7-30 29288]

.

=============== Created Last 30 ================

.

2013-05-20 16:30:06 -------- d-----w- C:\Windows\SysWow64\NV

2013-05-20 16:30:06 -------- d-----w- C:\Windows\System32\NV

2013-05-20 16:27:39 877856 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-05-20 16:27:39 76064 ----a-w- C:\Windows\System32\nv3dappshextr.dll

2013-05-20 16:27:39 6398240 ----a-w- C:\Windows\System32\nvcpl.dll

2013-05-20 16:27:39 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-05-20 16:27:39 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-05-20 16:27:39 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-05-20 16:27:39 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll

2013-05-20 16:27:39 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-05-20 16:27:39 1016096 ----a-w- C:\Windows\System32\nv3dappshext.dll

2013-05-20 16:26:52 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2013-05-20 15:36:09 -------- d-----w- C:\Users\Deviator\AppData\Local\{8FCF0907-A60C-4D24-B5BA-2E35CCEE2468}

2013-05-20 15:33:31 -------- d-----w- C:\Program Files (x86)\WebCam SCB-1100N

2013-05-20 15:18:20 -------- d-----w- C:\Windows\ERUNT

2013-05-17 16:23:32 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-17 16:13:56 -------- d-----w- C:\MATS

2013-05-17 15:51:39 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BF2D5495-55C1-4564-8F22-F03C7732C0BE}\mpengine.dll

2013-05-16 21:10:54 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-05-16 21:10:54 -------- d-----w- C:\Program Files\iTunes

2013-05-16 21:10:54 -------- d-----w- C:\Program Files\iPod

2013-05-16 21:10:54 -------- d-----w- C:\Program Files (x86)\iTunes

2013-05-15 16:03:39 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-15 16:03:39 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-05-15 16:03:39 144384 ----a-w- C:\Windows\System32\cdd.dll

2013-05-15 16:03:11 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-05-15 16:03:10 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-05-15 16:03:10 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-05-15 16:03:10 111448 ----a-w- C:\Windows\System32\consent.exe

2013-05-15 16:02:48 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-05-15 16:02:48 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-05-15 16:02:47 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-05-14 14:05:02 -------- d-----w- C:\Users\Deviator\AppData\Roaming\Malwarebytes

2013-05-14 14:04:48 -------- d-----w- C:\ProgramData\Malwarebytes

2013-05-14 14:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-14 14:04:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-14 14:04:34 -------- d-----w- C:\Users\Deviator\AppData\Local\Programs

2013-05-09 17:18:10 -------- d-----w- C:\Program Files (x86)\Cisco Systems

2013-05-09 17:12:04 -------- d-----w- C:\ProgramData\Cisco Systems

2013-04-23 18:08:50 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

.

==================== Find3M ====================

.

2013-05-20 15:12:36 119296 ----a-w- C:\Windows\SysWow64\zlib.dll

2013-05-17 16:23:06 866720 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-05-17 16:23:06 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-05-15 17:24:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-15 17:24:14 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-03-20 08:07:18 233472 ----a-w- C:\Windows\SysWow64\FsUsbExService.Exe

2013-03-20 08:07:16 37344 ----a-w- C:\Windows\SysWow64\FsUsbExDisk.Sys

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-02-22 07:17:06 203544 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2013-02-22 07:17:06 102936 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

.

============= FINISH: 11:01:59.29 ===============

[AdvancedSetup]

Unlike most other helpers here I do not want the logs copy/pasted. Please temporarily disable your Antivirus and run the scan again as it shows something stopped the scan from completing which more than likely was your antivirus.

Then click on the More Reply Options button and ATTACH both of the logs to your reply please.

Thanks

[Tak1337]

My apologies on the copy/paste.

I had Avira anti-virus disabled on the initial scan. I disabled it again and also disabled windows firewall for this scan. I have attached the files as requested.

attach.txt

dds.txt

[AdvancedSetup]

I'm going to want to run some scans and tools to see what's going on here. Since we cannot run those outside of the HJT forum I'm going to ask you to open a ticket on the Help Desk

Please ask for me and give this link in your new ticket as well so that I can look it up again.

http://forums.malwarebytes.org/index.php?showtopic=126604

Thanks

[Tak1337]

I placed the ticket. Thanks.

[AdvancedSetup]

I've replied so I'll go ahead and close this topic now.

I've reopened for now so that others can see a proposed fix for the Event Logs not working with an Error 4201 that the MiniToolbox log I had you run was able to show.

[AdvancedSetup]

WMI logs appear to be corrupted and why Event Logs cannot be opened. There could be another cause but the following procedure should hopefully correct it as long as it's not due to some other permissions or Registry corruption.

Click on the Start button and type in CMD and when it shows on the menu then right click and choose "Run as administrator"

This will give you an elevated command prompt that will start with Adminisrator: in the title.

At the command prompt please type the following exactly and press the Enter key.

net stop winmgmt

You will be prompted similar to this example below. Please press the "Y" key and then the Enter key to allow it to stop.

C:\>net stop winmgmt
The following services are dependent on the Windows Management Instrumentation service.
Stopping the Windows Management Instrumentation service will also stop these services.

   Security Center
   IP Helper
   Intel(R) Rapid Storage Technology

Do you want to continue this operation? (Y/N) [N]:

Next while still in the command prompt type the following and then press the Enter key.

CD C:\Windows\System32\LogFiles\WMI

The command prompt should now show the following

C:\>cd C:\Windows\System32\LogFiles\WMI

C:\Windows\System32\LogFiles\WMI>

Now while at the command prompt showing the WMI in the prompt type the following exactly and press the Enter key.

rename RtBackup RtBackupOld

Now restart the computer and the Event Logs should now work.

[Tak1337]

Ok. I've followed those steps. Have you received my files?

[AdvancedSetup]

No, no reply on the help desk. It may have bounced or been blocked by the mail provider. Please go ahead and send me a PM with the information.

[Tak1337]

The files you requested!

Attach.txt

DDS.txt

Result.txt

[AdvancedSetup]

I've gone ahead and moved your topic to the HJT forum so that we're able to run some other scans and tools here.

Please locate ALL of the log files from DDS, OTL, Combofix, MiniToolbox, etc that you've been using or doing and delete them so that we're not using old logs.

I'm seeing stuff you've been asked to run or remove still showing in logs so I want to make sure all the logs are NEW that we use from here out.

Once you've done that then please uninstall ALL versions of Java including the latest one you installed. We don't need Java right now and in fact if you can live without it its best not to install it but if you really have to have it then we'll install it again once we're done here.

STEP 01

Click on START and type in CMD.EXE and when it shows on the menu right click and choose "Run as administrator" then in the DOS console type the following and press the Enter key.

CHKDSK C: /R

It will say the drive cannot be locked and ask if you want to run it on restart. Press the Y key and then the Enter key and restart the computer.

It should take at least 10 minutes to run a disk check and could potentially take hours. I think you've run it before but please run it again now.

STEP 02

You were asked to run this tool but please run it again now. Make sure though that you've removed all the previous log files from the root of the C: drive that this tool creates.

Please download AdwCleaner by Xplode to your desktop.

• Close all open programs and internet browsers.
  
• Double click on AdwCleaner.exe to run the tool.
  
• If prompted by the User Account Control click Yes to allow it to run.
  
• Under Actions click on the Delete button.
  
• Click OK on all prompts.
  
• You will be prompted to restart your computer. A text file will open after the restart.
  
• Please post the entire contents of that logfile to your next reply.
  
• You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.
  

STEP 03

Now let's get a new clean set of DDS logs. Make sure that your antivirus is disabled when running these scans.

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool.

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:
• 
  
  1. DDS.txt
     
  2. Attach.txt
     

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file in most cases.
  

Thanks

[Tak1337]

Newest logs.

AdwCleanerS1.txt

attach.txt

dds.txt

[AdvancedSetup]

STEP 01

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  
  • Internet Services
    
  • Windows Firewall
    
  • System Restore
    
  • Security Center/Action Center
    
  • Windows Update
    
  • Windows Defender
    

  [*]Press "Scan".

  [*]It will create a log (FSS.txt) in the same directory the tool is run.

  [*]Please attach the log to your next reply.

STEP 02

Please run the following

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
• Put a checkmark beside loaded modules.
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
  
• Click the Start Scan button.
  
• The scan should take no longer than 2 minutes.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
• If malicious objects are found, they will show in the Scan results
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please attach that file here.

STEP 03

Download & SAVE to your Desktop RogueKiller for 64bit

• Quit all programs that you may have started.
  
• Please disconnect any external drives from the computer before you run this scan!
  
• Right-click and select "Run as Administrator to start"
  
• Wait until Prescan has finished ...
  
• Then Click on "Scan" button
  
• Wait until the Status box shows "Scan Finished"
  
• click on "delete"
  
• Wait until the Status box shows "Deleting Finished"
  
• the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  
• Exit/Close RogueKiller+
  

Send me back all the logs when done

[Tak1337]

I downloaded and tried to run Farbar Service Scanner but I got the error: C:\Users\Deviator\Downloads\FSS.exe is not a valid Win32 application. So I stopped there. Should I proceed to step 2?

[AdvancedSetup]

Please clear your Web browser cache and temporarily disable your antivirus and try the download again. I just ran that on my own x64 Windows 7 system so I know it works.

Thanks

[Tak1337]

Your logs, with antivirus disabled as always.

FSS.txt

RKreport2_D_05222013_02d0637.txt

TDSSKiller.2.8.16.0_22.05.2013_06.21.17_log.txt

[AdvancedSetup]

Please follow the guide here and do a clean removal and reinstall of MBAM.

MBAM Clean Removal Process

Go ahead and restart your computer even if not asked after the install. Then see if you can now enable the Protection Module or not and let me know.

Please run a Quick Scan and post back that log.

[Tak1337]

The protection mode seems to be a paid for service so I was unable to start that.

mbam-log-2013-05-22 (11-53-18).txt

[AdvancedSetup]

Yes it is a paid feature. That's okay though. So how is the computer running now and what issues do you still have left?

Is the computer behaving better now or still having problems with the sleep issue?

[Tak1337]

I just brought it out of a short sleep mode and it was still connected to the internet and it successfully restarted. Though the real issue was always that it wouldn't connect to the internet nor shutdown or restart properly after a long sleep mode.

So I will try and let it sleep for about 7-8 hours and try it out again tonight and monitor the situation. I will give you an update tomorrow morning with the progress.

Should I keep all tools you used? Or should I use delfix to remove them tomorrow if no problems persist?

[AdvancedSetup]

Please leave them until we're sure that we're done here. I would rather you remove Combofix manually as well if we're done and I'll give you directions on that too when ready.

Thanks

[Tak1337]

The only remaining issue is that the computer wont restart/shutdown after an extended sleep mode. It just stays on the shutting down windows blue screen infinitely until I manually hard reset with holding the power button or pulling the battery.