Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Password compramised - paypal affected [Solved]

Started by bookwormjean , Dec 12 2011 06:54 AM

  • This topic is locked This topic is locked

#1
bookwormjean
Posted 12 December 2011 - 06:54 AM

bookwormjean

    New Member

  • Member
  • Pip
  • 4 posts
Hi there.

I'll start from the top.

I play poker from my facebook account, and i am fairly new to computers. I had a pop up claiming to be the poker site, saying i had won a certain amount of chips, and needed to login to claim them.
Naturally, i was suspicious, so i put in the wrong password.
it told me the password was wrong, and this convinced me the pop up was genuine.
Around the same time, i noticed Avast had been disabled, and would not re-enable. I had to re-install it to get it to work.
The next day, 25million chips were removed from my facebook poker account.

Since then, several emails have been sent from my email address to the poker help desk, that i did not write.
I have also had a warning email from Paypal saying my account was now limited. This sounded like a scam to me, so i logged into paypal from a seperate computer, but it was true, and i had to change my password and confirm some details.

Since this happened, i have updated and ran Avast and Malwarebytes Anti-Malware, which both came back clean.
I have changed all relevant passwords from another clean computer, but i am suspicious of this computer.

Im sure they only got my password and email address from that daft moment i had claiming the poker chips, and just assummed correctly that i used the same password for other accounts. But, in this day and age, you can't be too careful!
Avast playing up is the only real worry, as something could have slipped in whilst id was disabled.

I now use differing passwords for each site i use.

Here is the log requested:

OTL.txt:
--------
OTL logfile created on: 12/12/2011 12:36:51 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Samsung Notebook\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.70% Memory free
5.92 Gb Paging File | 4.80 Gb Available in Paging File | 81.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.05 Gb Total Space | 185.58 Gb Free Space | 79.97% Space Free | Partition Type: NTFS
Drive D: | 50.94 Gb Total Space | 50.79 Gb Free Space | 99.70% Space Free | Partition Type: NTFS

Computer Name: SAMSUNGNOTEBOOK | User Name: Samsung Notebook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/12 12:35:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Samsung Notebook\Desktop\OTL.exe
PRC - [2011/11/28 18:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/11/21 04:21:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/06 17:00:54 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/10/06 17:00:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/04/20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
PRC - [2010/01/27 11:22:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2009/11/04 04:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 11:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/13 10:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/07 01:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/09 17:48:11 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/21 04:21:45 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/04/20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
MOD - [2010/04/16 13:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2006/08/12 03:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/06 17:00:54 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/10/06 17:00:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/08/14 16:07:42 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/26 15:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 17:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 17:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 17:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 17:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 17:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 17:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/06 17:00:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/08/05 10:02:46 | 002,203,648 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/06/08 00:56:37 | 000,015,656 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
DRV - [2010/01/27 11:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/01/27 11:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/10 13:44:52 | 000,122,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=smsn&bmod=smsn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/12/01 15:42:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/01 15:51:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/09 17:48:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Samsung Notebook\AppData\Roaming\mozilla\Extensions
[2011/12/01 15:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/27 15:14:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/21 04:21:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/21 01:23:17 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/11/21 01:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/21 01:23:17 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/11/21 01:23:17 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/11/21 01:23:17 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9486C245-204C-4EC3-A38E-65AF9F0F09BA}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/12 12:35:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Samsung Notebook\Desktop\OTL.exe
[2011/12/03 14:04:34 | 000,000,000 | ---D | C] -- C:\Users\Samsung Notebook\AppData\Roaming\Mozilla
[2011/11/17 19:39:01 | 000,000,000 | ---D | C] -- C:\Users\Samsung Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stamina
[2011/11/17 19:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamina
[2011/11/17 19:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Stamina
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/12/12 12:36:00 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 12:36:00 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 12:35:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Samsung Notebook\Desktop\OTL.exe
[2011/12/12 12:28:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/12 12:28:22 | 2384,941,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/09 17:48:11 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/12/09 10:41:43 | 000,000,000 | ---- | M] () -- C:\LogMeIn-1890-20111209-104143.dmp
[2011/12/03 14:30:05 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2011/12/01 15:51:02 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/28 18:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2011/11/28 18:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2011/11/28 17:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2011/11/28 17:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2011/11/28 17:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys
[2011/11/28 17:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2011/11/28 17:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2011/11/28 17:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2011/11/17 19:39:01 | 000,000,971 | ---- | M] () -- C:\Users\Samsung Notebook\Desktop\Stamina.lnk
[2011/11/17 18:59:48 | 000,628,460 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/11/17 18:59:48 | 000,110,612 | ---- | M] () -- C:\windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/12/09 10:41:43 | 000,000,000 | ---- | C] () -- C:\LogMeIn-1890-20111209-104143.dmp
[2011/12/01 15:51:02 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/01 15:51:02 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/17 19:39:01 | 000,000,971 | ---- | C] () -- C:\Users\Samsung Notebook\Desktop\Stamina.lnk
[2010/09/04 11:23:55 | 000,076,800 | ---- | C] () -- C:\windows\System32\spekekit_bak.dll
[2010/08/09 16:04:21 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/08/09 15:49:03 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/04/21 17:08:14 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010/04/21 17:08:14 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010/04/21 17:08:14 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2010/04/21 16:29:46 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2009/12/05 20:01:49 | 000,004,608 | ---- | C] () -- C:\windows\System32\HdmiCoin.dll
[2009/12/05 20:01:47 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/12/05 03:17:31 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 04:33:53 | 000,367,432 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,628,460 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,110,612 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

< End of report >

Extras.txt:
-----------

OTL Extras logfile created on: 12/12/2011 12:36:51 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Samsung Notebook\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.70% Memory free
5.92 Gb Paging File | 4.80 Gb Available in Paging File | 81.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.05 Gb Total Space | 185.58 Gb Free Space | 79.97% Space Free | Partition Type: NTFS
Drive D: | 50.94 Gb Total Space | 50.79 Gb Free Space | 99.70% Space Free | Partition Type: NTFS

Computer Name: SAMSUNGNOTEBOOK | User Name: Samsung Notebook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A5675A9E-F073-414A-9A04-F9BCD50459D7}" = Easy Network Manager
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DFF135C9-274E-443B-B2D1-FF0FD93EE790}" = calibre
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}" = SamsungMovie
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Foxit Reader" = Foxit Reader
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0.1 (x86 en-GB)" = Mozilla Firefox 8.0.1 (x86 en-GB)
"Stamina" = Stamina 2.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/22/2011 5:15:28 AM | Computer Name = SamsungNotebook | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3502.922, time
stamp: 0x4c9b0282 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
process id: 0xcbc Faulting application start time: 0x01cbe8719eecc66d Faulting application
path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: ed882231-5464-11e0-bfcd-002454a30134

Error - 3/22/2011 8:52:10 AM | Computer Name = SamsungNotebook | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3502.922, time
stamp: 0x4c9b0282 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
process id: 0xbe4 Faulting application start time: 0x01cbe88fd3c50c22 Faulting application
path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: 333e6817-5483-11e0-9c77-002454a30134

Error - 4/2/2011 6:23:37 AM | Computer Name = SamsungNotebook | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3508.1109, time
stamp: 0x4cda7240 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
process id: 0xcc0 Faulting application start time: 0x01cbf11ff4873c22 Faulting application
path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: 44f95928-5d13-11e0-bf2d-002454a30134

Error - 4/12/2011 10:50:02 AM | Computer Name = SamsungNotebook | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/18/2011 4:02:51 AM | Computer Name = SamsungNotebook | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3508.1109, time
stamp: 0x4cda7240 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
process id: 0xc48 Faulting application start time: 0x01cbfd9edcfbf3e3 Faulting application
path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: 4197476f-6992-11e0-8042-002454a30134

Error - 4/19/2011 3:31:18 AM | Computer Name = SamsungNotebook | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3508.1109, time
stamp: 0x4cda7240 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
process id: 0x864 Faulting application start time: 0x01cbfe63a545b2d0 Faulting application
path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: 034956ba-6a57-11e0-bfa2-002454a30134

Error - 4/19/2011 10:15:56 AM | Computer Name = SamsungNotebook | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3508.1109, time
stamp: 0x4cda7240 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
process id: 0x39c Faulting application start time: 0x01cbfe9c30d73dcb Faulting application
path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: 8a8426a6-6a8f-11e0-9904-002454a30134

Error - 4/19/2011 4:06:02 PM | Computer Name = SamsungNotebook | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3508.1109, time
stamp: 0x4cda7240 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
process id: 0xc38 Faulting application start time: 0x01cbfecd1b4aebd3 Faulting application
path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: 72c9eb1d-6ac0-11e0-9927-002454a30134

Error - 4/22/2011 8:25:01 AM | Computer Name = SamsungNotebook | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3508.1109, time
stamp: 0x4cda7240 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
process id: 0x80c Faulting application start time: 0x01cc00e830130a6e Faulting application
path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: 8ad32b58-6cdb-11e0-8df2-002454a30134

Error - 5/3/2011 12:26:49 PM | Computer Name = SamsungNotebook | Source = Application Error | ID = 1000
Description = Faulting application name: msnmsgr.exe, version: 15.4.3508.1109, time
stamp: 0x4cda7240 Faulting module name: YCWebCameraSource.ax, version: 2.0.7883.3217,
time stamp: 0x4a88fced Exception code: 0xc0000005 Fault offset: 0x0000c9f8 Faulting
process id: 0x990 Faulting application start time: 0x01cc09aece316cf2 Faulting application
path: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Faulting module path:
C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax Report Id: 24b910db-75a2-11e0-b182-002454a30134

[ OSession Events ]
Error - 9/4/2010 1:17:22 PM | Computer Name = SamsungNotebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/11/2011 6:40:20 PM | Computer Name = SamsungNotebook | Source = EventLog | ID = 6008
Description = The previous system shutdown at 18:28:52 on ?11/?12/?2011 was unexpected.

Error - 12/12/2011 7:30:15 AM | Computer Name = SamsungNotebook | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:07:24 on ?12/?12/?2011 was unexpected.

Error - 12/12/2011 8:12:38 AM | Computer Name = SamsungNotebook | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 12/12/2011 8:14:18 AM | Computer Name = SamsungNotebook | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 12/12/2011 8:16:02 AM | Computer Name = SamsungNotebook | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 12/12/2011 8:17:50 AM | Computer Name = SamsungNotebook | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 12/12/2011 8:19:41 AM | Computer Name = SamsungNotebook | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 12/12/2011 8:21:41 AM | Computer Name = SamsungNotebook | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 12/12/2011 8:23:37 AM | Computer Name = SamsungNotebook | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 12/12/2011 8:28:26 AM | Computer Name = SamsungNotebook | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:26:39 on ?12/?12/?2011 was unexpected.


< End of report >

Thank you in advance for your help.
  • 0

Advertisements

#2
Essexboy
Posted 12 December 2011 - 02:26 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can see nothing readilly apparent there. However discretion being the better part of valour lets check it thoroughly

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
Megaupload
  • 0

#3
bookwormjean
Posted 14 December 2011 - 04:52 PM

bookwormjean

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi, Wow that was a fast reply!

i was expecting waiting a few days!

Kaspersky scan took 3hrs 30mins, and came back "no threats found" there was no "detected threats" tab.

the other scan made 2 files, aswMBR and MBR.dat
I assume you want the text file?


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-14 16:06:51
-----------------------------
16:06:51.702 OS Version: Windows 6.1.7601 Service Pack 1
16:06:51.702 Number of processors: 2 586 0x170A
16:06:51.702 ComputerName: SAMSUNGNOTEBOOK UserName:
16:06:59.861 Initialize success
16:07:03.402 AVAST engine defs: 11121401
16:07:06.288 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:07:06.288 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3
16:07:06.304 Disk 0 MBR read successfully
16:07:06.304 Disk 0 MBR scan
16:07:06.304 Disk 0 unknown MBR code
16:07:06.319 Disk 0 scanning sectors +625139712
16:07:06.397 Disk 0 scanning C:\windows\system32\drivers
16:07:17.926 Service scanning
16:07:20.297 Modules scanning
16:07:30.359 Disk 0 trace - called modules:
16:07:30.390 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:07:30.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d99200]
16:07:30.390 3 CLASSPNP.SYS[8c26959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f4e028]
16:07:30.952 AVAST engine scan C:\windows
16:07:33.276 AVAST engine scan C:\windows\system32
16:09:45.440 AVAST engine scan C:\windows\system32\drivers
16:10:07.311 AVAST engine scan C:\Users\Samsung Notebook
16:10:56.139 AVAST engine scan C:\ProgramData
16:13:53.168 Scan finished successfully
16:15:01.496 Disk 0 MBR has been saved successfully to "C:\Users\Samsung Notebook\Desktop\MBR.dat"
16:15:01.496 The log file has been saved successfully to "C:\Users\Samsung Notebook\Desktop\aswMBR.txt"


Thanks.
  • 0

#4
Essexboy
Posted 15 December 2011 - 12:32 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK let check out the MBR a little bit more, do you have a branded computer i.e. Dell or HP

Also is there any suspect behaviour on your computer at the moment ?

For Avast do the following :
Go to control panel > Programs and Features
Select Avast (as if you were going to uninstall it)
On the dialogue left hand side scroll down to repair and click next
[attachment=54514:Capture.JPG]

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:



Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#5
bookwormjean
Posted 18 December 2011 - 10:17 AM

bookwormjean

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Avast repaired.
Pop-up stating it may not have uninstalled correctly, giving 2 options, i just X'd it away.

MBRCheck.exe results:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R530/R730
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 190):
0x8303E000 \SystemRoot\system32\ntoskrnl.exe
0x83007000 \SystemRoot\system32\halmacpi.dll
0x80BC4000 \SystemRoot\system32\kdcom.dll
0x8BC0A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8BC8F000 \SystemRoot\system32\PSHED.dll
0x8BCA0000 \SystemRoot\system32\BOOTVID.dll
0x8BCA8000 \SystemRoot\system32\CLFS.SYS
0x8BCEA000 \SystemRoot\system32\CI.dll
0x8BD95000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BE06000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BE14000 \SystemRoot\system32\drivers\ACPI.sys
0x8BE5C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8BE65000 \SystemRoot\system32\drivers\msisadrv.sys
0x8BE6D000 \SystemRoot\system32\drivers\pci.sys
0x8BE97000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8BEA2000 \SystemRoot\System32\drivers\partmgr.sys
0x8BEB3000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8BEBB000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8BEC6000 \SystemRoot\system32\drivers\volmgr.sys
0x8BED6000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BF21000 \SystemRoot\System32\drivers\mountmgr.sys
0x8C009000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8C0E3000 \SystemRoot\system32\drivers\atapi.sys
0x8C0EC000 \SystemRoot\system32\drivers\ataport.SYS
0x8C10F000 \SystemRoot\system32\drivers\msahci.sys
0x8C119000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8C127000 \SystemRoot\system32\drivers\amdxata.sys
0x8C130000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C164000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C175000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C2A4000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C2CF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C2E2000 \SystemRoot\System32\Drivers\cng.sys
0x8C33F000 \SystemRoot\System32\drivers\pcw.sys
0x8C34D000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BF37000 \SystemRoot\system32\drivers\ndis.sys
0x8C356000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C394000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C42C000 \SystemRoot\System32\drivers\tcpip.sys
0x8C576000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C5A7000 \SystemRoot\system32\drivers\volsnap.sys
0x8C5E6000 \SystemRoot\System32\Drivers\spldr.sys
0x8C5EE000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C61B000 \SystemRoot\System32\Drivers\mup.sys
0x8C62B000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C633000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C665000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C676000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C828000 \SystemRoot\system32\DRIVERS\49492275.sys
0x8CE42000 \SystemRoot\system32\drivers\cdrom.sys
0x8CE61000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x8CECE000 \SystemRoot\System32\Drivers\Null.SYS
0x8CED5000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CEDC000 \SystemRoot\System32\drivers\vga.sys
0x8CEE8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CF09000 \SystemRoot\System32\drivers\watchdog.sys
0x8CF16000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CF1E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CF26000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8CF2E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CF39000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CF47000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CF5E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CF6A000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8CF75000 \SystemRoot\system32\drivers\afd.sys
0x8CFCF000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8C69B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CFD6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8CFDD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C800000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8C811000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C6CD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C6E0000 \SystemRoot\system32\drivers\termdd.sys
0x8C81F000 \??\C:\windows\system32\Drivers\SABI.sys
0x8C6F1000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C732000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C73C000 \SystemRoot\system32\drivers\mssmbios.sys
0x8C746000 \SystemRoot\System32\drivers\discache.sys
0x8C752000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C76A000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8C778000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8C7C3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x98C1C000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x9953C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x995F3000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9962C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x99637000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x99682000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x99691000 \SystemRoot\system32\drivers\HDAudBus.sys
0x9602F000 \SystemRoot\system32\DRIVERS\athr.sys
0x9624D000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x96257000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x962A8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x962AC000 \SystemRoot\system32\drivers\i8042prt.sys
0x962C4000 \SystemRoot\system32\drivers\kbdclass.sys
0x962D1000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x96308000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9630A000 \SystemRoot\system32\drivers\mouclass.sys
0x96317000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x96329000 \SystemRoot\system32\drivers\CompositeBus.sys
0x96336000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x96337000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x96349000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x96361000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9636C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9638E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x963A6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x963BD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x963D4000 \SystemRoot\system32\drivers\swenum.sys
0x996B0000 \SystemRoot\system32\drivers\ks.sys
0x963D6000 \SystemRoot\system32\drivers\umbus.sys
0x996E4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x963E4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9780A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x97AB7000 \SystemRoot\system32\drivers\portcls.sys
0x97AE6000 \SystemRoot\system32\drivers\drmk.sys
0x97AFF000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x980C0000 \SystemRoot\System32\win32k.sys
0x97B22000 \SystemRoot\System32\drivers\Dxapi.sys
0x97B2C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8CD4A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x97B39000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x97B4A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x97B61000 \SystemRoot\System32\Drivers\usbvideo.sys
0x97B85000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98320000 \SystemRoot\System32\TSDDD.dll
0x98350000 \SystemRoot\System32\cdd.dll
0x98390000 \SystemRoot\System32\lmimirr.dll
0x983A0000 \SystemRoot\System32\lmimirr2.dll
0x97B90000 \SystemRoot\system32\drivers\luafv.sys
0x97BAB000 \??\C:\windows\system32\drivers\aswMonFlt.sys
0x97BE3000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x97BE6000 \SystemRoot\system32\drivers\WudfPf.sys
0x96000000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x99728000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x96010000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9976E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xB3C19000 \SystemRoot\system32\drivers\HTTP.sys
0xB3C9E000 \SystemRoot\system32\DRIVERS\bowser.sys
0xB3CB7000 \SystemRoot\System32\drivers\mpsdrv.sys
0xB3CC9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB3CEC000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB3D27000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB3D5A000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xB3D5C000 \??\C:\windows\system32\drivers\LMIRfsDriver.sys
0xB3D66000 \SystemRoot\system32\drivers\peauth.sys
0xB3DFD000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB3E07000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB3E28000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB3E35000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB3E85000 \SystemRoot\System32\DRIVERS\srv.sys
0x77260000 \Windows\System32\ntdll.dll
0x47EF0000 \Windows\System32\smss.exe
0x774A0000 \Windows\System32\apisetschema.dll
0x00660000 \Windows\System32\autochk.exe
0x77440000 \Windows\System32\gdi32.dll
0x773A0000 \Windows\System32\usp10.dll
0x771B0000 \Windows\System32\msvcrt.dll
0x771A0000 \Windows\System32\normaliz.dll
0x77110000 \Windows\System32\oleaut32.dll
0x76FF0000 \Windows\System32\wininet.dll
0x763A0000 \Windows\System32\shell32.dll
0x76370000 \Windows\System32\imagehlp.dll
0x762A0000 \Windows\System32\user32.dll
0x76220000 \Windows\System32\comdlg32.dll
0x76080000 \Windows\System32\setupapi.dll
0x75EC0000 \Windows\System32\iertutil.dll
0x75EA0000 \Windows\System32\imm32.dll
0x75E00000 \Windows\System32\advapi32.dll
0x75D70000 \Windows\System32\clbcatq.dll
0x75D20000 \Windows\System32\Wldap32.dll
0x75CE0000 \Windows\System32\ws2_32.dll
0x75CD0000 \Windows\System32\lpk.dll
0x75CC0000 \Windows\System32\nsi.dll
0x75C60000 \Windows\System32\difxapi.dll
0x75B90000 \Windows\System32\msctf.dll
0x75AB0000 \Windows\System32\kernel32.dll
0x75AA0000 \Windows\System32\psapi.dll
0x75A80000 \Windows\System32\sechost.dll
0x759D0000 \Windows\System32\rpcrt4.dll
0x75970000 \Windows\System32\shlwapi.dll
0x75850000 \Windows\System32\urlmon.dll
0x756F0000 \Windows\System32\ole32.dll
0x75660000 \Windows\System32\comctl32.dll
0x75630000 \Windows\System32\cfgmgr32.dll
0x755E0000 \Windows\System32\KernelBase.dll
0x755C0000 \Windows\System32\devobj.dll
0x754A0000 \Windows\System32\crypt32.dll
0x75470000 \Windows\System32\wintrust.dll
0x75460000 \Windows\System32\msasn1.dll

Processes (total 64):
0 System Idle Process
4 System
336 C:\Windows\System32\smss.exe
476 csrss.exe
520 C:\Windows\System32\wininit.exe
532 csrss.exe
576 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
700 C:\Windows\System32\svchost.exe
756 C:\Windows\System32\winlogon.exe
840 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\svchost.exe
1440 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
356 C:\Windows\System32\spoolsv.exe
428 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\taskhost.exe
1940 C:\Windows\System32\dwm.exe
1852 C:\Windows\System32\taskeng.exe
1904 C:\Windows\explorer.exe
1780 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
1688 C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
1984 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
1408 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
1968 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
2060 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
2132 C:\Program Files\LogMeIn\x86\ramaint.exe
2164 C:\Program Files\LogMeIn\x86\LogMeIn.exe
2308 C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
2564 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
2744 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2796 C:\Windows\System32\svchost.exe
2824 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2988 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3424 C:\Windows\System32\svchost.exe
3936 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
4036 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4044 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2576 C:\Windows\System32\igfxext.exe
2868 C:\Windows\System32\igfxsrvc.exe
2776 C:\Windows\System32\SearchIndexer.exe
3416 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3632 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3732 C:\Windows\System32\igfxtray.exe
3836 C:\Windows\System32\hkcmd.exe
3168 C:\Windows\System32\igfxpers.exe
4284 C:\Windows\servicing\TrustedInstaller.exe
4352 C:\Windows\System32\svchost.exe
4608 C:\Program Files\Windows Media Player\wmpnetwk.exe
5220 dllhost.exe
2788 C:\Windows\System32\audiodg.exe
5948 C:\Windows\System32\SearchProtocolHost.exe
4896 C:\Windows\System32\SearchFilterHost.exe
2516 C:\Windows\explorer.exe
5276 C:\Windows\System32\taskhost.exe
5740 dllhost.exe
6024 dllhost.exe
5752 C:\Users\Samsung Notebook\Desktop\MBRCheck.exe
4528 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003d`c9a00000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM321HI, Rev: 2AJ10001

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Computer seems fine, no issues since password change, but then again, i have only used it for facebook, until i get the all clear.

Thanks for the help thus far.
  • 0

#6
Essexboy
Posted 18 December 2011 - 10:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#7
bookwormjean
Posted 19 December 2011 - 10:21 AM

bookwormjean

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi, and thanks for your time.

I got a report:

All processes killed
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jean
->Temp folder emptied: 55981 bytes
->Temporary Internet Files folder emptied: 67322 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 126382088 bytes
->Flash cache emptied: 1831 bytes

User: Others
->Temp folder emptied: 32348 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Others.SamsungNotebook
->Temp folder emptied: 160866964 bytes
->Temporary Internet Files folder emptied: 89749573 bytes
->Java cache emptied: 178014 bytes
->FireFox cache emptied: 47634891 bytes
->Flash cache emptied: 102150 bytes

User: Public

User: Samsung Notebook
->Temp folder emptied: 113232445 bytes
->Temporary Internet Files folder emptied: 15949898 bytes
->Java cache emptied: 359890 bytes
->FireFox cache emptied: 99324363 bytes
->Flash cache emptied: 2013 bytes

User: Terry
->Temp folder emptied: 971244 bytes
->Temporary Internet Files folder emptied: 489119 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13832333 bytes
->Flash cache emptied: 456 bytes

User: Terry.SamsungNotebook
->Temp folder emptied: 55295 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39384319 bytes
->Flash cache emptied: 674 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 112854959 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 784.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12192011_161135

Files\Folders moved on Reboot...
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Again, thankyou for your time.
  • 0

#8
Essexboy
Posted 19 December 2011 - 12:42 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure - unless anything untoward happens I will close the thread tomorrow
  • 0

#9
Essexboy
Posted 21 December 2011 - 03:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP