Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ICE Cyber crime virus


  • This topic is locked This topic is locked
13 replies to this topic

#1 LordSlizzurp

LordSlizzurp

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 14 April 2014 - 07:23 PM

I have the ice cyber crime virus. Its a popup that you cant remove that takes over your desktop and demands a certain amount of money to not erase your hard drive. I have figured out a way to bypass it by pressing the windows key and then hitting log off, when the programs start to shut down, it takes the virus window popup down with it and then the gray screen comes up that says "waiting for programs to close" at which point i hit cancel and am temporarily able to take back control of my computer. Also the virus has disabled certain software that used to run automatically on my laptop like all of the keyboard fn key shortcuts and movie color enhancer. Here is my DDS log. I have also ran malwarebytes which did remove some infections though I do not know if the problem i am experiencing has been removed as well since my fn keys and other system software hasnt resumed running normally =(

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16520
Run by Lord Slizzurp at 17:00:20 on 2014-04-14
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Lord Slizzurp\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Lord Slizzurp\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:tabs
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{2287089B-49F8-4E14-BB90-FADA8A77A34C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5828771D-7285-4C8D-9038-C365BB23D11B} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5828771D-7285-4C8D-9038-C365BB23D11B}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lord Slizzurp\AppData\Roaming\Mozilla\Firefox\Profiles\9shfug7p.default\
FF - plugin: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Users\Lord Slizzurp\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Lord Slizzurp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Lord Slizzurp\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Lord Slizzurp\AppData\Roaming\Mozilla\plugins\npo1d.dll
.
============= SERVICES / DRIVERS ===============
.
R? CLKMSVC10_38F51D56;CyberLink Product - 2011/02/21 14:29:43
R? clwvd;CyberLink WebCam Virtual Driver
R? DMAgent;Intelr PROSet/Wireless WiMAX Red Bend Device Management Service
R? GGSAFERDriver;GGSAFER Driver
R? MyWiFiDHCPDNS;Wireless PAN DHCP Server
R? Samsung UPD Service;Samsung UPD Service
R? TurboBoost;Intel® Turbo Boost Technology Monitor 2.0
R? UNS;Intel® Management and Security Application User Notification Service
R? WiMAXAppSrv;Intelr PROSet/Wireless WiMAX Service
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? bpenum;bpenum
S? bpmp;Intel® Centrino® WiMAX 6050 Series
S? bpusb;bpusb
S? dtsoftbus01;DAEMON Tools Virtual Bus Driver
S? ETD;ELAN PS/2 Port Input Device
S? IntcDAud;Intel® Display Audio
S? nusb3hub;Renesas Electronics USB 3.0 Hub Driver
S? nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver
S? nvpciflt;nvpciflt
S? RTL8167;Realtek 8167 NT Driver
S? SABI;SAMSUNG Kernel Driver For Windows 7
S? TurboB;Turbo Boost UI Monitor driver
S? wdkmd;Intel WiDi KMD
.
=============== Created Last 30 ================
.
2014-04-08 03:38:59 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-08 03:38:44 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-08 03:38:44 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-08 03:38:44 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-08 03:38:44 -------- d-----w- C:\ProgramData\Malwarebytes
2014-04-08 03:38:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-08 03:25:06 -------- d-----w- C:\ProgramData\2992199F9A
2014-03-28 01:44:16 -------- d-----w- C:\Users\Lord Slizzurp\AppData\Roaming\NVIDIA
2014-03-28 01:36:28 -------- d-----w- C:\Windows\SysWow64\AGEIA
2014-03-28 01:36:23 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-03-27 16:07:19 -------- d-----w- C:\Program Files (x86)\GeMM
2014-03-27 15:54:33 -------- d-----w- C:\Users\Lord Slizzurp\AppData\Local\FOMM
.
==================== Find3M  ====================
.
2014-01-18 04:19:30 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2014-01-17 20:22:34 60297 ----a-w- C:\Windows\SysWow64\nglide_uninst.exe
2014-01-16 20:44:04 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
.
============= FINISH: 17:03:06.32 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 AM

Posted 19 April 2014 - 07:00 AM





Hello LordSlizzurp

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 LordSlizzurp

LordSlizzurp
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 19 April 2014 - 12:26 PM

Hi Gringo,

Thanks for your help!

 

Here is FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2014
Ran by Lord Slizzurp (administrator) on LORDSLIZZURP-PC on 19-04-2014 10:13:54
Running from C:\Users\Lord Slizzurp\Downloads
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Google) C:\Users\Lord Slizzurp\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-04] (Intel® Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-30] (AVAST Software)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\...\MountPoints2: {4b06b241-7fcd-11e3-9c8c-e811324a6ce4} - G:\jedi.exe
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\...\MountPoints2: {4b06b245-7fcd-11e3-9c8c-e811324a6ce4} - H:\autorun.exe
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\...\MountPoints2: {4b06b247-7fcd-11e3-9c8c-e811324a6ce4} - I:\autorun.exe
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\...\MountPoints2: {4b06b249-7fcd-11e3-9c8c-e811324a6ce4} - J:\setup.exe /autorun
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\...\MountPoints2: {4b06b24c-7fcd-11e3-9c8c-e811324a6ce4} - K:\AutoRun.exe
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\...\MountPoints2: {f9db186b-6daa-11e3-9d7c-e811324a6ce4} - "F:\WD Drive Unlock.exe" autoplay=true
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2010-12-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-12-14] (NVIDIA Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Lord Slizzurp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hbw0qy.lnk
ShortcutTarget: hbw0qy.lnk -> C:\PROGRA~3\299219~1\yq0wbh.cpp (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: W2PBrowser Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Lord Slizzurp\AppData\Roaming\Mozilla\Firefox\Profiles\9shfug7p.default
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Lord Slizzurp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Lord Slizzurp\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Lord Slizzurp\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lord Slizzurp\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lord Slizzurp\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Lord Slizzurp\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lord Slizzurp\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Lord Slizzurp\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [246256 2010-08-24] (CyberLink)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-04] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
S2 Winmgmt; C:\PROGRA~3\2992199F9A\hbw0qy.faa [X]
S4 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-01-17] (DT Soft Ltd)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-19 10:12 - 2014-04-19 10:12 - 00000322 _____ () C:\Users\Lord Slizzurp\Downloads\Addition.txt
2014-04-19 10:11 - 2014-04-19 10:13 - 00009532 _____ () C:\Users\Lord Slizzurp\Downloads\FRST.txt
2014-04-19 10:11 - 2014-04-19 10:11 - 00000000 ____D () C:\FRST
2014-04-19 10:09 - 2014-04-19 10:13 - 02055680 _____ (Farbar) C:\Users\Lord Slizzurp\Downloads\FRST64.exe
2014-04-17 20:03 - 2014-04-17 20:03 - 00000078 _____ () C:\Users\Lord Slizzurp\Documents\everything all th time.txt
2014-04-16 22:58 - 2014-04-16 22:58 - 00022231 _____ () C:\Users\Lord Slizzurp\Downloads\The_Bourne_Quadrilogy(2002_-_2012)_BRRiP_720p_x264_AC3_5.1[Team_.8883293.TPB.torrent
2014-04-14 17:17 - 2014-04-14 17:17 - 00001496 _____ () C:\Users\Lord Slizzurp\Desktop\attach.rar
2014-04-14 17:03 - 2014-04-14 17:04 - 00006417 _____ () C:\Users\Lord Slizzurp\Desktop\dds.txt
2014-04-14 17:03 - 2014-04-14 17:04 - 00002892 _____ () C:\Users\Lord Slizzurp\Desktop\attach.txt
2014-04-14 16:58 - 2014-04-14 16:58 - 00688992 ____R (Swearware) C:\Users\Lord Slizzurp\Downloads\dds.com
2014-04-09 20:10 - 2014-04-09 20:10 - 00009577 _____ () C:\Users\Lord Slizzurp\Downloads\red-room-akai-misbleepsu-heya-kindan-no-sama-geemu_english-80971.zip
2014-04-09 14:25 - 2014-04-09 14:25 - 00002994 _____ () C:\Windows\System32\Tasks\WifiManager
2014-04-09 14:23 - 2014-04-09 14:24 - 25646391 _____ () C:\Users\Lord Slizzurp\Downloads\Easy_Display_Manager_3.2.5.2.zip
2014-04-07 20:38 - 2014-04-12 11:31 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 20:38 - 2014-04-07 20:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 20:38 - 2014-04-07 20:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-07 20:38 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-07 20:38 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-07 20:38 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-07 20:25 - 2014-04-07 20:52 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-04 20:26 - 2014-04-04 21:42 - 00000000 ____D () C:\Users\Lord Slizzurp\Desktop\Game Of Thrones Season 1 - Complete
2014-04-03 22:55 - 2014-02-17 02:43 - 732395520 _____ () C:\Users\Lord Slizzurp\Desktop\Men_Behind_The_Sun (xvid110-sickboy88).avi
2014-03-27 18:44 - 2014-03-27 18:44 - 00000000 ____D () C:\Users\Lord Slizzurp\AppData\Roaming\NVIDIA
2014-03-27 18:36 - 2014-03-27 18:36 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-03-27 18:36 - 2014-03-27 18:36 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-27 09:07 - 2014-03-27 09:07 - 00000000 ____D () C:\Program Files (x86)\GeMM
2014-03-27 08:54 - 2014-03-27 08:54 - 00000000 ____D () C:\Users\Lord Slizzurp\AppData\Local\FOMM
2014-03-27 08:53 - 2014-03-27 08:53 - 01404186 _____ (Q, Timeslip ) C:\Users\Lord Slizzurp\Downloads\New FOMM-640-0-13-21.exe
2014-03-24 20:27 - 2014-04-03 22:06 - 00000000 ____D () C:\Users\Lord Slizzurp\AppData\Roaming\dvdcss
2014-03-23 14:33 - 2014-03-23 14:33 - 00000090 _____ () C:\Users\Lord Slizzurp\Documents\Untitled.txt

==================== One Month Modified Files and Folders =======

2014-04-19 10:13 - 2014-04-19 10:11 - 00009532 _____ () C:\Users\Lord Slizzurp\Downloads\FRST.txt
2014-04-19 10:13 - 2014-04-19 10:09 - 02055680 _____ (Farbar) C:\Users\Lord Slizzurp\Downloads\FRST64.exe
2014-04-19 10:12 - 2014-04-19 10:12 - 00000322 _____ () C:\Users\Lord Slizzurp\Downloads\Addition.txt
2014-04-19 10:11 - 2014-04-19 10:11 - 00000000 ____D () C:\FRST
2014-04-19 10:10 - 2013-12-04 15:00 - 00000000 ____D () C:\Users\Lord Slizzurp\AppData\Roaming\uTorrent
2014-04-18 23:01 - 2013-12-27 13:36 - 00000000 ____D () C:\Users\Lord Slizzurp\AppData\Roaming\vlc
2014-04-18 20:19 - 2011-02-20 22:12 - 01020120 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 18:14 - 2009-07-13 21:51 - 00044707 _____ () C:\Windows\setupact.log
2014-04-17 20:03 - 2014-04-17 20:03 - 00000078 _____ () C:\Users\Lord Slizzurp\Documents\everything all th time.txt
2014-04-17 19:58 - 2013-12-30 13:51 - 00000000 ____D () C:\Users\Lord Slizzurp\AppData\Local\CrashDumps
2014-04-16 22:58 - 2014-04-16 22:58 - 00022231 _____ () C:\Users\Lord Slizzurp\Downloads\The_Bourne_Quadrilogy(2002_-_2012)_BRRiP_720p_x264_AC3_5.1[Team_.8883293.TPB.torrent
2014-04-16 09:55 - 2009-07-13 21:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 09:55 - 2009-07-13 21:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 09:48 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 17:17 - 2014-04-14 17:17 - 00001496 _____ () C:\Users\Lord Slizzurp\Desktop\attach.rar
2014-04-14 17:04 - 2014-04-14 17:03 - 00006417 _____ () C:\Users\Lord Slizzurp\Desktop\dds.txt
2014-04-14 17:04 - 2014-04-14 17:03 - 00002892 _____ () C:\Users\Lord Slizzurp\Desktop\attach.txt
2014-04-14 17:00 - 2013-12-04 13:40 - 00000000 ____D () C:\Users\Lord Slizzurp
2014-04-14 16:58 - 2014-04-14 16:58 - 00688992 ____R (Swearware) C:\Users\Lord Slizzurp\Downloads\dds.com
2014-04-13 17:19 - 2013-12-04 15:01 - 00000000 ___RD () C:\Users\Lord Slizzurp\Desktop\Games
2014-04-13 11:53 - 2014-01-17 14:30 - 00000000 ____D () C:\Users\Lord Slizzurp\.FBReader
2014-04-12 11:31 - 2014-04-07 20:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-09 20:10 - 2014-04-09 20:10 - 00009577 _____ () C:\Users\Lord Slizzurp\Downloads\red-room-akai-misbleepsu-heya-kindan-no-sama-geemu_english-80971.zip
2014-04-09 14:33 - 2011-02-20 22:19 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-04-09 14:25 - 2014-04-09 14:25 - 00002994 _____ () C:\Windows\System32\Tasks\WifiManager
2014-04-09 14:24 - 2014-04-09 14:23 - 25646391 _____ () C:\Users\Lord Slizzurp\Downloads\Easy_Display_Manager_3.2.5.2.zip
2014-04-07 21:54 - 2013-12-04 14:52 - 00000000 ____D () C:\Windows\pss
2014-04-07 21:54 - 2011-02-20 23:32 - 00265484 _____ () C:\Windows\PFRO.log
2014-04-07 20:52 - 2014-04-07 20:25 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-07 20:38 - 2014-04-07 20:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 20:38 - 2014-04-07 20:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-07 20:25 - 2013-12-04 13:40 - 00000000 ___RD () C:\Users\Lord Slizzurp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-04 21:59 - 2013-12-27 12:20 - 00000000 ____D () C:\Books
2014-04-04 21:42 - 2014-04-04 20:26 - 00000000 ____D () C:\Users\Lord Slizzurp\Desktop\Game Of Thrones Season 1 - Complete
2014-04-03 22:06 - 2014-03-24 20:27 - 00000000 ____D () C:\Users\Lord Slizzurp\AppData\Roaming\dvdcss
2014-04-03 22:05 - 2009-07-13 22:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 09:51 - 2014-04-07 20:38 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-07 20:38 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-07 20:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-27 18:44 - 2014-03-27 18:44 - 00000000 ____D () C:\Users\Lord Slizzurp\AppData\Roaming\NVIDIA
2014-03-27 18:44 - 2013-12-25 16:34 - 00000000 ____D () C:\Users\Lord Slizzurp\Documents\My Games
2014-03-27 18:38 - 2011-02-20 23:44 - 00100240 _____ () C:\Windows\DirectX.log
2014-03-27 18:36 - 2014-03-27 18:36 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-03-27 18:36 - 2014-03-27 18:36 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-27 09:07 - 2014-03-27 09:07 - 00000000 ____D () C:\Program Files (x86)\GeMM
2014-03-27 08:54 - 2014-03-27 08:54 - 00000000 ____D () C:\Users\Lord Slizzurp\AppData\Local\FOMM
2014-03-27 08:53 - 2014-03-27 08:53 - 01404186 _____ (Q, Timeslip ) C:\Users\Lord Slizzurp\Downloads\New FOMM-640-0-13-21.exe
2014-03-23 14:33 - 2014-03-23 14:33 - 00000090 _____ () C:\Users\Lord Slizzurp\Documents\Untitled.txt
2014-03-20 14:02 - 2013-12-04 17:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Lord Slizzurp\AppData\Local\Temp\0955.dll
C:\Users\Lord Slizzurp\AppData\Local\Temp\AskSLib.dll
C:\Users\Lord Slizzurp\AppData\Local\Temp\Core.dll
C:\Users\Lord Slizzurp\AppData\Local\Temp\cres.dll
C:\Users\Lord Slizzurp\AppData\Local\Temp\cshell.dll
C:\Users\Lord Slizzurp\AppData\Local\Temp\drm_dyndata_7340007.dll
C:\Users\Lord Slizzurp\AppData\Local\Temp\MSN76F5.exe
C:\Users\Lord Slizzurp\AppData\Local\Temp\Setup.exe
C:\Users\Lord Slizzurp\AppData\Local\Temp\sres.dll
C:\Users\Lord Slizzurp\AppData\Local\Temp\Window.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-19 00:16

==================== End Of Log ============================

 

Here is Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2014
Ran by Lord Slizzurp at 2014-04-19 10:14:13
Running from C:\Users\Lord Slizzurp\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{FFB768E4-E427-4553-BC36-A11F5E62A94D}) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Aliens versus Predator Gold Edition (HKLM-x32\...\Aliens versus Predator) (Version:  - )
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 7.0.1474.0 - AVAST Software)
Battlezone 1998 (HKLM-x32\...\{CC7852B8-569E-4604-A433-495CA5051402}_is1) (Version:  - Activision)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2310.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.2310.52 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.3509 - CyberLink Corp.) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Descent 3 with Mercenary Expansion (HKLM-x32\...\GOGPACKDESCENT3_is1) (Version: 2.0.0.16 - GOG.com)
Duke Nukem 3D Megaton Edition version 1.00 (HKLM-x32\...\Duke Nukem 3D Megaton Edition_is1) (Version: 1.00 - )
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
EasyFileShare (HKLM-x32\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung)
ETDWare PS/2-X64 8.0.7.2_WHQL (HKLM\...\Elantech) (Version: 8.0.7.2 - ELAN Microelectronic Corp.)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Fallout New Vegas (HKLM-x32\...\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}_is1) (Version: 1.4.0.525 - Bethesda Softworks)
Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version:  - )
Forsaken (HKLM-x32\...\Forsaken) (Version:  - )
Freespace with Silent Threat Expansion (HKLM-x32\...\Freespace with Silent Threat Expansion_is1) (Version:  - GOG.com)
Garena Plus (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
GOG.com Wing Commander Prophecy (HKLM\...\{8985c70a-2803-426b-8a62-fcc6173f8af5}.sdb) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{2A83AD05-56E6-3FBD-8752-B4143162EF59}) (Version: 4.9.1.16010 - Google)
Grand Theft Auto IV v1.0 / RePack by Baracuda (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}_is1) (Version:  - )
Hexen II (HKLM\...\{7E7F525A-5059-4D71-865A-7BD238F1131D}) (Version: 04.09.2010 - Samkov)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.2000 - Intel Corporation)
iTunes (HKLM\...\{5E11C972-1E76-45FE-8F92-14E0D1140B1B}) (Version: 10.5.3.3 - Apple Inc.)
Kingpin - Life of Crime (HKLM-x32\...\Kingpin - Life of Crime_is1) (Version:  - GOG.com)
Kingpin: Life of Crime (HKLM-x32\...\Kingpin) (Version:  - )
Left 4 Dead 2 Add-On Installer (HKLM-x32\...\{F7D1BEE1-8CD0-4156-AA60-653109B4ECD7}) (Version: 1.0.0 - [SAO] Peter)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Urban Assault (HKLM-x32\...\Urban Assault 1.0) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Mozilla Firefox 15.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 15.0 (x86 en-US)) (Version: 15.0 - Mozilla)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - )
Need for Speed Underground 2 (HKLM-x32\...\Need for Speed Underground 2) (Version:  - )
nGlide 1.02 (HKLM-x32\...\nGlide) (Version: 1.02 - Zeus Software)
NVIDIA Control Panel 266.10 (Version: 266.10 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 266.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.10 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.34.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.11 (Version: 1.0.11 - NVIDIA Corporation) Hidden
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.0.11 - NVIDIA Corporation) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
Postal 2 (HKLM-x32\...\Postal 2) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.33.1125.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Rogue Spear (HKLM-x32\...\Rogue Spear) (Version:  - )
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.21.0 - Samsung Electronics Co., Ltd.)
Samsung AnyWeb Print (x32 Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.8 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.21 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.1.0 - Samsung Electronics Co., Ltd.)
Soldier of Fortune - Community Edition 5.0 (HKLM-x32\...\Soldier of Fortune - Community Edition 5.0) (Version:  - )
SRS Premium Sound Control Panel (HKLM\...\{2998191E-A35E-47E2-BE38-7702C731D722}) (Version: 1.10.1000 - SRS Labs, Inc.)
Star Wars: Jedi Knight - Dark Forces 2 (HKLM-x32\...\THJediReplacementSetup_is1) (Version: 1.0 - Lucasarts)
Unreal Tournament G.O.T.Y. Edition (HKLM-x32\...\UnrealTournament) (Version:  - )
Uprising (HKLM-x32\...\Uprising) (Version:  - )
Urban Operations (HKLM-x32\...\Urban Operations) (Version:  - )
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Wing Commander -  Prophecy - Gold (HKLM-x32\...\GOGPACKWC5PROPHECY_is1) (Version: 2.0.0.11 - GOG.com)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wolfenstein (HKLM-x32\...\InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}) (Version: 1.0 - Activision)
Wolfenstein (x32 Version: 1.0 - Activision) Hidden

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0E7F70D2-850D-42EA-A016-901042956CDC} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
Task: {377B5854-5B90-48CA-9D6D-84761C79944F} - System32\Tasks\{210AC140-B4C1-4041-9CD3-8C314440E56B} => C:\Games\PC Games\Star Wars Rogue Squadron 3D\Rogue Squadron.EXE
Task: {3B201C04-6A81-496C-B65F-1C2EB9F9B937} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
Task: {528E891D-771B-4DB4-943A-8381D555E244} - System32\Tasks\gg_uac_daemon_Lord Slizzurp => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2014-01-07] ()
Task: {5859D208-25F8-44D3-9142-2EAABBBBF045} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2010-12-06] (Samsung Electronics Co., Ltd.)
Task: {5CF34E84-5E82-47BC-ACA4-1E7D9FD73DA8} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe [2010-11-29] (SRS Labs, Inc.)
Task: {5F7F3B02-F034-498A-8F9C-CA0EE83913EE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-30] (AVAST Software)
Task: {64772561-C222-40C8-9DF7-A7397F6F77D7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001UA => C:\Users\Lord Slizzurp\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
Task: {76928491-A57C-42BB-AF44-57BA41F5AC56} - System32\Tasks\{EBA844C8-7130-493A-A8DB-6C75C1B0B63B} => C:\Users\Lord Slizzurp\Desktop\ROGUE_1_000\ROGUE.EXE
Task: {BD449578-8900-420C-83CC-839B790D58F4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001Core => C:\Users\Lord Slizzurp\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)
Task: {EC04A83C-FE65-4D6A-854D-3EA3A60D1CA6} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
Task: {F46A7671-6A34-4ED1-B376-DD870FF1B6B0} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-06] (Samsung Electronics Co., Ltd.)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001Core.job => C:\Users\Lord Slizzurp\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001UA.job => C:\Users\Lord Slizzurp\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-01-04 20:53 - 2011-01-04 20:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-02-21 15:46 - 2010-11-28 21:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-01-04 20:53 - 2011-01-04 20:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-02-20 22:31 - 2010-04-20 16:44 - 00719872 _____ () C:\Windows\system32\SnMinDrv.dll
2014-04-19 09:59 - 2014-04-19 08:09 - 02292224 _____ () C:\Program Files\AVAST Software\Avast\defs\14041903\algo.dll
2014-01-16 21:03 - 2014-01-16 20:57 - 00107520 _____ () C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll
2011-02-20 22:09 - 2010-12-14 16:01 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2011-02-20 22:31 - 2010-09-16 22:21 - 01236992 _____ () C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:7BE81D83475A7DBB
AlternateDataStreams: C:\ProgramData\Temp:76650B61

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Lord Slizzurp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Intel® Turbo Boost Technology Monitor 2.0.lnk => C:\Windows\pss\Intel® Turbo Boost Technology Monitor 2.0.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: Best Buy pc app => C:\Users\Lord Slizzurp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Lord Slizzurp\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
MSCONFIG\startupreg: IntelWirelessWiMAX => "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2014 00:34:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error: (04/19/2014 00:33:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/18/2014 09:29:46 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16520 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 161c

Start Time: 01cf5ab276e9cafb

Termination Time: 350

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (04/17/2014 07:57:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16520, time stamp: 0x525a68d9
Faulting module name: AcroIEHelper.dll_unloaded, version: 0.0.0.0, time stamp: 0x49a847f1
Exception code: 0xc0000005
Fault offset: 0x7401556c
Faulting process id: 0x1558
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (04/17/2014 00:32:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error: (04/17/2014 00:31:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (04/16/2014 09:03:18 PM) (Source: Application Hang) (User: )
Description: The program dmhkcore.exe version 3.2.5.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fb0

Start Time: 01cf5993b869b404

Termination Time: 5

Application Path: C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

Report Id: 2e1fe1c4-c5e5-11e3-84ed-e811324a6ce4

Error: (04/15/2014 11:42:19 AM) (Source: Application Hang) (User: )
Description: The program uTorrent.exe version 3.4.1.30740 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1048

Start Time: 01cf56bf5915d8a3

Termination Time: 491

Application Path: C:\Users\Lord Slizzurp\AppData\Roaming\uTorrent\uTorrent.exe

Report Id: a558b2f6-c4cd-11e3-86bb-e811324a6ce4

Error: (04/15/2014 00:43:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error: (04/15/2014 00:41:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

System errors:
=============
Error: (04/19/2014 10:19:01 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (04/19/2014 10:18:31 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (04/19/2014 10:18:01 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (04/19/2014 10:17:31 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (04/19/2014 10:17:01 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (04/19/2014 10:16:31 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (04/19/2014 10:16:01 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (04/19/2014 10:15:31 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (04/19/2014 10:15:01 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (04/19/2014 10:14:31 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Microsoft Office Sessions:
=========================
Error: (04/19/2014 00:34:57 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestc:\Games\PC Games\wolfenstein\MP\serverlauncher.exe

Error: (04/19/2014 00:33:03 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/18/2014 09:29:46 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16520161c01cf5ab276e9cafb350C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (04/17/2014 07:57:57 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.16520525a68d9AcroIEHelper.dll_unloaded0.0.0.049a847f1c00000057401556c155801cf5a6ab1bfa7deC:\Program Files (x86)\Internet Explorer\iexplore.exeAcroIEHelper.dll3dfb58e9-c6a5-11e3-84ed-e811324a6ce4

Error: (04/17/2014 00:32:52 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestc:\Games\PC Games\wolfenstein\MP\serverlauncher.exe

Error: (04/17/2014 00:31:37 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (04/16/2014 09:03:18 PM) (Source: Application Hang)(User: )
Description: dmhkcore.exe3.2.5.2fb001cf5993b869b4045C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe2e1fe1c4-c5e5-11e3-84ed-e811324a6ce4

Error: (04/15/2014 11:42:19 AM) (Source: Application Hang)(User: )
Description: uTorrent.exe3.4.1.30740104801cf56bf5915d8a3491C:\Users\Lord Slizzurp\AppData\Roaming\uTorrent\uTorrent.exea558b2f6-c4cd-11e3-86bb-e811324a6ce4

Error: (04/15/2014 00:43:31 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestc:\Games\PC Games\wolfenstein\MP\serverlauncher.exe

Error: (04/15/2014 00:41:47 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 6055.12 MB
Available physical RAM: 4740.89 MB
Total Pagefile: 12108.38 MB
Available Pagefile: 10233.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:677.16 GB) (Free:261.15 GB) NTFS
Drive g: (JEDI_1) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive h: (FORSAKEN) (CDROM) (Total:0.18 GB) (Free:0 GB) CDFS
Drive i: (UPRISING) (CDROM) (Total:0.23 GB) (Free:0 GB) CDFS
Drive j: (UASSAULT) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS
Drive k: (URBANOPS) (CDROM) (Total:0.47 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: BC7A5D4B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=677 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=27)

==================== End Of Log ============================



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 AM

Posted 19 April 2014 - 02:39 PM

Hello LordSlizzurp



I need you to download this script I have made for you --> Attached File  fixlist.txt   1.69KB   11 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 LordSlizzurp

LordSlizzurp
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 19 April 2014 - 05:53 PM

Here is fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-04-2014
Ran by Lord Slizzurp at 2014-04-19 15:42:57 Run:1
Running from C:\Users\Lord Slizzurp\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\...\MountPoints2: {4b06b241-7fcd-11e3-9c8c-e811324a6ce4} - G:\jedi.exe
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\...\MountPoints2: {4b06b245-7fcd-11e3-9c8c-e811324a6ce4} - H:\autorun.exe
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\...\MountPoints2: {4b06b247-7fcd-11e3-9c8c-e811324a6ce4} - I:\autorun.exe
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\...\MountPoints2: {4b06b249-7fcd-11e3-9c8c-e811324a6ce4} - J:\setup.exe /autorun
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\...\MountPoints2: {4b06b24c-7fcd-11e3-9c8c-e811324a6ce4} - K:\AutoRun.exe
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\...\MountPoints2: {f9db186b-6daa-11e3-9d7c-e811324a6ce4} - "F:\WD Drive Unlock.exe" autoplay=true
Startup: C:\Users\Lord Slizzurp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hbw0qy.lnk
ShortcutTarget: hbw0qy.lnk -> C:\PROGRA~3\299219~1\yq0wbh.cpp (No File)
S2 Winmgmt; C:\PROGRA~3\2992199F9A\hbw0qy.faa [X]
C:\Users\Lord Slizzurp\AppData\Local\Temp\0955.dll
C:\Users\Lord Slizzurp\AppData\Local\Temp\AskSLib.dll
C:\Users\Lord Slizzurp\AppData\Local\Temp\Core.dll
C:\Users\Lord Slizzurp\AppData\Local\Temp\cres.dll
C:\Users\Lord Slizzurp\AppData\Local\Temp\cshell.dll
C:\Users\Lord Slizzurp\AppData\Local\Temp\drm_dyndata_7340007.dll
C:\Users\Lord Slizzurp\AppData\Local\Temp\MSN76F5.exe
C:\Users\Lord Slizzurp\AppData\Local\Temp\Setup.exe
C:\Users\Lord Slizzurp\AppData\Local\Temp\sres.dll
C:\Users\Lord Slizzurp\AppData\Local\Temp\Window.dll

*****************

HKU\S-1-5-21-4159443991-512847242-1124234837-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Pro Agent => Value deleted successfully.
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b06b241-7fcd-11e3-9c8c-e811324a6ce4} => Key deleted successfully.
HKCR\CLSID\{4b06b241-7fcd-11e3-9c8c-e811324a6ce4} => Key deleted successfully.
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b06b245-7fcd-11e3-9c8c-e811324a6ce4} => Key deleted successfully.
HKCR\CLSID\{4b06b245-7fcd-11e3-9c8c-e811324a6ce4} => Key deleted successfully.
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b06b247-7fcd-11e3-9c8c-e811324a6ce4} => Key deleted successfully.
HKCR\CLSID\{4b06b247-7fcd-11e3-9c8c-e811324a6ce4} => Key deleted successfully.
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b06b249-7fcd-11e3-9c8c-e811324a6ce4} => Key deleted successfully.
HKCR\CLSID\{4b06b249-7fcd-11e3-9c8c-e811324a6ce4} => Key deleted successfully.
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b06b24c-7fcd-11e3-9c8c-e811324a6ce4} => Key deleted successfully.
HKCR\CLSID\{4b06b24c-7fcd-11e3-9c8c-e811324a6ce4} => Key deleted successfully.
HKU\S-1-5-21-4159443991-512847242-1124234837-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9db186b-6daa-11e3-9d7c-e811324a6ce4} => Key deleted successfully.
HKCR\CLSID\{f9db186b-6daa-11e3-9d7c-e811324a6ce4} => Key deleted successfully.
C:\Users\Lord Slizzurp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hbw0qy.lnk => Moved successfully.
C:\PROGRA~3\299219~1\yq0wbh.cpp not found.
Winmgmt => Service restored successfully.
C:\Users\Lord Slizzurp\AppData\Local\Temp\0955.dll => Moved successfully.
C:\Users\Lord Slizzurp\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\Lord Slizzurp\AppData\Local\Temp\Core.dll => Moved successfully.
C:\Users\Lord Slizzurp\AppData\Local\Temp\cres.dll => Moved successfully.
C:\Users\Lord Slizzurp\AppData\Local\Temp\cshell.dll => Moved successfully.
C:\Users\Lord Slizzurp\AppData\Local\Temp\drm_dyndata_7340007.dll => Moved successfully.
C:\Users\Lord Slizzurp\AppData\Local\Temp\MSN76F5.exe => Moved successfully.
C:\Users\Lord Slizzurp\AppData\Local\Temp\Setup.exe => Moved successfully.
C:\Users\Lord Slizzurp\AppData\Local\Temp\sres.dll => Moved successfully.
C:\Users\Lord Slizzurp\AppData\Local\Temp\Window.dll => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 AM

Posted 19 April 2014 - 07:01 PM



Hello LordSlizzurp

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 LordSlizzurp

LordSlizzurp
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 19 April 2014 - 07:31 PM

All of my symptoms have dissapeared as far as I can tell.

 

Here is AdwCleaner log:

 

# AdwCleaner v3.100 - Report created 19/04/2014 at 17:14:33
# Updated 20/04/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Lord Slizzurp - LORDSLIZZURP-PC
# Running from : C:\Users\Lord Slizzurp\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\Trymedia

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520

-\\ Mozilla Firefox v15.0 (en-US)

[ File : C:\Users\Lord Slizzurp\AppData\Roaming\Mozilla\Firefox\Profiles\9shfug7p.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1022 octets] - [19/04/2014 17:13:25]
AdwCleaner[S0].txt - [959 octets] - [19/04/2014 17:14:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1018 octets] ##########

 

And heres the JRT log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lord Slizzurp on Sat 04/19/2014 at 17:20:36.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/19/2014 at 17:26:44.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 AM

Posted 19 April 2014 - 08:20 PM


Hello LordSlizzurp

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 LordSlizzurp

LordSlizzurp
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 19 April 2014 - 08:44 PM

I have not experienced any problems since you had me run your fix list on FSRT. My keyboard fn keys are all working again and movie color enchancer is also working properly, along with my brightness settings which were freezing after I tried to hit the save button. I believe the original infection was removed by malwarebytes which I ran before I came here looking for help. Which is why all these utilities arnt showing anything significant. So thankfully my computer seems to be back to normal! Woohoo!!

 

Here is my combofix log:

 

ComboFix 14-04-19.01 - Lord Slizzurp 04/19/2014  18:27:46.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.6056.4812 [GMT -7:00]
Running from: c:\users\Lord Slizzurp\Downloads\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Lord Slizzurp\AppData\Roaming\Local
c:\users\Lord Slizzurp\AppData\Roaming\Local\FalloutNV\Fallout.ini
c:\users\Lord Slizzurp\AppData\Roaming\Local\FalloutNV\FalloutPrefs.ini
c:\users\Lord Slizzurp\AppData\Roaming\Local\FalloutNV\NVDLCList.txt
c:\users\Lord Slizzurp\AppData\Roaming\Local\FalloutNV\plugins.txt
c:\users\Lord Slizzurp\AppData\Roaming\Local\FalloutNV\RendererInfo.txt
c:\windows\SysWow64\SET95AA.tmp
c:\windows\SysWow64\SETCF12.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-20 to 2014-04-20  )))))))))))))))))))))))))))))))
.
.
2014-04-20 01:32 . 2014-04-20 01:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-20 01:32 . 2014-04-20 01:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-20 00:20 . 2014-04-20 00:20 -------- d-----w- c:\windows\ERUNT
2014-04-20 00:13 . 2014-04-20 00:14 -------- d-----w- C:\AdwCleaner
2014-04-19 17:11 . 2014-04-19 22:42 -------- d-----w- C:\FRST
2014-04-08 03:38 . 2014-04-12 18:31 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-08 03:38 . 2014-04-08 03:38 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-08 03:38 . 2014-04-08 03:38 -------- d-----w- c:\programdata\Malwarebytes
2014-04-08 03:38 . 2014-04-03 16:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-08 03:38 . 2014-04-03 16:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-08 03:38 . 2014-04-03 16:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-08 03:25 . 2014-04-08 03:52 -------- d-----w- c:\programdata\2992199F9A
2014-03-28 01:44 . 2014-03-28 01:44 -------- d-----w- c:\users\Lord Slizzurp\AppData\Roaming\NVIDIA
2014-03-28 01:36 . 2014-03-28 01:36 -------- d-----w- c:\windows\SysWow64\AGEIA
2014-03-28 01:36 . 2014-03-28 01:36 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-03-28 01:36 . 2014-03-28 01:36 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-03-27 16:07 . 2014-03-27 16:07 -------- d-----w- c:\program files (x86)\GeMM
2014-03-27 15:54 . 2014-03-27 15:54 -------- d-----w- c:\users\Lord Slizzurp\AppData\Local\FOMM
2014-03-25 03:27 . 2014-04-04 05:06 -------- d-----w- c:\users\Lord Slizzurp\AppData\Roaming\dvdcss
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\erdnt\cache64\ctfmon.exe
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe
.
c:\windows\SysWow64\ctfmon.exe ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/02/21 14:29;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001Core.job
- c:\users\Lord Slizzurp\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-04 22:04]
.
2014-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443991-512847242-1124234837-1001UA.job
- c:\users\Lord Slizzurp\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-04 22:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-04 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-04 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-04 417304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:tabs
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Lord Slizzurp\AppData\Roaming\Mozilla\Firefox\Profiles\9shfug7p.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Aliens versus Predator - c:\games\Aliens versus Predator\Uninst.isu
AddRemove-Freespace with Silent Threat Expansion_is1 - c:\games\Freespace\unins000.exe
AddRemove-UnrealTournament - c:\games\UnrealTournament\System\Setup.exe
AddRemove-{579BA58C-F33D-4970-9953-B94B43768AC3}_is1 - c:\games\Grand Theft Auto IV\Uninstall\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4159443991-512847242-1124234837-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:14,f4,91,7a,e4,88,69,22,02,ec,d6,e4,d9,89,fb,78,38,db,8c,4b,4a,fb,14,
   c8,81,43,9d,b2,72,19,45,01,c6,65,17,81,3b,9b,11,b0,95,37,2b,90,dd,20,a0,b5,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-19  18:34:23
ComboFix-quarantined-files.txt  2014-04-20 01:34
.
Pre-Run: 288,261,550,080 bytes free
Post-Run: 288,926,613,504 bytes free
.
- - End Of File - - 36DC7A0A1794775CADB95386E5B58030
 



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 AM

Posted 20 April 2014 - 09:20 AM


Hello LordSlizzurp

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 LordSlizzurp

LordSlizzurp
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 21 April 2014 - 02:19 PM

Gringo,

I have a personal situation to deal with atm and I will no longer be able to keep responding to your posts on my topic. I am happy to report that my computer is working perfectly again all thanks to you and you have saved me from having to do a complete restore and recovery which was my only other viable option. Thank you so so much for your help and im very sorry that I wont be able to continue this correspondence.

 

Lord Slizzurp



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 AM

Posted 22 April 2014 - 11:22 AM

No problem and thank you for letting me know

This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:
  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.
  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK.
    Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:
  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png
:Remove the rest of our tools:

Please download DelFix and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click DelFix.exe.
  • select all options avalible
  • Click the Run button.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.
  • Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

    CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

    Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.
  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus
:Security awareness:


It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

As Java seems to get exploited on a daily basis I advise to disable java in your web browsers - How to disable java in your web browsers - Disable Java



The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internetHere is some more reading for you from some of my collegesquoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 AM

Posted 25 April 2014 - 07:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:46 AM

Posted 25 April 2014 - 07:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users