Jump to content

Not sure if I got it all


Recommended Posts

For the past two weeks, I've been receiving unusual spam emails, and twice my twitter account has sent out spam messages to people who follow me. Naturally, I scanned my computer, first with MSE and then with MBAM. MSE picked up something called VirTool:Win32/VBInject.gen!EC, and then MBAM found eight additional files that it went ahead and cleaned up. However, I want to be absolutely sure there's nothing left that could cause me problems. My PC is fairly old, so this may just be a sign of its age, but sometimes it seems like it's chugging along, working really hard on something, and it will stall for a few seconds of every minute in addition to being generally slow. Restarting it usually fixes this, but I have to wonder if there's not some other process working away in there that needs to be killed off.

 

Here are my results from DDS.scr:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.40.2
Run by Lauren at 23:31:59 on 2013-10-03
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6143.4400 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\Lauren\Downloads\HijackThis.exe
C:\Windows.old\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uExplorerRun: [Policies\Windows® NetMeeting] C:\directory\Windows® NetMeeting\ca32\ca32.exe
mExplorerRun: [Policies\Windows® NetMeeting] C:\directory\Windows® NetMeeting\ca32\ca32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{03C7ECE7-B8D7-43CA-9616-C35C43348F41} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{9A2EAD0C-79E7-46D1-A059-812C6F7E7696} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{9A2EAD0C-79E7-46D1-A059-812C6F7E7696}\3557B68696723702745756374702E4564777F627B6 : DHCPNameServer = 172.16.42.1
TCP: Interfaces\{EB4494EA-F660-4241-A2A1-78BF9E318050} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{EB4494EA-F660-4241-A2A1-78BF9E318050} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {0XE1851V-856T-7QM1-XWN0-3Q57D52334D4} - C:\directory\Windows® NetMeeting\ca32\ca32.exe
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll



x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default\

FF - prefs.js: browser.startup.homepage - google.com
FF - component: C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-10-03 22:50:02    9694160    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F5FCCE0-6958-4E9C-8606-31BE81F6C1D9}\mpengine.dll
2013-10-03 14:52:20    --------    d-----w-    C:\Program Files\Common Files\Protexis
2013-10-03 14:52:18    --------    d-----w-    C:\ProgramData\Corel
2013-10-03 14:51:37    --------    d-----w-    C:\Program Files\Corel
2013-10-03 14:50:14    --------    d-----w-    C:\ProgramData\Corel Painter Lite
2013-10-03 14:42:32    --------    d-----w-    C:\ProgramData\Alias
2013-10-03 14:42:18    --------    d-----w-    C:\Program Files (x86)\Autodesk
2013-10-03 14:21:02    --------    d-----w-    C:\Program Files\TabletPlugins
2013-10-03 14:20:39    15344    ----a-w-    C:\Windows\System32\drivers\wacomrouterfilter.sys
2013-10-03 14:20:32    85304    ----a-w-    C:\Windows\System32\drivers\wachidrouter.sys
2013-10-03 14:20:32    1721576    ----a-w-    C:\Windows\System32\wdfcoinstaller01009.dll
2013-10-03 14:20:32    1721576    ----a-w-    C:\Windows\System32\drivers\wdfcoinstaller01009.dll
2013-10-03 14:20:32    14136    ----a-w-    C:\Windows\System32\drivers\hidkmdf.sys
2013-10-03 01:44:41    9694160    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-17 17:35:14    --------    d-----w-    C:\ProgramData\Oracle
2013-09-17 17:34:45    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-15 19:15:54    3723656    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-09-06 03:15:01    --------    d-----w-    C:\Program Files (x86)\Common Files\MSSoap
2013-09-06 03:14:32    --------    d-----w-    C:\Program Files\Motorola Inc
2013-09-05 21:35:39    965008    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1ACD93B9-CC15-4F49-AF10-1732FF83AE4F}\gapaengine.dll
.
==================== Find3M  ====================
.
2013-09-22 18:50:26    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 18:50:25    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-17 17:34:32    868264    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-09-17 17:34:32    790440    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 23:39:57.72 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/28/2010 2:25:15 PM
System Uptime: 10/2/2013 5:35:00 PM (30 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | VIOLA
Processor: AMD Phenom 9850 Quad-Core Processor | CPU 1 | 1250/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 687 GiB total, 197.18 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.518 GiB free.
E: is CDROM (CDFS)
F: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: LogMeIn Kernel Information Provider
Device ID: ROOT\LEGACY_LMIINFO\0000
Manufacturer:
Name: LogMeIn Kernel Information Provider
PNP Device ID: ROOT\LEGACY_LMIINFO\0000
Service: LMIInfo
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: 802.11n Wireless PCI Express Card LAN Adapter
Device ID: PCI\VEN_1814&DEV_0781&SUBSYS_760011AD&REV_00\4&200FFD9&0&0098
Manufacturer: LITE-ON TECHNOLOGY CORPORATION
Name: 802.11n Wireless PCI Express Card LAN Adapter
PNP Device ID: PCI\VEN_1814&DEV_0781&SUBSYS_760011AD&REV_00\4&200FFD9&0&0098
Service: netr28x
.
Class GUID: {4d36e967-e325-11ce-bfc1-08002be10318}
Description: Disk drive
Device ID: USBSTOR\DISK&VEN_GENERIC-&PROD_SM/XD-PICTURE&REV_1.00\20060413092100000&1
Manufacturer: (Standard disk drives)
Name: Generic- SM/xD-Picture USB Device
PNP Device ID: USBSTOR\DISK&VEN_GENERIC-&PROD_SM/XD-PICTURE&REV_1.00\20060413092100000&1
Service: disk
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARMA 2: Operation Arrowhead
Autodesk SketchBook Express 6.2
BattlEye for OA Uninstall
BattlEye Uninstall
BIT.TRIP RUNNER
Bonjour
Borderlands
Borderlands 2
ComicRack v0.9.156
Corel Painter Lite
Corel Painter Lite - IPM
DAEMON Tools Lite
DayZ Commander
Deus Ex: Human Revolution
Don't Starve
Dragon Age: Origins - Ultimate Edition
Evolve
Fallen Earth
FoxyTunes for Firefox
Fraps
Garry's Mod
Half-Life 2
Half-Life 2: Episode One
iTunes
IZArc 4.1.6
Java 7 Update 40
Java Auto Updater
Java 7 Update 2 (64-bit)
Malwarebytes Anti-Malware version 1.75.0.1300
Mass Effect™ 3
Miasmata
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 6.2.0
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Drivers
NVIDIA Graphics Driver 311.06
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Painter Lite - Content
Painter Lite - Core
Painter Lite - Corex64
Painter Lite - EN
Painter Lite - Setup Files
PeerGuardian 2.0
PVSonyDll
QuickTime
RAGE
Saints Row: The Third
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Six Updater
Skype Click to Call
Skype™ 6.7
Spec Ops: The Line
Steam
Synergy
System Requirements Lab CYRI
TalonRO Client 1.0.0
Team Fortress 2
Ustream Producer
VLC media player 1.0.5
Wacom Tablet
WebTablet FB Plugin 32 bit
WebTablet FB Plugin 64 bit
WebTablet IE Plugin
WebTablet Netscape Plugin
XSplit
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:


P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

Link to post
Share on other sites

Okay, here's the RKill log:

 

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/04/2013 12:10:01 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\Lauren\Desktop\rkill\rkill-10-04-2013-12-10-06.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to !
  * HKCU\SOFTWARE\Classes\.exe has been deleted!

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 10/04/2013 12:11:40 AM
Execution time: 0 hours(s), 1 minute(s), and 38 seconds(s)
 

 

And now the RogueKiller log:

 

RogueKiller V8.7.1 _x64_ [Oct  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lauren [Admin rights]
Mode : Scan -- Date : 10/04/2013 00:16:58
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) (Standard disk drives) - ST375063 0AS SCSI Disk Device +++++
--- User ---
[MBR] 9b35b670ff9403469396039f9ed36144
[bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 703792 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1441367865 | Size: 11609 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: \\.\PHYSICALDRIVE1 +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: \\.\PHYSICALDRIVE2 +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: \\.\PHYSICALDRIVE3 +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_10042013_001658.txt >>

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.



STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

MBAR found nothing to report, evidently. In the ADWCleaner log, there are a few greasemonkey entries - please leave those, I know what those are and entered them myself.

 

Here are the rest of the logs:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Professional x64
Ran by Lauren on Fri 10/04/2013 at  9:23:43.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/04/2013 at  9:30:40.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v3.006 - Report created 04/10/2013 at 09:35:34
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Lauren - LAUREN-PC
# Running from : C:\Users\Lauren\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default\searchplugins\Conduit.xml
Folder Found C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16635


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default\prefs.js ]





*************************

AdwCleaner[R0].txt - [2352 octets] - [04/10/2013 09:35:34]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2412 octets] ##########

 

 

C:\Users\Lauren\Downloads\cbsidlm-tr1_7-Tunngle-ORG-75498423.exe    Win32/DownloadAdmin.D application
C:\Users\Lauren\Downloads\IZArc4.1.6.exe    Win32/OpenCandy application

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Lauren (administrator) on LAUREN-PC on 04-10-2013 15:28:59
Running from C:\Users\Lauren\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Mozilla Corporation) C:\Windows.old\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [Policies\Windows® NetMeeting] - C:\directory\Windows® NetMeeting\ca32\ca32.exe No File
HKCU\...\Policies\Explorer\Run: [Policies\Windows® NetMeeting] - C:\directory\Windows® NetMeeting\ca32\ca32.exe No File
MountPoints2: F - F:\LaunchU3.exe -a
MountPoints2: {17d7ce49-3be6-11df-a3bb-002215264ae7} - K:\OriginInstaller.exe
MountPoints2: {3385dea7-3a9d-11df-84c4-806e6f6e6963} - E:\Startup.exe
MountPoints2: {892717ed-9bf1-11e2-9250-002215264ae7} - L:\MotorolaDeviceManagerSetup.exe -a
MountPoints2: {9a9c8540-0367-11e2-af68-806e6f6e6963} - J:\Setup.exe
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

URLSearchHook: (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -  No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{03C7ECE7-B8D7-43CA-9616-C35C43348F41}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{EB4494EA-F660-4241-A2A1-78BF9E318050}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.4 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default\searchplugins\conduit.xml
FF Extension: Remove New Tab Button - C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default\Extensions\remove-new-tab-button@forerunnerdesigns.com
FF Extension: RT Site Extender - C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default\Extensions\rtse-nightly@shawnwilsher.com
FF Extension: Forecastfox - C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF Extension: FoxyTunes - C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF Extension: No Name - C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default\Extensions\{ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}
FF Extension: artur.dubovoy - C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: jid1-xUfzOsOFlzSOXg - C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
FF Extension: No Name - C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: No Name - C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\hgby0nfu.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Windows.old\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2011-04-25] ()
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2012-12-01] (BioWare)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1495512 2013-07-02] (Echobit LLC)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-05-02] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2012-10-18] (Echobit, LLC)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R0 nvrd64; C:\Windows\System32\DRIVERS\nvrd64.sys [175648 2009-06-22] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-09-20] (Duplex Secure Ltd.)
U3 Tbssyrt; C:\Windows\system32\drivers\wimmount.sys [22096 2009-07-13] (Microsoft Corporation)
S3 wod0205; C:\Windows\System32\DRIVERS\wod0205.sys [33160 2011-04-23] (WeOnlyDo Software)
U3 analhvzl; C:\Windows\System32\Drivers\analhvzl.sys [0 ] (NVIDIA Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [x]
S4 LMIRfsClientNP; No ImagePath
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [x]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-04 15:28 - 2013-10-04 15:28 - 01954124 _____ (Farbar) C:\Users\Lauren\Downloads\FRST64.exe
2013-10-04 15:28 - 2013-10-04 15:28 - 00000000 ____D C:\FRST
2013-10-04 09:42 - 2013-10-04 09:42 - 02347384 _____ (ESET) C:\Users\Lauren\Downloads\esetsmartinstaller_enu.exe
2013-10-04 09:42 - 2013-10-04 09:42 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-04 09:35 - 2013-10-04 09:36 - 00000000 ____D C:\AdwCleaner
2013-10-04 09:35 - 2013-10-04 09:35 - 01045226 _____ C:\Users\Lauren\Downloads\AdwCleaner.exe
2013-10-04 09:30 - 2013-10-04 09:30 - 00001540 _____ C:\Users\Lauren\Desktop\JRT.txt
2013-10-04 09:23 - 2013-10-04 09:23 - 00000000 ____D C:\Windows\ERUNT
2013-10-04 08:59 - 2013-10-04 09:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-04 08:58 - 2013-10-04 09:22 - 00000000 ____D C:\Users\Lauren\Desktop\mbar
2013-10-04 08:58 - 2013-10-04 08:58 - 00027778 _____ C:\Users\Lauren\Downloads\sJHKsVSW.htm
2013-10-04 08:57 - 2013-10-04 08:58 - 01030305 _____ (Thisisu) C:\Users\Lauren\Downloads\JRT.exe
2013-10-04 08:56 - 2013-10-04 08:57 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Lauren\Downloads\mbar-1.07.0.1005.exe
2013-10-04 00:16 - 2013-10-04 00:16 - 00002286 _____ C:\Users\Lauren\Desktop\RKreport[0]_S_10042013_001658.txt
2013-10-04 00:13 - 2013-10-04 00:23 - 00000000 ____D C:\Users\Lauren\Desktop\RK_Quarantine
2013-10-04 00:12 - 2013-10-04 00:12 - 00000930 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2013-10-04 00:12 - 2013-10-04 00:12 - 00000930 _____ C:\Users\Lauren\Desktop\NTREGOPT.lnk
2013-10-04 00:12 - 2013-10-04 00:12 - 00000911 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2013-10-04 00:12 - 2013-10-04 00:12 - 00000911 _____ C:\Users\Lauren\Desktop\ERUNT.lnk
2013-10-04 00:12 - 2013-10-04 00:12 - 00000000 ____D C:\Windows\ERDNT
2013-10-04 00:12 - 2013-10-04 00:12 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-10-04 00:10 - 2013-10-04 00:11 - 00002500 _____ C:\Users\Lauren\Desktop\Rkill.txt
2013-10-04 00:10 - 2013-10-04 00:10 - 00000000 ____D C:\Users\Lauren\Desktop\rkill
2013-10-04 00:07 - 2013-10-04 00:07 - 03980800 _____ C:\Users\Lauren\Downloads\RogueKillerX64.exe
2013-10-04 00:07 - 2013-10-04 00:07 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Lauren\Downloads\rkill.exe
2013-10-04 00:07 - 2013-10-04 00:07 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Lauren\Downloads\erunt-setup.exe
2013-10-03 23:40 - 2013-10-03 23:40 - 00005511 _____ C:\Users\Lauren\Desktop\attach.txt
2013-10-03 23:40 - 2013-10-03 23:39 - 00011138 _____ C:\Users\Lauren\Desktop\dds.txt
2013-10-03 23:29 - 2013-10-03 23:29 - 00688992 ____R (Swearware) C:\Users\Lauren\Downloads\dds.scr
2013-10-03 09:52 - 2013-10-03 09:52 - 00000000 ____D C:\ProgramData\Corel
2013-10-03 09:52 - 2013-10-03 09:52 - 00000000 ____D C:\Program Files\Common Files\Protexis
2013-10-03 09:51 - 2013-10-03 09:51 - 00000000 ____D C:\Program Files\Corel
2013-10-03 09:50 - 2013-10-03 09:52 - 00000000 ____D C:\ProgramData\Corel Painter Lite
2013-10-03 09:49 - 2013-10-03 09:49 - 00000000 ____D C:\Users\Lauren\Downloads\Painter_Lite
2013-10-03 09:42 - 2013-10-03 09:42 - 00002233 _____ C:\Users\Public\Desktop\Autodesk SketchBook Express 6.2.lnk
2013-10-03 09:42 - 2013-10-03 09:42 - 00000000 ____D C:\ProgramData\Alias
2013-10-03 09:42 - 2013-10-03 09:42 - 00000000 ____D C:\Program Files (x86)\Autodesk
2013-10-03 09:40 - 2013-10-03 09:49 - 00000000 ____D C:\Users\Lauren\Downloads\SketchBook_Express_v6_2
2013-10-03 09:30 - 2013-10-03 09:34 - 79152666 _____ C:\Users\Lauren\Downloads\Painter_Lite.zip
2013-10-03 09:27 - 2013-10-03 09:29 - 50886397 _____ C:\Users\Lauren\Downloads\SketchBook_Express_v6_2.zip
2013-10-03 09:21 - 2013-10-03 09:21 - 00000000 ____D C:\Program Files\TabletPlugins
2013-10-03 09:20 - 2013-10-03 09:20 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2013-10-03 09:20 - 2013-10-03 09:20 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
2013-10-03 09:20 - 2013-04-30 12:18 - 00085304 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2013-10-03 09:20 - 2013-04-30 12:18 - 00014136 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2013-10-03 09:20 - 2012-12-20 17:20 - 00015344 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys
2013-10-03 09:20 - 2012-12-11 17:12 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01009.dll
2013-10-03 09:20 - 2012-12-11 17:12 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wdfcoinstaller01009.dll
2013-10-01 10:35 - 2013-10-01 10:36 - 00004749 _____ C:\Users\Lauren\Documents\Uninstall Mass Effect 2.log
2013-10-01 10:32 - 2013-10-01 10:33 - 00010020 _____ C:\Users\Lauren\Downloads\hijackthis.log
2013-10-01 10:32 - 2013-10-01 10:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lauren\Downloads\HijackThis.exe
2013-09-30 20:25 - 2013-09-30 20:25 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-17 12:35 - 2013-09-17 12:35 - 00000000 ____D C:\ProgramData\Oracle
2013-09-17 12:34 - 2013-09-17 12:34 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-17 12:34 - 2013-09-17 12:34 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-17 12:34 - 2013-09-17 12:34 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-17 12:34 - 2013-09-17 12:34 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-15 14:40 - 2013-10-03 23:15 - 00000000 ____D C:\Users\Lauren\AppData\Roaming\Skype
2013-09-15 14:15 - 2013-09-22 13:50 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-10 11:09 - 2013-09-10 11:11 - 32782192 _____ (Skype Technologies S.A.) C:\Users\Lauren\Downloads\SkypeSetupFull.exe
2013-09-10 11:09 - 2013-09-10 11:09 - 00003164 _____ C:\Windows\System32\Tasks\{16263EBF-4AFB-490E-8DAC-C1931A50320E}
2013-09-05 22:15 - 2013-09-05 22:15 - 00003488 _____ C:\Windows\System32\Tasks\Motorola Device Manager Update
2013-09-05 22:15 - 2013-09-05 22:15 - 00003470 _____ C:\Windows\System32\Tasks\Motorola Device Manager Engine
2013-09-05 22:15 - 2013-09-05 22:15 - 00003296 _____ C:\Windows\System32\Tasks\Motorola Device Manager Initial Update
2013-09-05 22:14 - 2013-09-05 22:14 - 00000000 ____D C:\Program Files\Motorola Inc

==================== One Month Modified Files and Folders =======

2013-10-04 15:28 - 2013-10-04 15:28 - 01954124 _____ (Farbar) C:\Users\Lauren\Downloads\FRST64.exe
2013-10-04 15:28 - 2013-10-04 15:28 - 00000000 ____D C:\FRST
2013-10-04 14:31 - 2012-06-26 15:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 12:35 - 2010-03-28 14:11 - 01208088 _____ C:\Windows\WindowsUpdate.log
2013-10-04 09:42 - 2013-10-04 09:42 - 02347384 _____ (ESET) C:\Users\Lauren\Downloads\esetsmartinstaller_enu.exe
2013-10-04 09:42 - 2013-10-04 09:42 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-04 09:36 - 2013-10-04 09:35 - 00000000 ____D C:\AdwCleaner
2013-10-04 09:35 - 2013-10-04 09:35 - 01045226 _____ C:\Users\Lauren\Downloads\AdwCleaner.exe
2013-10-04 09:30 - 2013-10-04 09:30 - 00001540 _____ C:\Users\Lauren\Desktop\JRT.txt
2013-10-04 09:23 - 2013-10-04 09:23 - 00000000 ____D C:\Windows\ERUNT
2013-10-04 09:22 - 2013-10-04 08:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-04 09:22 - 2013-10-04 08:58 - 00000000 ____D C:\Users\Lauren\Desktop\mbar
2013-10-04 08:58 - 2013-10-04 08:58 - 00027778 _____ C:\Users\Lauren\Downloads\sJHKsVSW.htm
2013-10-04 08:58 - 2013-10-04 08:57 - 01030305 _____ (Thisisu) C:\Users\Lauren\Downloads\JRT.exe
2013-10-04 08:57 - 2013-10-04 08:56 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Lauren\Downloads\mbar-1.07.0.1005.exe
2013-10-04 00:23 - 2013-10-04 00:13 - 00000000 ____D C:\Users\Lauren\Desktop\RK_Quarantine
2013-10-04 00:16 - 2013-10-04 00:16 - 00002286 _____ C:\Users\Lauren\Desktop\RKreport[0]_S_10042013_001658.txt
2013-10-04 00:12 - 2013-10-04 00:12 - 00000930 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2013-10-04 00:12 - 2013-10-04 00:12 - 00000930 _____ C:\Users\Lauren\Desktop\NTREGOPT.lnk
2013-10-04 00:12 - 2013-10-04 00:12 - 00000911 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2013-10-04 00:12 - 2013-10-04 00:12 - 00000911 _____ C:\Users\Lauren\Desktop\ERUNT.lnk
2013-10-04 00:12 - 2013-10-04 00:12 - 00000000 ____D C:\Windows\ERDNT
2013-10-04 00:12 - 2013-10-04 00:12 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-10-04 00:11 - 2013-10-04 00:10 - 00002500 _____ C:\Users\Lauren\Desktop\Rkill.txt
2013-10-04 00:10 - 2013-10-04 00:10 - 00000000 ____D C:\Users\Lauren\Desktop\rkill
2013-10-04 00:07 - 2013-10-04 00:07 - 03980800 _____ C:\Users\Lauren\Downloads\RogueKillerX64.exe
2013-10-04 00:07 - 2013-10-04 00:07 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Lauren\Downloads\rkill.exe
2013-10-04 00:07 - 2013-10-04 00:07 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Lauren\Downloads\erunt-setup.exe
2013-10-03 23:40 - 2013-10-03 23:40 - 00005511 _____ C:\Users\Lauren\Desktop\attach.txt
2013-10-03 23:39 - 2013-10-03 23:40 - 00011138 _____ C:\Users\Lauren\Desktop\dds.txt
2013-10-03 23:29 - 2013-10-03 23:29 - 00688992 ____R (Swearware) C:\Users\Lauren\Downloads\dds.scr
2013-10-03 23:26 - 2011-04-18 18:04 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-03 23:15 - 2013-09-15 14:40 - 00000000 ____D C:\Users\Lauren\AppData\Roaming\Skype
2013-10-03 23:07 - 2011-08-26 14:55 - 00000000 ____D C:\ProgramData\Adobe
2013-10-03 23:07 - 2010-03-29 14:24 - 00000000 ____D C:\Users\Lauren\AppData\Roaming\Adobe
2013-10-03 09:52 - 2013-10-03 09:52 - 00000000 ____D C:\ProgramData\Corel
2013-10-03 09:52 - 2013-10-03 09:52 - 00000000 ____D C:\Program Files\Common Files\Protexis
2013-10-03 09:52 - 2013-10-03 09:50 - 00000000 ____D C:\ProgramData\Corel Painter Lite
2013-10-03 09:51 - 2013-10-03 09:51 - 00000000 ____D C:\Program Files\Corel
2013-10-03 09:49 - 2013-10-03 09:49 - 00000000 ____D C:\Users\Lauren\Downloads\Painter_Lite
2013-10-03 09:49 - 2013-10-03 09:40 - 00000000 ____D C:\Users\Lauren\Downloads\SketchBook_Express_v6_2
2013-10-03 09:42 - 2013-10-03 09:42 - 00002233 _____ C:\Users\Public\Desktop\Autodesk SketchBook Express 6.2.lnk
2013-10-03 09:42 - 2013-10-03 09:42 - 00000000 ____D C:\ProgramData\Alias
2013-10-03 09:42 - 2013-10-03 09:42 - 00000000 ____D C:\Program Files (x86)\Autodesk
2013-10-03 09:34 - 2013-10-03 09:30 - 79152666 _____ C:\Users\Lauren\Downloads\Painter_Lite.zip
2013-10-03 09:29 - 2013-10-03 09:27 - 50886397 _____ C:\Users\Lauren\Downloads\SketchBook_Express_v6_2.zip
2013-10-03 09:21 - 2013-10-03 09:21 - 00000000 ____D C:\Program Files\TabletPlugins
2013-10-03 09:21 - 2012-09-29 14:05 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2013-10-03 09:20 - 2013-10-03 09:20 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2013-10-03 09:20 - 2013-10-03 09:20 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
2013-10-03 09:20 - 2012-09-29 14:05 - 00000000 ____D C:\Program Files\Tablet
2013-10-03 09:20 - 2009-07-13 23:51 - 00047703 _____ C:\Windows\setupact.log
2013-10-01 10:37 - 2012-09-20 16:39 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-01 10:36 - 2013-10-01 10:35 - 00004749 _____ C:\Users\Lauren\Documents\Uninstall Mass Effect 2.log
2013-10-01 10:33 - 2013-10-01 10:32 - 00010020 _____ C:\Users\Lauren\Downloads\hijackthis.log
2013-10-01 10:31 - 2013-10-01 10:32 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lauren\Downloads\HijackThis.exe
2013-10-01 08:29 - 2009-07-13 23:45 - 00013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-01 08:29 - 2009-07-13 23:45 - 00013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-01 08:21 - 2010-03-28 14:59 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-01 08:21 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-01 08:20 - 2010-03-30 05:22 - 00071712 _____ C:\Windows\PFRO.log
2013-09-30 20:25 - 2013-09-30 20:25 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-30 20:25 - 2011-10-01 07:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-25 20:38 - 2010-12-24 17:59 - 00000000 ____D C:\Users\Lauren\ME2 DLC
2013-09-25 08:30 - 2011-04-29 22:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-23 20:22 - 2012-05-29 19:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-22 13:50 - 2013-09-15 14:15 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-22 13:50 - 2012-06-26 15:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-22 13:50 - 2012-06-26 15:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-22 13:50 - 2012-06-26 15:30 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 17:17 - 2009-07-14 00:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-18 16:25 - 2010-03-28 14:28 - 00000000 ____D C:\Users\Lauren\AppData\Local\Mozilla
2013-09-17 12:35 - 2013-09-17 12:35 - 00000000 ____D C:\ProgramData\Oracle
2013-09-17 12:34 - 2013-09-17 12:34 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-17 12:34 - 2013-09-17 12:34 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-17 12:34 - 2013-09-17 12:34 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-17 12:34 - 2013-09-17 12:34 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-17 12:34 - 2012-05-26 10:52 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-09-17 12:34 - 2011-01-31 13:16 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-15 14:38 - 2011-04-29 22:56 - 00000000 ____D C:\Users\Lauren\AppData\Roaming\Skype_old
2013-09-12 08:31 - 2013-08-27 09:47 - 00000000 ____D C:\Users\Lauren\Documents\ecosystem management
2013-09-10 11:27 - 2011-10-11 21:32 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-09-10 11:27 - 2011-04-29 22:50 - 00000000 ____D C:\ProgramData\Skype
2013-09-10 11:11 - 2013-09-10 11:09 - 32782192 _____ (Skype Technologies S.A.) C:\Users\Lauren\Downloads\SkypeSetupFull.exe
2013-09-10 11:09 - 2013-09-10 11:09 - 00003164 _____ C:\Windows\System32\Tasks\{16263EBF-4AFB-490E-8DAC-C1931A50320E}
2013-09-05 22:15 - 2013-09-05 22:15 - 00003488 _____ C:\Windows\System32\Tasks\Motorola Device Manager Update
2013-09-05 22:15 - 2013-09-05 22:15 - 00003470 _____ C:\Windows\System32\Tasks\Motorola Device Manager Engine
2013-09-05 22:15 - 2013-09-05 22:15 - 00003296 _____ C:\Windows\System32\Tasks\Motorola Device Manager Initial Update
2013-09-05 22:15 - 2013-04-04 21:59 - 00000000 ____D C:\Program Files (x86)\Motorola Mobility
2013-09-05 22:14 - 2013-09-05 22:14 - 00000000 ____D C:\Program Files\Motorola Inc

Some content of TEMP:
====================
C:\Users\Lauren\AppData\Local\Temp\dotnetfx 3.5 sp1.exe
C:\Users\Lauren\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Lauren\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Lauren\AppData\Local\Temp\GLF3302.tmp.ConduitEngineSetup.exe
C:\Users\Lauren\AppData\Local\Temp\GLF3ABF.tmp.ConduitEngineSetup.exe
C:\Users\Lauren\AppData\Local\Temp\iet2BBC.tmp.exe
C:\Users\Lauren\AppData\Local\Temp\iet358C.tmp.exe
C:\Users\Lauren\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Lauren\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Lauren\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Lauren\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Lauren\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Lauren\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Lauren\AppData\Local\Temp\ME2_CerberusArc.exe
C:\Users\Lauren\AppData\Local\Temp\MotoCast_Installer_2.0309.exe
C:\Users\Lauren\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe
C:\Users\Lauren\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Lauren\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Lauren\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Lauren\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Lauren\AppData\Local\Temp\nvStInst.exe
C:\Users\Lauren\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lauren\AppData\Local\Temp\su-setup.exe
C:\Users\Lauren\AppData\Local\Temp\uttC691.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 01:27

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Lauren at 2013-10-04 15:29:52
Running from C:\Users\Lauren\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

==================== Installed Programs ======================

7-Zip 4.65 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Photoshop CS (x32 Version: CS)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ARMA 2: Operation Arrowhead (x32)
Autodesk SketchBook Express 6.2 (x32 Version: 6.2.0000)
BattlEye for OA Uninstall (x32)
BattlEye Uninstall (x32)
BIT.TRIP RUNNER (x32)
Bonjour (Version: 3.0.0.10)
Borderlands (x32 Version: 1.0)
Borderlands (x32)
Borderlands 2 (x32)
ComicRack v0.9.156 (Version: v0.9.156)
Corel Painter Lite - IPM (Version: 1.01)
Corel Painter Lite (Version: 1.0.1010.0)
DAEMON Tools Lite (x32 Version: 4.45.4.0316)
DayZ Commander (x32 Version: 1.09.44)
Deus Ex: Human Revolution (x32)
Don't Starve (x32)
Dragon Age: Origins - Ultimate Edition (x32)
ERUNT 1.1j (x32)
ESET Online Scanner v3 (x32)
Evolve (Version: 1.6.0)
Fallen Earth (x32)
FoxyTunes for Firefox (x32)
Fraps (x32)
Garry's Mod (x32)
Half-Life 2 (x32)
Half-Life 2: Episode One (x32)
iTunes (Version: 11.0.2.26)
IZArc 4.1.6 (x32 Version: 4.1.6)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
Java 7 Update 2 (64-bit) (Version: 7.0.20)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mass Effect™ 3 (x32 Version: 1.01.0.0)
Miasmata (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Motorola Device Manager (x32 Version: 2.4.3)
Motorola Device Software Update (x32 Version: 13.07.3101)
Motorola Mobile Drivers Installation 6.2.0 (Version: 6.2.0)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Drivers (Version: 1.5)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Painter Lite - Content (Version: 1.0)
Painter Lite - Core (Version: 1.0)
Painter Lite - Corex64 (Version: 1.0)
Painter Lite - EN (Version: 1.0)
Painter Lite - Setup Files (Version: 1.0)
PeerGuardian 2.0 (Version: 2.1.0.2)
PVSonyDll (Version: 1.00.0001)
QuickTime (x32 Version: 7.73.80.64)
RAGE (x32)
Saints Row: The Third (x32)
Six Updater (x32 Version: 2.09.7014)
Skype Click to Call (x32 Version: 6.12.13601)
Skype™ 6.7 (x32 Version: 6.7.102)
Spec Ops: The Line (x32)
Steam (x32 Version: 1.0.0.0)
Synergy (x32)
System Requirements Lab CYRI (x32 Version: 5.0.6.0)
TalonRO Client 1.0.0 (x32 Version: 1.0.0)
Team Fortress 2 (x32)
Ustream Producer (x32 Version: 2.0.0200)
VLC media player 1.0.5 (x32 Version: 1.0.5)
Wacom Tablet (Version: 6.3.6b5)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.3)
WebTablet FB Plugin 64 bit (Version: 2.1.0.3)
WebTablet IE Plugin (x32 Version: 1.1.0.12)
WebTablet Netscape Plugin (x32 Version: 1.1.0.10)
XSplit (x32 Version: 1.1.1210.3101)

==================== Restore Points  =========================

26-09-2013 21:14:11 Windows Update
30-09-2013 03:34:07 Windows Update
01-10-2013 15:36:30 Removed Study Guide
03-10-2013 14:41:44 Installed Autodesk SketchBook Express 6.2
03-10-2013 22:47:45 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {038C76AD-9C4F-4A37-B63C-F3CCE868B726} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {2A9BFC65-382E-4984-A07F-0239274F8E79} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-22] (Adobe Systems Incorporated)
Task: {403399C9-FE72-4C17-9F78-DE2248C53B48} - System32\Tasks\{6EC07B0C-3887-4FFE-A680-8E2E57FF6AEA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-07-25] (Skype Technologies S.A.)
Task: {85FC6BBD-CE3A-4779-989D-F4A8797EE10C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {B62D3B0C-F457-471A-8CB4-70EDCB4D77CA} - System32\Tasks\{16263EBF-4AFB-490E-8DAC-C1931A50320E} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111&LastError=404
Task: {DD01976A-8C0D-4538-A76E-D722B96C9692} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DEFE2451-5FB4-4D9F-9EDA-C4506B582BE5} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-09-29 14:05 - 2013-05-02 13:05 - 01185048 ____N () C:\Program Files\Tablet\Wacom\libxml2.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-20 16:35 - 2013-06-20 16:35 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-09-18 13:18 - 2013-09-18 13:18 - 03279768 _____ () C:\Windows.old\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Generic- SM/xD-Picture USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: 802.11n Wireless PCI Express Card LAN Adapter
Description: 802.11n Wireless PCI Express Card LAN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LITE-ON TECHNOLOGY CORPORATION
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2013 03:06:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/04/2013 03:06:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/04/2013 03:06:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/04/2013 03:06:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/04/2013 03:06:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/04/2013 03:05:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/04/2013 03:04:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"1".
Dependent Assembly Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (10/04/2013 03:06:27 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Lauren\downloads\esetsmartinstaller_enu.exe

Error: (10/04/2013 03:06:26 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Lauren\downloads\esetsmartinstaller_enu.exe

Error: (10/04/2013 03:06:25 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Lauren\downloads\esetsmartinstaller_enu.exe

Error: (10/04/2013 03:06:24 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Lauren\downloads\esetsmartinstaller_enu.exe

Error: (10/04/2013 03:06:22 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Lauren\downloads\esetsmartinstaller_enu.exe

Error: (10/04/2013 03:05:19 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (10/04/2013 03:04:36 PM) (Source: SideBySide)(User: )
Description: Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe


CodeIntegrity Errors:
===================================
  Date: 2013-10-01 14:00:29.456
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-01 14:00:29.035
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-01 14:00:28.598
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_d6005436ad01f9a3\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-01 13:58:11.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_56eb524ed945a70c\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-01 13:58:11.178
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_56eb524ed945a70c\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-01 13:58:10.788
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_56eb524ed945a70c\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-01 13:58:10.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-01 13:58:09.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-01 13:58:09.400
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_54ffd942dc23dbc0\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-01 13:48:11.155
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\Backup\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6002.18005_none_56eb524ed945a70c_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 6143.29 MB
Available physical RAM: 3534.58 MB
Total Pagefile: 12284.75 MB
Available Pagefile: 9617.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:687.3 GB) (Free:196.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.34 GB) (Free:1.52 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (Tablet_CD) (CDROM) (Total:0.18 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=687 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please uninstall ALL versions of JAVA from the Control Panel, Add/Remove.   Once we're done here if you want to reinstall Java you can but for now let's remove it please.

 

Run the AdwCleaner again and scan but this time uncheck any items you want to keep and then click the CLEAN button.

 

 

 

Next, Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

 

 

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Lauren at 2013-10-05 01:33:42 Run:1
Running from C:\Users\Lauren\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
MountPoints2: F - F:\LaunchU3.exe -a
MountPoints2: {17d7ce49-3be6-11df-a3bb-002215264ae7} - K:\OriginInstaller.exe
MountPoints2: {3385dea7-3a9d-11df-84c4-806e6f6e6963} - E:\Startup.exe
MountPoints2: {892717ed-9bf1-11e2-9250-002215264ae7} - L:\MotorolaDeviceManagerSetup.exe -a
MountPoints2: {9a9c8540-0367-11e2-af68-806e6f6e6963} - J:\Setup.exe
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
URLSearchHook: (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -  No File
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -  No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)


*****************

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17d7ce49-3be6-11df-a3bb-002215264ae7} => Key deleted successfully.
HKCR\CLSID\{17d7ce49-3be6-11df-a3bb-002215264ae7} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3385dea7-3a9d-11df-84c4-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{3385dea7-3a9d-11df-84c4-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{892717ed-9bf1-11e2-9250-002215264ae7} => Key deleted successfully.
HKCR\CLSID\{892717ed-9bf1-11e2-9250-002215264ae7} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a9c8540-0367-11e2-af68-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{9a9c8540-0367-11e2-af68-806e6f6e6963} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Value deleted successfully.
HKCR\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Value deleted successfully.
HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Key not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin => Key not found.
"C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.40.2 => Key deleted successfully.
C:\Windows\SysWOW64\npDeployJava1.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2 => Key not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Then reboot the computer.

 

Next, Please download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


 

 

Let me know how the computer is running now and if there are still any signs of an infection.

Link to post
Share on other sites

Haven't had a chance to do the security check step yet, but I did run TFC and reboot. So far, so good as far as how the computer is running, though oftentimes I wouldn't see something strange in how it runs for a couple days anyway. I'll let the security check run tonight or tomorrow morning sometime and let you know what it says.

Link to post
Share on other sites

Sorry about the delay, here's the security check results:

 

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.8.800.168  
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

As before, performance still seems good!

Link to post
Share on other sites

  • Root Admin

Looks good.  You might want to consider getting a better antivirus than Microsoft Security Essentials.

 

Here are a couple of free antivirus products.  Choose only one of them and uninstall Microsoft Security Essentials before installing the other antivirus.

AntiVir Personal

Avast! Free Antivirus
 

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png

Remove the rest of the tools used:



Please download
OTCleanIt
and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so


Note:

If you receive a warning from your firewall or other security programs regarding
OTCleanIt
attempting to contact the internet, please allow it to do so.


AdwCleaner Removal:
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes

ESET antivirus Removal:
  • This tool can be uninstalled via the Control Panel, Programs, Uninstall


If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


 
If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.