Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure if system is completely clean after malware removal


  • This topic is locked This topic is locked
32 replies to this topic

#1 SoXfused

SoXfused

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 31 January 2014 - 11:52 PM

Hello,

 

I recently got a pop-up saying "Your browser has been hijacked..." and I didn't read the rest of it because I trying to close out of it as fast as I could.  Since it wouldn't let me close out, I had to do a hard shut down (holding the power button down to shut it down) and when I restarted my computer, I ran two different scans.  Webroot SecureAnywhere (my anti-virus) didn't find anything after I did a scan, but then I did a full Malwarebytes scan, and it found one object.  It said it successfully removed the virus, but I'm concerned that maybe there might be something else on my system that maybe didn't get caught by Webroot or Malwarebytes.

 

Can I do something else to make sure my system is completely clean?  Thanks!


Edited by SoXfused, 31 January 2014 - 11:53 PM.


BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:57 PM

Posted 01 February 2014 - 01:26 AM

Hi SoXfused and welcome to BleepingComputer. :)

What version of windows you have?
Can you post Malwarebytes log here?
Location of MBAM scan log:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd

Thank you.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 SoXfused

SoXfused
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 01 February 2014 - 02:11 AM

Hello. :)

 

I have Windows 8.  Below is the log from my Malwarebytes scan.

 

-----------------------------------------------------------------------------------------

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.01.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
R :: RSCOMPUTER [administrator]

1/31/2014 9:37:26 PM
mbam-log-2014-01-31 (21-37-26).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 398508
Time elapsed: 59 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\R\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)


Edited by SoXfused, 01 February 2014 - 02:21 AM.


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:57 PM

Posted 01 February 2014 - 11:31 AM

ok That file is unwanted program (low risk), but we will do some more scans.

Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
What we need in your next reply:
adwcleaner log
JRT log
How's your computer running?

Thank you.

Edited by Sirawit, 01 February 2014 - 11:34 AM.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 SoXfused

SoXfused
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 01 February 2014 - 02:00 PM

Hello,

 

My computer seems to be running OK, but before I ran these scans, I kept getting a pop-up with a fake Anti-Virus message saying I need to scan my computer with their program.  I got the pop-up on a website I regularly visit, and I don't think I've ever had that happen on that website.  Below are the logs from the scans:

 

AdwCleaner

# AdwCleaner v3.018 - Report created 01/02/2014 at 12:35:24
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : R - RSCOMPUTER
# Running from : C:\Users\R\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

*************************

AdwCleaner[R0].txt - [1599 octets] - [23/08/2013 16:06:25]
AdwCleaner[R1].txt - [1659 octets] - [01/02/2014 12:33:27]
AdwCleaner[S0].txt - [1321 octets] - [01/02/2014 12:35:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1381 octets] ##########

 

Junkware Removal Tool

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8 x64
Ran by R on Sat 02/01/2014 at 12:42:11.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5C6BE034-9BCA-4F2B-9DC1-229C415E5102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5C6BE034-9BCA-4F2B-9DC1-229C415E5102}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/01/2014 at 12:46:49.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Edited by SoXfused, 01 February 2014 - 02:04 PM.


#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:57 PM

Posted 01 February 2014 - 02:09 PM

ok, the log looks good.

 

[b]I'd like us to scan your machine with ESET OnlineScan[/b]

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please download securitycheck by screen317 and save it to your desktop.

  • Run it and press Enter

  • Wait for it to complete, this may take a while.

  • After the scan finished, the report will popup, post the log here.

 

What we need in your next reply:
ESET log

securitycheck log
How's your computer running?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 SoXfused

SoXfused
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 01 February 2014 - 11:06 PM

Hi Sirawit,

 

My computer seems to be running fine.  I ran the ESET Online Scanner, and it said, "No Threats Found". :)

 

I downloaded Security Check, but when I open it and try to run it, it won't let me and gives me a pop-up that says,  "UNSUPPORTED OPERATING SYSTEM! ABORTED!".  So I can't get that program to run. :unsure:


Edited by SoXfused, 01 February 2014 - 11:07 PM.


#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:57 PM

Posted 02 February 2014 - 07:47 AM

OK, no worry, we can use other program. :)

 

Please download Minitoolbox and save to your desktop.

Close all programs, run minitoolbox and select these boxes:

  • Flush DNS
  • Report IE proxy settings
  • Reset IE proxy settings
  • Report FF proxy settings
  • Reset proxy settings
  • List Content of Hosts
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices (Only Problems)

Click GO and wait, please post the log here.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 SoXfused

SoXfused
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 02 February 2014 - 11:55 PM

MiniToolBox worked. :)  Below is the log:

 

---------------------------------------------------------------

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by R (administrator) on 02-02-2014 at 22:48:37
Running from "C:\Users\R\Desktop"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/02/2014 00:48:39 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (02/02/2014 11:39:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32647859

Error: (02/02/2014 11:39:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32647859

Error: (02/02/2014 11:39:35 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/01/2014 06:46:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/01/2014 06:46:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/01/2014 02:01:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (02/01/2014 01:59:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/01/2014 00:52:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (02/01/2014 00:50:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (02/02/2014 02:51:20 PM) (Source: DCOM) (User: RsComputer)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (02/01/2014 10:21:56 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.

Error: (02/01/2014 10:21:56 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/01/2014 10:21:56 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.

Error: (02/01/2014 10:21:56 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (02/01/2014 02:53:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/01/2014 02:53:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/01/2014 02:52:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/01/2014 02:52:21 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/01/2014 01:10:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Microsoft Office Sessions:
=========================
Error: (02/02/2014 00:48:39 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (02/02/2014 11:39:35 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32647859

Error: (02/02/2014 11:39:35 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32647859

Error: (02/02/2014 11:39:35 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/01/2014 06:46:40 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\R\Desktop\esetsmartinstaller_enu.exe

Error: (02/01/2014 06:46:32 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\R\Desktop\esetsmartinstaller_enu.exe

Error: (02/01/2014 02:01:15 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (02/01/2014 01:59:51 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (02/01/2014 00:52:25 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (02/01/2014 00:50:57 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

CodeIntegrity Errors:
===================================
  Date: 2013-04-30 15:59:04.626
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 15:50:19.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 15:49:26.248
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 15:48:50.973
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 15:48:44.826
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 15:48:43.309
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 15:48:26.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 15:48:25.448
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 15:46:45.144
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-04-30 15:46:39.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

4 Elements II (Version: 2.2.0.98)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Bejeweled 3 (Version: 2.2.0.98)
Bonjour (Version: 3.0.0.10)
Build-a-lot 4 - Power Source (Version: 2.2.0.98)
CCleaner (Version: 4.10)
Chuzzle Deluxe (Version: 2.2.0.95)
Cradle Of Egypt Collector's Edition (Version: 2.2.0.98)
Cradle of Rome 2 (Version: 2.2.0.98)
CyberLink LabelPrint (Version: 2.5.5.6902)
CyberLink Media Suite 10 (Version: 10.0.4.2928)
CyberLink PhotoDirector (Version: 2.0.1.3119)
CyberLink Power2Go 8 (Version: 8.0.3.2527)
CyberLink PowerDirector 10 (Version: 10.0.4.3122)
CyberLink PowerDVD (Version: 10.0.6.4319)
CyberLink YouCam (Version: 3.5.6.6119)
D3DX10 (Version: 15.4.2368.0902)
Energy Star (Version: 1.0.8)
Farm Frenzy (Version: 2.2.0.98)
FATE: The Cursed King (Version: 2.2.0.97)
Final Drive Fury (Version: 2.2.0.95)
FlatOut 2 (Version: 2.2.0.98)
Governor of Poker 2 Premium Edition (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.0.0 (Version: 1.00.0000)
Hoyle Card Games (Version: 2.2.0.95)
HP 3D DriveGuard (Version: 4.2.9.1)
HP Connected Music (Meridian - installer) (Version: v1.0)
HP CoolSense (Version: 2.20.11)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.0.0)
HP Games (Version: 1.0.3.0)
HP MyRoom (Version: 9.0.0.0)
HP Postscript Converter (Version: 3.1.3554)
HP Product Detection (Version: 11.15.0008)
HP Quick Launch (Version: 3.0.6)
HP Recovery Manager (Version: 7.00)
HP Registration Service (Version: 1.0.5976.4186)
HP Software Framework (Version: 4.6.8.1)
HP Support Assistant (Version: 7.0.32.44)
HP Utility Center (Version: 1.0.7)
HP Wireless Button Driver (Version: 1.1.2.1)
IDT Audio (Version: 1.0.6425.0)
Intel® Control Center (Version: 1.2.1.1008)
Intel® Management Engine Components (Version: 8.1.0.1252)
Intel® Processor Graphics (Version: 9.17.10.2857)
Intel® Rapid Storage Technology (Version: 11.5.9.1002)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
IrfanView (remove only) (Version: 4.35)
Jewel Match 3 (Version: 2.2.0.98)
John Deere Drive Green (Version: 2.2.0.95)
Luxor Evolved (Version: 2.2.0.98)
Mahjongg Dimensions Deluxe: Tiles in Time (Version: 2.2.0.98)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MediaMonkey 4.0 (Version: 4.0)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Professional Plus 2013 - en-us (Version: 15.0.4551.1512)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mortimer Beckett and the Crimson Thief Premium Edition (Version: 2.2.0.98)
MSVCRT (Version: 15.4.2862.0708)
Mystery P.I. - Curious Case of Counterfeit Cove (Version: 2.2.0.98)
Norton Internet Security (Version: 20.4.0.40)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4551.1512)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512)
Office 15 Click-to-Run Localization Component (Version: 15.0.4551.1512)
Peggle Nights (Version: 2.2.0.98)
Penguins! (Version: 2.2.0.98)
Polar Bowler (Version: 2.2.0.97)
Polar Golfer (Version: 2.2.0.98)
Ralink Bluetooth Stack64 (Version: 9.0.725.0)
Ralink RT3290 802.11bgn Wi-Fi Adapter (Version: 5.0.5.0)
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
Realtek Ethernet Controller Driver (Version: 8.3.730.2012)
Realtek PCIE Card Reader (Version: 6.2.8400.29029)
RealUpgrade 1.1 (Version: 1.1.0)
Roads of Rome 3 (Version: 2.2.0.98)
Switch Sound File Converter
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.5.3.3)
Tales of Lagoona (Version: 2.2.0.110)
Update Installer for WildTangent Games App
Vacation Quest™ - Australia (Version: 2.2.0.98)
VideoPad Video Editor
Webroot SecureAnywhere (Version: 8.0.4.46)
WildTangent Games (Version: 1.0.3.0)
WildTangent Games App (Version: 4.0.9.6)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
YTD Video Downloader 4.7.2 (Version: 4.7.2)
Zuma's Revenge (Version: 2.2.0.98)

========================= Devices: ================================

**** End of log ****



#10 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:57 PM

Posted 03 February 2014 - 07:59 AM

We're near!

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

:step1: Uninstall Adobe Shockwave

  • Open Programs and Features or Add and Remove Programs by clicking the Start / Windows "Orb" button, clicking Control Panel, clicking Programs, and then clicking Programs and Features or Add and Remove Programs.
  • Select any program with Adobe Shockwave in the name, and then click Uninstall.
  • Repeat step 2 until no more programs containing Adobe Shockwave are visible.

Note: Some programs include the option to change or repair the program in addition to uninstalling it, but many simply offer the option to uninstall. To change a program, click Change or Repair. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Please follow these steps to Install the latest Adobe Shockwave player:

:step2: Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link

  • Close all open browsers before using, especially FireFox. <-Important!!!
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Notes: On Vista, "Windows Temp" is disabled. To empty Temp, ATF-Cleaner must be Run As Administrator.
The Prefetch cleaning feature has been disabled for Vista Users. Tabs for applications that are not installed are grayed out.

 
:step3: Now please run Minitoolbox again, but now, please select these boxes instead.

  • List Installed programs
  • List User, partitions and memory size.

Also please post the log here.
 
Thank you.


Edited by Sirawit, 03 February 2014 - 08:05 AM.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#11 SoXfused

SoXfused
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 04 February 2014 - 01:28 AM

Hi Sirawit,:)

 

I've uninstalled the Adobe Shockwave and installed the newest version.

 

I was going to download the ATF Cleaner, but I noticed that it says: "This program is for XP and Windows 2000 only".  Since I have Windows 8, I shouldn't use it, right? :huh:



#12 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:57 PM

Posted 04 February 2014 - 01:29 AM

Can you try please? It run for me in Windows 7. :)

 

(And don't forget to post minitoolbox log.)

 

Thank you.


Edited by Sirawit, 04 February 2014 - 01:29 AM.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#13 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:57 PM

Posted 04 February 2014 - 09:56 AM

Can you try please? It run for me in Windows 7. :)

 

(And don't forget to post minitoolbox log.)

 

Thank you.

 

Please use this one instead -> http://windows.microsoft.com/en-us/windows/delete-files-using-disk-cleanup#delete-files-using-disk-cleanup=windows-8

 

(In To delete file section only.)

 

This will yield more results.

 

Thank you.


Edited by Sirawit, 04 February 2014 - 09:57 AM.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#14 SoXfused

SoXfused
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 06 February 2014 - 11:56 PM

Could you tell me which boxes to check under 'Files to Delete' under the Disk Cleanup tab?  I just want to make sure I check the right ones so I don't mess anything up.  The boxes are:

 

- Downloaded Program Files

- Temporary Internet Files

- Offline Webpages

- Recycle Bin

- Temporary Files

- Per User Archived Windows Error Report

- System Archived Windows Error Report

 

Thanks! :)



#15 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:57 PM

Posted 07 February 2014 - 01:03 AM

No problem :)

 

First, if the amount of any box is 0 bytes, don't check it.

Second, check if you have any important items in recycle bin, if you want them back, restore them first, and select recycle bin box.

Third, if you didn't want to analyze system error logs, select per user archived windows error report and system archived error report.

Fourth, if you didn't want to keep any offline webpages you save, select Offline Webpages box.

Last, select these boxes:

  • Downloaded Program Files
  • Temporary Internet Files
  • Temporary Files

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users