Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirection ad's


  • This topic is locked This topic is locked
17 replies to this topic

#1 w i l l

w i l l

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 07 February 2015 - 06:03 AM

Hi, I'm getting a lot of ad popup from Firefox. It's difficult to even click on a page, and constantly being redirected. This is a new laptop. I hope someone can help, thanks!

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:55:32 AM, on 2/7/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

FIREFOX: 35.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Windows\syswow64\wwahost.exe
C:\Users\will\AppData\Roaming\Search Protection\SP.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Users\will\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkID=394657
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://se.search.yahoo.com/?type=903578&fr=spigot-yhp-ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [SoftonicAssistant] "C:\Users\will\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"
O4 - HKCU\..\Run: [Search Protection] "C:\Users\will\AppData\Roaming\Search Protection\SP.EXE" /autostart
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:/PROGRA~3/{E8FD0~1/171~1.0/mola.dll C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6874 bytes



BC AdBot (Login to Remove)

 


m

#2 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 AM

Posted 07 February 2015 - 10:07 AM

Hello w i l l  and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

:hello:
 
Have a nice day.
 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 AM

Posted 09 February 2015 - 03:24 PM

Hello w i l l,

 

3 Day Inactivity
This is the third day since my last post. Are you still there?
If you need more time, just let me know.
If you do not post within 48 hours, this thread will be closed due to inactivity.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 AM

Posted 13 February 2015 - 08:43 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,693 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:57 PM

Posted 08 March 2015 - 03:25 PM

Topic reopened at request.
 
Back to you olgun52

~ OB :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#6 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 AM

Posted 08 March 2015 - 03:44 PM

Thank you Orange Blossom,

-----------

Hello w i l l, I'm waiting for your report.

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 w i l l

w i l l
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 09 March 2015 - 11:12 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by will (administrator) on WILL on 09-03-2015 16:02:46
Running from C:\Users\will\Desktop
Loaded Profiles: will (Available profiles: will)
Platform: Windows 8.1 Pro (X64) OS Language: Swedish (Sweden)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
() C:\Users\will\AppData\Roaming\Search Protection\SP.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Phrase Finder) C:\Program Files (x86)\PhraseFinder_1.10.0.9\Service\pfsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Autodesk Inc) C:\Program Files\Autodesk\SketchBook\SketchBook.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamRecorder.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Camtasia Studio 8\TscHelp.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\FileManager\FileManager.exe
(Microsoft Corporation) C:\Windows\System32\CredentialUIBroker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2015-01-24] (Google)
HKU\S-1-5-21-2526226950-711930911-257877175-1001\...\Run: [SoftonicAssistant] => C:\Users\will\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe [1829832 2014-11-11] ()
HKU\S-1-5-21-2526226950-711930911-257877175-1001\...\Run: [Search Protection] => C:\Users\will\AppData\Roaming\Search Protection\SP.EXE [901728 2015-02-27] ()
HKU\S-1-5-21-2526226950-711930911-257877175-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-2526226950-711930911-257877175-1001\...\MountPoints2: {3fd016fc-a4c9-11e4-8256-acfe3856b5a7} - "D:\DTVP_Launcher.exe"
AppInit_DLLs-x32: C:/PROGRA~3/{7BA49~1/192~1.1/rite.dll => C:\ProgramData\{7BA49367-2B26-42E1-9AA0-32634A22E1ED}\1.9.2.1\rite.dll [1009664 2015-03-06] ()
AppInit_DLLs-x32:  C:/PROGRA~3/{E8FD0~1/171~1.0/mola.dll => C:\ProgramData\{E8FD003E-B87F-D1B8-09F9-A13AD97B72B4}\1.7.1.0\mola.dll [649216 2015-01-19] ()
AppInit_DLLs-x32:  C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2015-01-24] (Google)
Startup: C:\Users\will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Users\will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk
ShortcutTarget: OptimizerPro.lnk -> C:\ProgramData\{1db26340-3669-4cdd-1db2-263403668d00}\OptimizerPro.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2526226950-711930911-257877175-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_04_ff&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytB0A0C0FtAtC0CtB0C0A0AtN0D0Tzu0StCtCtCyEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyDzytByC0B0FtCtGzy0EtAtCtGtAtC0ByCtGtByD0D0EtGyCyDtD0FtA0FyDyBtBzyyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzztAtCyCyEyEyDtG0CzztAyBtGyE0EtB0DtGzy0DtByDtGtByDzy0EyCzyzzyBzy0F0E0C2Q&cr=743173015&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_04_ff&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytB0A0C0FtAtC0CtB0C0A0AtN0D0Tzu0StCtCtCyEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyDzytByC0B0FtCtGzy0EtAtCtGtAtC0ByCtGtByD0D0EtGyCyDtD0FtA0FyDyBtBzyyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzztAtCyCyEyEyDtG0CzztAyBtGyE0EtB0DtGzy0DtByDtGtByDzy0EyCzyzzyBzy0F0E0C2Q&cr=743173015&ir=
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\S-1-5-21-2526226950-711930911-257877175-1001 -> DefaultScope {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://se.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2526226950-711930911-257877175-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_04_ff&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytB0A0C0FtAtC0CtB0C0A0AtN0D0Tzu0StCtCtCyEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyDzytByC0B0FtCtGzy0EtAtCtGtAtC0ByCtGtByD0D0EtGyCyDtD0FtA0FyDyBtBzyyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzztAtCyCyEyEyDtG0CzztAyBtGyE0EtB0DtGzy0DtByDtGtByDzy0EyCzyzzyBzy0F0E0C2Q&cr=743173015&ir=
SearchScopes: HKU\S-1-5-21-2526226950-711930911-257877175-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://se.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2526226950-711930911-257877175-1001 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=txVzx10nY04vTyGqlbygtoAQ5PM?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2526226950-711930911-257877175-1001 -> {875B6871-55C9-4771-8980-E5093906EB39} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_10&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytB0A0C0FtAtC0CtB0C0A0AtN0D0Tzu0StCtCyCtDtN1L2XzutAtFzztFyEtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0AtD0EtAtB0EtCtGzz0FtC0DtGyDtD0AtAtGtDtCyByEtGyD0D0DtCtC0C0DyCzyyDyCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzztAtCyCyEyEyDtG0CzztAyBtGyE0EtB0DtGzy0DtByDtGtByDzy0EyCzyzzyBzy0F0E0C2QtN1B2Z1V1T1S1NzuyDyBtA&cr=2031753554&ir=
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\t9tfrcuu.default
FF SelectedSearchEngine: Yahoo!
FF Homepage: about:home
FF Keyword.URL: https://se.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF user.js: detected! => C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\t9tfrcuu.default\user.js [2015-01-19]
FF SearchPlugin: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\t9tfrcuu.default\searchplugins\Vosteran.xml [2015-01-19]
FF SearchPlugin: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\t9tfrcuu.default\searchplugins\yahoo_ff.xml [2015-03-06]
FF Extension: Duplicate This Tab - C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\t9tfrcuu.default\Extensions\duplicate-this-tab@mozilla.org.xpi [2015-01-24]
FF Extension: Google Translator for Firefox - C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\t9tfrcuu.default\Extensions\translator@zoli.bod.xpi [2015-01-25]
FF Extension: Adblock Plus - C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\t9tfrcuu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2015-01-24] (Google)
R2 pfsvc_1.10.0.9; C:\Program Files (x86)\PhraseFinder_1.10.0.9\Service\pfsvc.exe [278608 2015-02-06] (Phrase Finder)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 61701e76; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.51\OptProMon.dll",ENT

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-08-14] (Microsoft Corporation)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-07] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-07] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-01-31] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [1002496 2014-12-24] (Marvell Semiconductors Inc.)
R1 pfnfd_1_10_0_9; C:\Windows\System32\drivers\pfnfd_1_10_0_9.sys [58232 2015-02-06] (Phrase Finder)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-08-14] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-08-14] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-05-31] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-11-27] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-05-02] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49776 2014-12-09] (Microsoft Corporation)
R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [66672 2014-10-25] (Microsoft Corporation)
S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-04-14] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-03-19] (Microsoft Corporation)
R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [411648 2014-12-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 16:02 - 2015-03-09 16:02 - 00013395 _____ () C:\Users\will\Desktop\FRST.txt
2015-03-09 16:01 - 2015-03-09 16:02 - 00000000 ____D () C:\FRST
2015-03-09 16:01 - 2015-03-09 16:01 - 02095104 _____ (Farbar) C:\Users\will\Desktop\FRST64.exe
2015-03-08 21:11 - 2015-03-09 12:45 - 00000000 ____D () C:\Users\will\Downloads\The Necessary Death of Charlie Countryman (2013)
2015-03-08 15:07 - 2015-03-08 15:07 - 01134592 _____ (Farbar) C:\Users\will\Desktop\FRST.exe
2015-03-08 13:04 - 2015-03-08 13:04 - 12991527 _____ () C:\Users\will\Desktop\capture-7.trec
2015-03-08 12:51 - 2015-03-08 12:51 - 16791758 _____ () C:\Users\will\Desktop\capture-6.trec
2015-03-08 12:35 - 2015-03-08 12:35 - 24497631 _____ () C:\Users\will\Desktop\capture-5.trec
2015-03-06 18:48 - 2015-03-06 18:47 - 08945573 _____ () C:\Users\will\Desktop\capture-4.trec
2015-03-06 18:44 - 2015-03-06 18:44 - 03000909 _____ () C:\Users\will\Desktop\capture-3.trec
2015-03-06 18:39 - 2015-03-06 18:39 - 03120625 _____ () C:\Users\will\Desktop\capture-2.trec
2015-03-06 18:28 - 2015-03-08 13:13 - 00000000 ____D () C:\Users\will\Desktop\Untitled
2015-03-06 18:24 - 2015-03-06 18:23 - 07152928 _____ () C:\Users\will\Desktop\capture-1.trec
2015-03-06 18:15 - 2015-03-07 22:55 - 00000000 ____D () C:\Users\will\Desktop\backups
2015-03-06 18:15 - 2015-03-06 18:15 - 00000408 _____ () C:\Users\will\AppData\Roaming\CamShapes.ini
2015-03-06 18:15 - 2015-03-06 18:15 - 00000408 _____ () C:\Users\will\AppData\Roaming\CamLayout.ini
2015-03-06 18:15 - 2015-03-06 18:15 - 00000046 _____ () C:\Users\will\AppData\Roaming\Camdata.ini
2015-03-06 18:03 - 2015-03-06 18:03 - 00000000 ____D () C:\Users\will\AppData\Roaming\TechSmith
2015-03-06 17:57 - 2015-03-06 17:57 - 00000000 ____D () C:\Users\will\Documents\Camtasia Studio
2015-03-06 17:57 - 2015-03-06 17:57 - 00000000 ____D () C:\Users\will\AppData\Local\TechSmith
2015-03-06 17:54 - 2015-03-06 17:54 - 00001191 _____ () C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2015-03-06 17:54 - 2015-03-06 17:54 - 00000000 ____D () C:\ProgramData\TechSmith
2015-03-06 17:54 - 2015-03-06 17:54 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2015-03-06 17:54 - 2015-03-06 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-03-06 17:54 - 2015-03-06 17:54 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2015-03-06 17:54 - 2015-03-06 17:54 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-06 17:47 - 2015-03-06 17:49 - 259540280 _____ () C:\Users\will\Desktop\camtasia.exe
2015-03-06 17:43 - 2015-03-06 17:43 - 00004509 _____ () C:\Users\will\AppData\Roaming\CamStudio.cfg
2015-03-06 17:39 - 2015-03-06 17:39 - 00001063 _____ () C:\Users\Public\Desktop\CamStudio.lnk
2015-03-06 17:39 - 2015-03-06 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
2015-03-06 17:39 - 2015-03-06 17:39 - 00000000 ____D () C:\Program Files (x86)\CamStudio 2.7
2015-03-06 17:34 - 2015-03-06 17:34 - 03099532 _____ (CamStudio Open Source ) C:\Users\will\Desktop\CamStudio_2.7_r316_setup.exe
2015-03-06 17:27 - 2015-03-06 17:27 - 02347384 _____ (ESET) C:\Users\will\Desktop\esetsmartinstaller_enu(1).exe
2015-03-06 17:14 - 2015-03-06 17:14 - 00004004 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-03-06 17:14 - 2015-03-06 17:14 - 00001988 _____ () C:\Users\will\Desktop\Sync Folder.lnk
2015-03-06 17:14 - 2015-03-06 17:14 - 00001088 _____ () C:\Users\will\Desktop\MyPC Backup.lnk
2015-03-06 17:14 - 2015-03-06 17:14 - 00000000 ____D () C:\Users\will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2015-03-06 17:13 - 2015-03-06 17:41 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-03-06 17:12 - 2015-03-06 17:17 - 00000000 ____D () C:\ProgramData\Norton
2015-03-06 17:12 - 2015-03-06 17:12 - 00001118 _____ () C:\Users\will\Desktop\Optimizer Pro.lnk
2015-03-06 17:12 - 2015-03-06 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-03-06 17:10 - 2015-03-09 15:10 - 00000298 _____ () C:\Windows\Tasks\Wse_binkiland.job
2015-03-06 17:10 - 2015-03-06 17:41 - 00000000 ____D () C:\ProgramData\{1db26340-3669-4cdd-1db2-263403668d00}
2015-03-06 17:10 - 2015-03-06 17:41 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.51
2015-03-06 17:10 - 2015-03-06 17:10 - 00002636 _____ () C:\Windows\System32\Tasks\Wse_binkiland
2015-03-06 17:10 - 2015-03-06 17:10 - 00000772 _____ () C:\Windows\Tasks\Binkiland rite.job
2015-03-06 17:10 - 2015-03-06 17:10 - 00000000 ____D () C:\Users\will\AppData\Roaming\Wse_binkiland
2015-03-06 17:10 - 2015-03-06 17:10 - 00000000 ____D () C:\ProgramData\{7BA49367-2B26-42E1-9AA0-32634A22E1ED}
2015-03-06 17:10 - 2015-03-06 17:10 - 00000000 ____D () C:\Program Files (x86)\WSE_Binkiland
2015-03-06 17:10 - 2015-03-06 17:10 - 00000000 ____D () C:\Program Files (x86)\PhraseFinder_1.10.0.9
2015-03-06 17:10 - 2015-03-06 17:08 - 06177656 _____ (http://freerecorders.com ) C:\Users\will\Downloads\screenrecorder_setup [1].exe
2015-03-06 17:08 - 2015-03-06 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-03-06 17:07 - 2015-03-06 17:07 - 01432504 _____ ( ) C:\Users\will\Desktop\screenrecorder_setup.exe
2015-03-06 17:03 - 2015-03-06 17:45 - 00000000 ____D () C:\TinyTake
2015-03-06 17:03 - 2015-03-06 17:26 - 00003558 _____ () C:\Windows\System32\Tasks\TinyTakeUpgrade
2015-03-06 17:03 - 2015-03-06 17:03 - 00002505 _____ () C:\Users\Public\Desktop\TinyTake by MangoApps.lnk
2015-03-06 17:02 - 2015-03-06 17:02 - 20121408 _____ (MangoApps) C:\Users\will\Desktop\TinyTakeSetup_v_2_5_41.exe
2015-03-06 16:41 - 2015-03-06 16:41 - 00000146 _____ () C:\Users\will\Desktop\Device Manager - Shortcut (2).lnk
2015-03-04 19:39 - 2015-03-04 19:39 - 00012288 ___SH () C:\Users\will\Downloads\Thumbs.db
2015-03-01 08:24 - 2015-03-01 08:24 - 00111988 _____ () C:\Users\will\Desktop\All sizes _ Volleyball Clone _ Flickr - Photo Sharing!.htm
2015-03-01 08:24 - 2015-03-01 08:24 - 00000000 ____D () C:\Users\will\Desktop\All sizes _ Volleyball Clone _ Flickr - Photo Sharing!_files
2015-02-25 15:58 - 2015-02-25 15:58 - 00000000 ____D () C:\Users\will\Desktop\Kids.for.Cash.2014.HDRip.x264.AC3-FooKaS[rarbg]
2015-02-24 20:45 - 2014-12-13 21:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-24 20:45 - 2014-12-13 21:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-24 20:45 - 2014-10-29 01:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-24 20:45 - 2014-10-29 01:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-02-24 20:45 - 2014-10-29 01:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-24 20:45 - 2014-10-29 01:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-02-21 19:40 - 2015-01-23 04:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-21 19:40 - 2015-01-23 03:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-15 19:06 - 2015-02-15 19:06 - 00392282 _____ () C:\Users\will\Desktop\computer6.psd
2015-02-15 16:22 - 2015-02-15 16:22 - 00511418 _____ () C:\Users\will\Desktop\computer4.psd
2015-02-15 09:42 - 2015-02-15 09:42 - 00000146 _____ () C:\Users\will\Desktop\Device Manager - Shortcut.lnk
2015-02-15 09:29 - 2015-01-15 22:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-15 09:29 - 2015-01-15 22:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-15 09:29 - 2015-01-14 04:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-15 09:29 - 2015-01-14 03:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-15 09:29 - 2014-10-29 02:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-15 09:29 - 2014-10-29 02:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-15 09:29 - 2014-10-29 02:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-15 09:29 - 2014-10-29 02:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-15 09:29 - 2014-10-29 01:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-15 09:28 - 2015-02-03 23:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-15 09:28 - 2015-02-03 23:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-15 09:28 - 2015-02-03 23:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-15 09:28 - 2015-02-02 23:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-15 09:28 - 2015-02-02 23:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-15 09:28 - 2015-02-02 23:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-15 09:28 - 2015-01-19 18:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-15 09:28 - 2015-01-13 22:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-15 09:28 - 2015-01-13 22:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-15 09:28 - 2015-01-12 03:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-15 09:28 - 2015-01-12 02:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-15 09:28 - 2015-01-12 02:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-15 09:28 - 2015-01-12 02:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-15 09:28 - 2015-01-12 02:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-15 09:28 - 2015-01-12 02:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-15 09:28 - 2015-01-12 02:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-15 09:28 - 2015-01-12 02:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-15 09:28 - 2015-01-12 02:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-15 09:28 - 2015-01-12 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-15 09:28 - 2015-01-12 02:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-15 09:28 - 2015-01-12 01:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-15 09:28 - 2015-01-12 01:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-15 09:28 - 2015-01-12 01:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-15 09:28 - 2015-01-12 01:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-15 09:28 - 2015-01-12 01:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-15 09:28 - 2015-01-12 01:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-15 09:28 - 2015-01-12 01:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-15 09:28 - 2015-01-12 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-15 09:28 - 2015-01-12 01:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-15 09:28 - 2015-01-12 01:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-15 09:28 - 2015-01-12 01:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-15 09:28 - 2015-01-12 01:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-15 09:28 - 2015-01-12 01:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-15 09:28 - 2015-01-12 01:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-15 09:28 - 2015-01-12 01:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-15 09:28 - 2015-01-12 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-15 09:28 - 2015-01-12 01:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-15 09:28 - 2015-01-12 01:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-15 09:28 - 2015-01-12 01:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-15 09:28 - 2015-01-12 01:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-15 09:28 - 2015-01-12 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-15 09:28 - 2015-01-12 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-15 09:28 - 2015-01-12 00:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-15 09:28 - 2015-01-10 09:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-15 09:28 - 2015-01-10 09:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-15 09:28 - 2015-01-10 08:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-15 09:28 - 2015-01-10 07:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-15 09:28 - 2015-01-10 06:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-15 09:28 - 2014-12-19 08:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-15 09:28 - 2014-12-19 08:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-15 09:28 - 2014-12-09 03:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-15 09:28 - 2014-12-09 01:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-15 09:28 - 2014-12-08 23:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-15 09:28 - 2014-10-29 02:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-15 09:28 - 2014-10-29 02:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-15 09:28 - 2014-10-29 01:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-15 09:28 - 2014-10-29 01:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-15 09:28 - 2014-10-29 01:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-15 09:28 - 2014-10-29 01:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-15 09:28 - 2014-10-29 01:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-15 09:28 - 2014-10-29 01:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-15 09:27 - 2015-01-10 08:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 20:42 - 2015-03-09 15:58 - 00000000 ____D () C:\Users\will\AppData\Roaming\Skype
2015-02-11 20:42 - 2015-02-11 20:42 - 00002713 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-02-11 20:42 - 2015-02-11 20:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-11 20:42 - 2015-02-11 20:42 - 00000000 ____D () C:\Users\will\AppData\Local\Skype
2015-02-11 20:42 - 2015-02-11 20:42 - 00000000 ____D () C:\ProgramData\Skype
2015-02-11 20:42 - 2015-02-11 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-11 20:41 - 2015-02-11 20:41 - 00000000 ____D () C:\Users\will\AppData\Roaming\OpenCandy
2015-02-07 11:55 - 2015-02-07 11:55 - 00006875 _____ () C:\Users\will\Desktop\hijackthis.log
2015-02-07 11:52 - 2015-02-07 11:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\will\Desktop\HijackThis.exe
2015-02-07 10:00 - 2015-02-07 10:00 - 00000000 ____D () C:\Users\will\Desktop\Nik Software Color Efex Pro 4.00 REV 15202 Complete Edition (x86-x64) with CRACK

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-09 16:00 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-09 15:36 - 2015-01-17 16:00 - 01253219 _____ () C:\Windows\WindowsUpdate.log
2015-03-09 15:07 - 2015-01-25 16:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-09 15:05 - 2015-01-19 20:05 - 00000298 _____ () C:\Windows\Tasks\WSE_Vosteran.job
2015-03-09 13:35 - 2015-01-17 16:08 - 00003904 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{00C9D581-6E06-4D57-9499-BE361863C28F}
2015-03-09 10:16 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-08 14:46 - 2015-01-17 16:11 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2526226950-711930911-257877175-1001
2015-03-08 12:47 - 2015-01-19 14:50 - 03716096 ___SH () C:\Users\will\Desktop\Thumbs.db
2015-03-08 12:24 - 2014-08-14 17:04 - 01652846 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-08 12:24 - 2014-08-14 07:47 - 00703596 _____ () C:\Windows\system32\perfh01D.dat
2015-03-08 12:24 - 2014-08-14 07:47 - 00148476 _____ () C:\Windows\system32\perfc01D.dat
2015-03-08 12:18 - 2015-01-17 16:06 - 00000000 ___RD () C:\Users\will\OneDrive
2015-03-08 12:18 - 2013-08-22 14:46 - 00027976 _____ () C:\Windows\setupact.log
2015-03-08 12:18 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-08 12:17 - 2015-01-19 16:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-08 12:17 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-06 19:45 - 2015-01-28 18:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-06 19:01 - 2015-02-01 10:25 - 00000000 ____D () C:\Users\will\AppData\Roaming\vlc
2015-03-06 18:16 - 2015-02-01 09:53 - 00000000 ____D () C:\Users\will\AppData\Local\SoftonicAssistant
2015-03-06 17:54 - 2015-01-17 16:05 - 00000000 ____D () C:\Users\will
2015-03-06 17:25 - 2015-01-19 21:05 - 00000139 _____ () C:\Users\will\AppData\Roaming\WB.CFG
2015-03-06 17:17 - 2014-08-14 16:56 - 00597382 _____ () C:\Windows\PFRO.log
2015-03-06 17:16 - 2013-08-22 15:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-03-06 17:16 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-06 17:13 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-06 17:03 - 2014-08-14 16:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-04 19:39 - 2015-01-25 21:16 - 00000000 ___RD () C:\Users\will\Desktop\Microsoft.SkypeApp_kzf8qxf38zg5c!App
2015-03-03 13:17 - 2015-01-19 16:41 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-01 21:19 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\rescache
2015-02-24 20:58 - 2013-08-22 15:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-21 18:57 - 2013-08-22 14:44 - 00337808 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-16 05:31 - 2015-01-20 06:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-16 05:27 - 2015-01-20 06:09 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-16 05:26 - 2015-01-21 07:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-16 05:26 - 2015-01-21 07:04 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-07 18:10 - 2015-02-03 22:40 - 00000000 ____D () C:\Users\will\Desktop\New folder (2)
2015-02-07 11:53 - 2015-01-17 16:05 - 00000000 ____D () C:\Users\will\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2015-03-06 18:15 - 2015-03-06 18:15 - 0000046 _____ () C:\Users\will\AppData\Roaming\Camdata.ini
2015-03-06 18:15 - 2015-03-06 18:15 - 0000408 _____ () C:\Users\will\AppData\Roaming\CamLayout.ini
2015-03-06 18:15 - 2015-03-06 18:15 - 0000408 _____ () C:\Users\will\AppData\Roaming\CamShapes.ini
2015-03-06 17:43 - 2015-03-06 17:43 - 0004509 _____ () C:\Users\will\AppData\Roaming\CamStudio.cfg
2015-01-19 21:05 - 2015-03-06 17:25 - 0000139 _____ () C:\Users\will\AppData\Roaming\WB.CFG
2015-01-21 15:05 - 2015-01-21 15:05 - 0000001 _____ () C:\Users\will\AppData\Local\DSI.DAT
2014-08-14 16:57 - 2014-08-14 16:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\will\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\will\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
C:\Users\will\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signedf
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-08 03:20

==================== End Of Log ============================



#8 w i l l

w i l l
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 09 March 2015 - 11:15 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03
Ran by will at 2015-03-09 16:03:27
Running from C:\Users\will\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Autodesk SketchBook (HKLM\...\{D423BBA2-8821-47EC-A975-2E8B4AF609E0}) (Version: 7.10.0000 - Autodesk)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Camtasia Studio 8 (HKLM-x32\...\{1B57499B-1BEB-426A-A406-D9D004A1D2CE}) (Version: 8.5.0.1954 - TechSmith Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4631.1003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.3.1.7 - PCUtilities Software Limited) <==== ATTENTION
Phrase Finder 1.10.0.9 (HKLM-x32\...\PhraseFinder_1.10.0.9) (Version: 1.10.0.9 - Phrase Finder)
Remind! (HKLM-x32\...\{73C038E2-A4E9-4142-9716-48045D1E9255}}_is1) (Version: 5.51 - Crystal Office Systems)
Search Protection (HKU\S-1-5-21-2526226950-711930911-257877175-1001\...\Search Protection) (Version: 11.1.0.1 - Spigot, Inc.) <==== ATTENTION
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Softonic Assistant (HKU\S-1-5-21-2526226950-711930911-257877175-1001\...\SoftonicAssistant) (Version: 0.1.6 - Softonic International S.A.) <==== ATTENTION
TinyTake by MangoApps (32 bit) (x32 Version: 2.5.41.0 - MangoApps) Hidden
TinyTake by MangoApps (HKLM-x32\...\{40fa0af7-81de-4247-a03c-7cf1a5b66d7e}) (Version: 2.5.41.0 - MangoApps)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
WSE_Binkiland (HKLM-x32\...\WSE_Binkiland) (Version:  - WSE_Binkiland) <==== ATTENTION!
WSE_Vosteran (HKLM-x32\...\WSE_Vosteran) (Version:  - WSE_Vosteran) <==== ATTENTION!

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

07-03-2015 03:05:58 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DC84B3E-B824-4D41-BB24-116E25C98A1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {63EEB8AB-79B9-4421-B3AF-48DCF775F59C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-16] (Microsoft Corporation)
Task: {6A225784-239F-4976-B757-27CC3542C796} - System32\Tasks\Wse_binkiland => C:\Users\will\AppData\Roaming\WSE_BI~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {B65AD1A9-9352-4164-96CF-40C208354E61} - System32\Tasks\WSE_Vosteran => C:\Users\will\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {C43BE6EB-456A-475D-BFB9-624D52FA4A31} - System32\Tasks\TinyTakeUpgrade => C:\Program Files (x86)\MangoApps\TinyTake by MangoApps\TinyTake.exe [2015-01-29] ()
Task: {D384120B-7C9C-4E10-8E69-A1A30E7E9B92} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2526226950-711930911-257877175-1001
Task: {EFDC1D12-856C-4ED0-8D5F-E9B711DA9FA2} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-25] (MyPC Backup) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Binkiland rite.job => Wscript.exe  C:\ProgramData\{7BA49367-2B26-42E1-9AA0-32634A22E1ED}\1.9.2.1\fiber.js <==== ATTENTION
Task: C:\Windows\Tasks\Wse_binkiland.job => C:\Users\will\AppData\Roaming\WSE_BI~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\will\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-02-27 09:16 - 2015-02-27 09:16 - 00901728 _____ () C:\Users\will\AppData\Roaming\Search Protection\SP.exe
2015-03-06 17:14 - 2014-11-25 19:29 - 00299008 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
2014-07-07 17:21 - 2014-07-07 17:21 - 00749168 _____ () C:\Windows\SYSTEM32\TrueColor5.2\CAL2.dll
2015-01-24 07:06 - 2015-01-24 07:06 - 00034816 _____ () C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
2012-03-13 10:43 - 2012-03-13 10:43 - 06103552 _____ () C:\Program Files (x86)\TechSmith\Camtasia Studio 8\QtGui4.dll
2012-03-13 10:36 - 2012-03-13 10:36 - 00295424 _____ () C:\Program Files (x86)\TechSmith\Camtasia Studio 8\QtXml4.dll
2012-03-13 10:35 - 2012-03-13 10:35 - 01718784 _____ () C:\Program Files (x86)\TechSmith\Camtasia Studio 8\QtCore4.dll
2015-02-10 13:31 - 2015-02-10 13:31 - 02826368 _____ () C:\Program Files (x86)\TechSmith\Camtasia Studio 8\ConsumerRestoration_Win32.dll
2015-02-10 13:31 - 2015-02-10 13:31 - 02259456 _____ () C:\Program Files (x86)\TechSmith\Camtasia Studio 8\SingleBandCompressor_Win32.dll
2014-07-07 17:21 - 2014-07-07 17:21 - 00410744 _____ () C:\Windows\SYSTEM32\TrueColor5.2\LcProxy2.ax
2014-07-22 23:29 - 2014-07-22 23:29 - 00113171 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 02396691 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00268307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00031251 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00066579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 02043411 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00100371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00244243 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00076307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00045587 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00060947 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00531475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00708627 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00114195 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00040467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00133139 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 01512467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00296979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 01248787 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00054291 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00189971 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00038419 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 11148307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00036371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00292371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00017939 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 01280019 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00018451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00336403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00344595 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00198675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00027155 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00015891 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 01393171 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00146451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00022035 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00733203 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00026131 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00171027 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 10447379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00746515 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00026643 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00587283 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00113683 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00053779 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00016915 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00032275 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00020499 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00068115 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2014-07-22 23:29 - 2014-07-22 23:29 - 01496083 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\will\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2526226950-711930911-257877175-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Surface\Surface.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administratör (S-1-5-21-2526226950-711930911-257877175-500 - Administrator - Disabled)
Gäst (S-1-5-21-2526226950-711930911-257877175-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2526226950-711930911-257877175-1003 - Limited - Enabled)
will (S-1-5-21-2526226950-711930911-257877175-1001 - Administrator - Enabled) => C:\Users\will

==================== Faulty Device Manager Devices =============

Name: Surface Pen
Description: Bluetooth LE Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Microsoft
Service: BthLEEnum
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2015 04:51:57 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (03/08/2015 03:04:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (03/08/2015 03:04:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (03/08/2015 03:22:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (03/08/2015 03:20:38 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (03/07/2015 03:06:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (03/06/2015 05:28:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (03/06/2015 05:28:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (03/06/2015 05:27:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (03/06/2015 05:27:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (03/08/2015 06:30:31 PM) (Source: DCOM) (EventID: 10016) (User: NT instans)
Description: programspecifikLokalAktivering{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT instansSYSTEMS-1-5-18LocalHost (med LRPC)Inte tillgängligInte tillgänglig

Error: (03/08/2015 00:18:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.

Error: (03/08/2015 00:18:05 PM) (Source: DCOM) (EventID: 10016) (User: NT instans)
Description: programspecifikLokalAktivering{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT instansSYSTEMS-1-5-18LocalHost (med LRPC)Inte tillgängligInte tillgänglig

Error: (03/08/2015 00:17:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (03/07/2015 03:06:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT instans)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Uppdatering för datorns inbyggda programvara - ‎15/‎01/‎2015.

Error: (03/07/2015 03:06:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT instans)
Description: Installation Failure: Windows failed to install the following update with error 0x80246013: Realtek - Other hardware, Removable Storage - Realtek USB 3.0 Card Reader.

Error: (03/06/2015 07:46:53 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/06/2015 06:16:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.

Error: (03/06/2015 06:15:25 PM) (Source: DCOM) (EventID: 10010) (User: WILL)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/06/2015 06:15:25 PM) (Source: DCOM) (EventID: 10010) (User: WILL)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (03/09/2015 04:51:57 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (03/08/2015 03:04:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\will\Desktop\esetsmartinstaller_enu(1).exe

Error: (03/08/2015 03:04:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\will\Desktop\esetsmartinstaller_enu(1).exe

Error: (03/08/2015 03:22:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (03/08/2015 03:20:38 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (03/07/2015 03:06:04 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (03/06/2015 05:28:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\will\Desktop\esetsmartinstaller_enu(1).exe

Error: (03/06/2015 05:28:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\will\Desktop\esetsmartinstaller_enu(1).exe

Error: (03/06/2015 05:27:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\will\Desktop\esetsmartinstaller_enu(1).exe

Error: (03/06/2015 05:27:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\will\Desktop\esetsmartinstaller_enu(1).exe


==================== Memory info ===========================

Processor: Intel® Core™ i3-4020Y CPU @ 1.50GHz
Percentage of memory in use: 80%
Total physical RAM: 4001.07 MB
Available physical RAM: 773.04 MB
Total Pagefile: 8002.14 MB
Available Pagefile: 3128.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:52.71 GB) (Free:6.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 59.6 GB) (Disk ID: 37488DB1)

Partition: GPT Partition Type.

==================== End Of Log ============================



#9 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 AM

Posted 09 March 2015 - 02:00 PM

Hi w i l l,

 

C:\Users\will\Desktop\Nik Software Color Efex Pro 4.00 REV 15202 Complete Edition (x86-x64) with CRACK

A Keygen is a program which is used to illegally bypass copy protection on games and commercial software by generating a random serial number, or "cd key", that matches the software it is intended to be used with.

A Cracking tool is used to copy commercial software illegally by breaking the various copy-protection and registration techniques being used.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

 

------------------------------------------------------------------------------------------------
uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
Programs to remove
PhraseFinder
MyPC Backup
Optimizer Pro
Search Protection
Softonic Assistant
WSE_Binkiland
WSE_Vosteran

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.

Please restart PC now.
----------------------------------------------------------------------------------------------------------------------------
Step 1:
FRST Script:
Please download this attached   txt.gif  fixlist.txt  11.97KB  0 downloads    and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 AM

Posted 09 March 2015 - 02:02 PM

Hi w i l l,

 

C:\Users\will\Desktop\Nik Software Color Efex Pro 4.00 REV 15202 Complete Edition (x86-x64) with CRACK

A Keygen is a program which is used to illegally bypass copy protection on games and commercial software by generating a random serial number, or "cd key", that matches the software it is intended to be used with.

A Cracking tool is used to copy commercial software illegally by breaking the various copy-protection and registration techniques being used.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

 

------------------------------------------------------------------------------------------------
uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
Programs to remove
PhraseFinder
MyPC Backup
Optimizer Pro
Search Protection
Softonic Assistant
WSE_Binkiland
WSE_Vosteran

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.

Please restart PC now.
----------------------------------------------------------------------------------------------------------------------------
Step 1:
FRST Script:
Please download this attachedtxt.gif  fixlist.txt   8.39KB 0 downloadsand save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Attached Files


Edited by olgun52, 09 March 2015 - 02:04 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 w i l l

w i l l
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 10 March 2015 - 01:14 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2015 03
Ran by will at 2015-03-10 17:42:19 Run:1
Running from C:\Users\will\Desktop
Loaded Profiles: will (Available profiles: will)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Users\will\AppData\Roaming\Search Protection\SP.exe
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files (x86)\PhraseFinder_1.10.0.9\Service\pfsvc.exe
HKU\S-1-5-21-2526226950-711930911-257877175-1001\...\Run: [SoftonicAssistant] => C:\Users\will\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe [1829832 2014-11-11] ()
HKU\S-1-5-21-2526226950-711930911-257877175-1001\...\Run: [Search Protection] => C:\Users\will\AppData\Roaming\Search Protection\SP.EXE [901728 2015-02-27] ()
HKU\S-1-5-21-2526226950-711930911-257877175-1001\...\MountPoints2: {3fd016fc-a4c9-11e4-8256-acfe3856b5a7} - "D:\DTVP_Launcher.exe"
Startup: C:\Users\will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Users\will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk
ShortcutTarget: OptimizerPro.lnk -> C:\ProgramData\{1db26340-3669-4cdd-1db2-263403668d00}\OptimizerPro.exe (No File)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_04_ff&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytB0A0C0FtAtC0CtB0C0A0AtN0D0Tzu0StCtCtCyEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyDzytByC0B0FtCtGzy0EtAtCtGtAtC0ByCtGtByD0D0EtGyCyDtD0FtA0FyDyBtBzyyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzztAtCyCyEyEyDtG0CzztAyBtGyE0EtB0DtGzy0DtByDtGtByDzy0EyCzyzzyBzy0F0E0C2Q&cr=743173015&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_04_ff&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytB0A0C0FtAtC0CtB0C0A0AtN0D0Tzu0StCtCtCyEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyDzytByC0B0FtCtGzy0EtAtCtGtAtC0ByCtGtByD0D0EtGyCyDtD0FtA0FyDyBtBzyyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzztAtCyCyEyEyDtG0CzztAyBtGyE0EtB0DtGzy0DtByDtGtByDzy0EyCzyzzyBzy0F0E0C2Q&cr=743173015&ir=
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\S-1-5-21-2526226950-711930911-257877175-1001 -> DefaultScope {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://se.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2526226950-711930911-257877175-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_15_04_ff&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytB0A0C0FtAtC0CtB0C0A0AtN0D0Tzu0StCtCtCyEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyDzytByC0B0FtCtGzy0EtAtCtGtAtC0ByCtGtByD0D0EtGyCyDtD0FtA0FyDyBtBzyyBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzztAtCyCyEyEyDtG0CzztAyBtGyE0EtB0DtGzy0DtByDtGtByDzy0EyCzyzzyBzy0F0E0C2Q&cr=743173015&ir=
SearchScopes: HKU\S-1-5-21-2526226950-711930911-257877175-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://se.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2526226950-711930911-257877175-1001 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=txVzx10nY04vTyGqlbygtoAQ5PM?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2526226950-711930911-257877175-1001 -> {875B6871-55C9-4771-8980-E5093906EB39} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_10&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytB0A0C0FtAtC0CtB0C0A0AtN0D0Tzu0StCtCyCtDtN1L2XzutAtFzztFyEtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0AtD0EtAtB0EtCtGzz0FtC0DtGyDtD0AtAtGtDtCyByEtGyD0D0DtCtC0C0DyCzyyDyCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzztAtCyCyEyEyDtG0CzztAyBtGyE0EtB0DtGzy0DtByDtGtByDzy0EyCzyzzyBzy0F0E0C2QtN1B2Z1V1T1S1NzuyDyBtA&cr=2031753554&ir=
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://se.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF user.js: detected! => C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\t9tfrcuu.default\user.js [2015-01-19]
FF SearchPlugin: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\t9tfrcuu.default\searchplugins\Vosteran.xml [2015-01-19]
FF SearchPlugin: C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\t9tfrcuu.default\searchplugins\yahoo_ff.xml [2015-03-06]
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION
S2 61701e76; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.51\OptProMon.dll",ENT
R1 pfnfd_1_10_0_9; C:\Windows\System32\drivers\pfnfd_1_10_0_9.sys [58232 2015-02-06] (Phrase Finder)
2015-03-06 18:15 - 2015-03-06 18:15 - 00000408 _____ () C:\Users\will\AppData\Roaming\CamShapes.ini
2015-03-06 18:15 - 2015-03-06 18:15 - 00000408 _____ () C:\Users\will\AppData\Roaming\CamLayout.ini
2015-03-06 18:15 - 2015-03-06 18:15 - 00000046 _____ () C:\Users\will\AppData\Roaming\Camdata.ini
2015-03-06 17:27 - 2015-03-06 17:27 - 02347384 _____ (ESET) C:\Users\will\Desktop\esetsmartinstaller_enu(1).exe
2015-03-06 17:14 - 2015-03-06 17:14 - 00001088 _____ () C:\Users\will\Desktop\MyPC Backup.lnk
2015-03-06 17:14 - 2015-03-06 17:14 - 00000000 ____D () C:\Users\will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2015-03-06 17:13 - 2015-03-06 17:41 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-03-06 17:12 - 2015-03-06 17:17 - 00000000 ____D () C:\ProgramData\Norton
2015-03-06 17:12 - 2015-03-06 17:12 - 00001118 _____ () C:\Users\will\Desktop\Optimizer Pro.lnk
2015-03-06 17:12 - 2015-03-06 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-03-06 17:10 - 2015-03-09 15:10 - 00000298 _____ () C:\Windows\Tasks\Wse_binkiland.job
2015-03-06 17:10 - 2015-03-06 17:41 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.51
2015-03-06 17:10 - 2015-03-06 17:10 - 00002636 _____ () C:\Windows\System32\Tasks\Wse_binkiland
2015-03-06 17:10 - 2015-03-06 17:10 - 00000772 _____ () C:\Windows\Tasks\Binkiland rite.job
2015-03-06 17:10 - 2015-03-06 17:10 - 00000000 ____D () C:\Users\will\AppData\Roaming\Wse_binkiland
2015-03-06 17:10 - 2015-03-06 17:10 - 00000000 ____D () C:\Program Files (x86)\WSE_Binkiland
2015-03-06 17:10 - 2015-03-06 17:10 - 00000000 ____D () C:\Program Files (x86)\PhraseFinder_1.10.0.9
2015-03-06 17:10 - 2015-03-06 17:08 - 06177656 _____ (http://freerecorders.com ) C:\Users\will\Downloads\screenrecorder_setup [1].exe
2015-03-06 16:41 - 2015-03-06 16:41 - 00000146 _____ () C:\Users\will\Desktop\Device Manager - Shortcut (2).lnk
2015-03-04 19:39 - 2015-03-04 19:39 - 00012288 ___SH () C:\Users\will\Downloads\Thumbs.db
2015-02-11 20:41 - 2015-02-11 20:41 - 00000000 ____D () C:\Users\will\AppData\Roaming\OpenCandy
2015-03-09 15:05 - 2015-01-19 20:05 - 00000298 _____ () C:\Windows\Tasks\WSE_Vosteran.job
2015-03-08 12:47 - 2015-01-19 14:50 - 03716096 ___SH () C:\Users\will\Desktop\Thumbs.db
2015-03-06 19:01 - 2015-02-01 10:25 - 00000000 ____D () C:\Users\will\AppData\Roaming\vlc
2014-08-14 16:57 - 2014-08-14 16:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\will\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\will\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
C:\Users\will\AppData\Local\Temp\vcredist_x64.exe
Task: {6A225784-239F-4976-B757-27CC3542C796} - System32\Tasks\Wse_binkiland => C:\Users\will\AppData\Roaming\WSE_BI~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {B65AD1A9-9352-4164-96CF-40C208354E61} - System32\Tasks\WSE_Vosteran => C:\Users\will\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {EFDC1D12-856C-4ED0-8D5F-E9B711DA9FA2} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-25] (MyPC Backup) <==== ATTENTION
Task: C:\Windows\Tasks\Binkiland rite.job => Wscript.exe  C:\ProgramData\{7BA49367-2B26-42E1-9AA0-32634A22E1ED}\1.9.2.1\fiber.js <==== ATTENTION
Task: C:\Windows\Tasks\Wse_binkiland.job => C:\Users\will\AppData\Roaming\WSE_BI~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\will\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
2015-02-27 09:16 - 2015-02-27 09:16 - 00901728 _____ () C:\Users\will\AppData\Roaming\Search Protection\SP.exe
2015-03-06 17:14 - 2014-11-25 19:29 - 00299008 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
AlternateDataStreams: C:\Users\will\OneDrive:ms-properties
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Users\will\AppData\Roaming\Search Protection\SP.exe" => File/Directory not found.
C:\Program Files (x86)\MyPC Backup\BackupStack.exe => Moved successfully.
"C:\Program Files (x86)\PhraseFinder_1.10.0.9\Service\pfsvc.exe" => File/Directory not found.
HKU\S-1-5-21-2526226950-711930911-257877175-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SoftonicAssistant => Value not found.
HKU\S-1-5-21-2526226950-711930911-257877175-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection => Value not found.
"HKU\S-1-5-21-2526226950-711930911-257877175-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fd016fc-a4c9-11e4-8256-acfe3856b5a7}" => Key deleted successfully.
HKCR\CLSID\{3fd016fc-a4c9-11e4-8256-acfe3856b5a7} => Key not found.
C:\Users\will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found.
C:\Users\will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk => Moved successfully.
C:\ProgramData\{1db26340-3669-4cdd-1db2-263403668d00}\OptimizerPro.exe not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => Key deleted successfully.
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => Key not found.
HKU\S-1-5-21-2526226950-711930911-257877175-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2526226950-711930911-257877175-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-2526226950-711930911-257877175-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => Key deleted successfully.
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => Key not found.
"HKU\S-1-5-21-2526226950-711930911-257877175-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}" => Key deleted successfully.
HKCR\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => Key not found.
"HKU\S-1-5-21-2526226950-711930911-257877175-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{875B6871-55C9-4771-8980-E5093906EB39}" => Key deleted successfully.
HKCR\CLSID\{875B6871-55C9-4771-8980-E5093906EB39} => Key not found.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\t9tfrcuu.default\user.js => Moved successfully.
C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\t9tfrcuu.default\searchplugins\Vosteran.xml => Moved successfully.
C:\Users\will\AppData\Roaming\Mozilla\Firefox\Profiles\t9tfrcuu.default\searchplugins\yahoo_ff.xml => Moved successfully.
BackupStack => Service deleted successfully.
61701e76 => Service deleted successfully.
pfnfd_1_10_0_9 => Service deleted successfully.
C:\Users\will\AppData\Roaming\CamShapes.ini => Moved successfully.
C:\Users\will\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\will\AppData\Roaming\Camdata.ini => Moved successfully.
C:\Users\will\Desktop\esetsmartinstaller_enu(1).exe => Moved successfully.
C:\Users\will\Desktop\MyPC Backup.lnk => Moved successfully.
C:\Users\will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup => Moved successfully.
C:\Program Files (x86)\MyPC Backup => Moved successfully.
C:\ProgramData\Norton => Moved successfully.
"C:\Users\will\Desktop\Optimizer Pro.lnk" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2" => File/Directory not found.
C:\Windows\Tasks\Wse_binkiland.job => Moved successfully.
"C:\Program Files (x86)\Optimizer Pro 3.51" => File/Directory not found.
C:\Windows\System32\Tasks\Wse_binkiland => Moved successfully.
"C:\Windows\Tasks\Binkiland rite.job" => File/Directory not found.
C:\Users\will\AppData\Roaming\Wse_binkiland => Moved successfully.
"C:\Program Files (x86)\WSE_Binkiland" => File/Directory not found.
"C:\Program Files (x86)\PhraseFinder_1.10.0.9" => File/Directory not found.
C:\Users\will\Downloads\screenrecorder_setup [1].exe => Moved successfully.
C:\Users\will\Desktop\Device Manager - Shortcut (2).lnk => Moved successfully.
C:\Users\will\Downloads\Thumbs.db => Moved successfully.
C:\Users\will\AppData\Roaming\OpenCandy => Moved successfully.
C:\Windows\Tasks\WSE_Vosteran.job => Moved successfully.
C:\Users\will\Desktop\Thumbs.db => Moved successfully.
C:\Users\will\AppData\Roaming\vlc => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\Users\will\AppData\Local\Temp\SearchProtectionSetup.exe => Moved successfully.
C:\Users\will\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe => Moved successfully.
C:\Users\will\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A225784-239F-4976-B757-27CC3542C796}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A225784-239F-4976-B757-27CC3542C796}" => Key deleted successfully.
C:\Windows\System32\Tasks\Wse_binkiland not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wse_binkiland" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B65AD1A9-9352-4164-96CF-40C208354E61}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B65AD1A9-9352-4164-96CF-40C208354E61}" => Key deleted successfully.
C:\Windows\System32\Tasks\WSE_Vosteran => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFDC1D12-856C-4ED0-8D5F-E9B711DA9FA2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFDC1D12-856C-4ED0-8D5F-E9B711DA9FA2}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
C:\Windows\Tasks\Binkiland rite.job not found.
C:\Windows\Tasks\Wse_binkiland.job not found.
C:\Windows\Tasks\WSE_Vosteran.job not found.
"C:\Users\will\AppData\Roaming\Search Protection\SP.exe" => File/Directory not found.
"C:\Program Files (x86)\MyPC Backup\AlphaFS.dll" => File/Directory not found.
C:\Users\will\OneDrive => ":ms-properties" ADS removed successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========

EmptyTemp: => Removed 955.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:42:43 ====



#12 w i l l

w i l l
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 10 March 2015 - 01:17 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 8.1 Pro x64
Ran by will on Tue 03/10/2015 at 17:59:57.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\will\AppData\Roaming\wse_vosteran"



~~~ FireFox

Successfully deleted the following from C:\Users\will\AppData\Roaming\mozilla\firefox\profiles\t9tfrcuu.default\prefs.js

user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Vosteran,Wikipedia (en),Yahoo!");
user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://vosteran.com/?f=1&a=vst_wnzp01_15_04_ff&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytB0A0C0FtAtC0CtB0C0A0AtN0D0Tzu0StCtCtCyEtN1L2XzutAtFyBtF
user_pref("extensions.srchvstrn.newTabUrl", "hxxp://vosteran.com/?f=2&a=vst_wnzp01_15_04_ff&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytB0A0C0FtAtC0CtB0C0A0AtN0D0Tzu0StCtCtCyEtN1L2XzutAtFyB
user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://vosteran.com/?f=3&a=vst_wnzp01_15_04_ff&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytB0A0C0FtAtC0CtB0C0A0AtN0D0Tzu0StCtCtCyEtN1L2XzutAtF



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/10/2015 at 18:01:53.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/10/2015
Scan Time: 6:05:04 PM
Logfile: mal.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.10.05
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: will

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332079
Time Elapsed: 6 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, Quarantined, [8b52a99a2169c76f1497fcb69c67fe02],
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, Quarantined, [d10c42016b1f48ee01aa30825da6926e],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{61701e76}, Quarantined, [18c599aa64262e08556815bdc0432ed2],
PUP.Optional.Binkiland.A, HKU\S-1-5-21-2526226950-711930911-257877175-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Binkiland Browser, Quarantined, [d50871d2e0aaae88df6a3ff9d3325ca4],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2526226950-711930911-257877175-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [5d804df6aae096a08de3728428db8d73],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2526226950-711930911-257877175-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [8c51f84b6e1cd85ece7f0efe7c897789],

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2526226950-711930911-257877175-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X1L1C1C1J2Z, Quarantined, [8c51f84b6e1cd85ece7f0efe7c897789]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/10/2015
Scan Time: 6:05:04 PM
Logfile: mal.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.10.05
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: will

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332079
Time Elapsed: 6 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, Quarantined, [8b52a99a2169c76f1497fcb69c67fe02],
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, Quarantined, [d10c42016b1f48ee01aa30825da6926e],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{61701e76}, Quarantined, [18c599aa64262e08556815bdc0432ed2],
PUP.Optional.Binkiland.A, HKU\S-1-5-21-2526226950-711930911-257877175-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Binkiland Browser, Quarantined, [d50871d2e0aaae88df6a3ff9d3325ca4],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2526226950-711930911-257877175-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [5d804df6aae096a08de3728428db8d73],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2526226950-711930911-257877175-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [8c51f84b6e1cd85ece7f0efe7c897789],

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2526226950-711930911-257877175-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X1L1C1C1J2Z, Quarantined, [8c51f84b6e1cd85ece7f0efe7c897789]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#13 w i l l

w i l l
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 10 March 2015 - 01:19 PM

# AdwCleaner v4.112 - Logfile created 10/03/2015 at 17:53:38
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : will - WILL
# Running from : C:\Users\will\Desktop\adwcleaner_4.112.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\will\Desktop\Sync Folder.lnk
Folder Found : C:\Users\will\AppData\Roaming\WSE_Vosteran

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Binkiland Browser
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vosteran.com
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Binkiland Browser
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.1 (x86 en-US)

[t9tfrcuu.default] - Line Found : user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Vosteran,Wikipedia (en),Yahoo!");
[t9tfrcuu.default] - Line Found : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://vosteran.com/?f=1&a=vst_wnzp01_15_04_ff&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytB0A0C0FtAtC0CtB0C0A0AtN0D0Tzu0StCtCtCyEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDy[...]
[t9tfrcuu.default] - Line Found : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://vosteran.com/?f=2&a=vst_wnzp01_15_04_ff&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytB0A0C0FtAtC0CtB0C0A0AtN0D0Tzu0StCtCtCyEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzyt[...]
[t9tfrcuu.default] - Line Found : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[t9tfrcuu.default] - Line Found : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[t9tfrcuu.default] - Line Found : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://vosteran.com/?f=3&a=vst_wnzp01_15_04_ff&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytB0A0C0FtAtC0CtB0C0A0AtN0D0Tzu0StCtCtCyEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBz[...]
*************************

AdwCleaner[R0].txt - [2634 bytes] - [10/03/2015 17:53:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2693 bytes] ##########
 



#14 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 AM

Posted 10 March 2015 - 03:48 PM

Good day,

 

Lots of adware found....lets clear it out.....

  • Please re-run AdwCleaner
  • Click on Delete button.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

----------------------------------------------------------------------------------------------------------------------------

Please be sure to run our tools with administrator rights.

 

ComboFix run:

 

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 w i l l

w i l l
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 13 March 2015 - 12:39 AM

Thanks for the help. The redirecting has stopped. I don't want to do anymore as previously combofix caused a problem.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users