Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Binkiland, aka the devil in disguise


  • Please log in to reply
7 replies to this topic

#1 rhysenn

rhysenn

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 20 March 2015 - 05:19 PM

This hijacker somehow snuck it's way onto my System last night- Changed my Chrome homepage from Google to it's own, and I spent at least half an hour changing my settings in order to get rid of it. To be safe, I've also run Adwcleaner and the Junkware Removal tool provided by this site (You guys are wonderful, btw), and both found and removed a few things.

My system seems to be running a lot better now, and Binkiland hasn't reared it's ugly head again yet, but I'm still paranoid that it may have left something behind on my laptop. I was wondering if you could help me confirm that everything is clean and running as it should be?

System Specs:
Processor: Intel Pentium CPU N3530 @ 2.16GHz
RAM: 8.00 GB
Windows 8.1, 64-bit Operating System

Thanks so much in advance!

Oh, and just to clarify, I'm also using the Free version of Avast as my Anti Virus program, and I recently installed Malware Bytes for extra protection.


Edited by rhysenn, 20 March 2015 - 05:21 PM.


BC AdBot (Login to Remove)

 


m

#2 technonymous

technonymous

  • Members
  • 2,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 20 March 2015 - 06:45 PM

There is a difference between free version and full version. Free versions do not include real-time, heuristic, e-mail, web link protection. Those are the most important of all. You can't rely on these free programs to defend against anything. They only attempt to remove after the fact. In many cases there is irreversible damage. Link below shows differences in FREE and FULL.

 

https://www.malwarebytes.org



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:56 AM

Posted 20 March 2015 - 07:39 PM

The reply from technonymous was not much of a help to you, please try this ......
Download all programs to desktop and Copy and Paste logs back here

Download Screen317 Security Check from Here or Here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please Copy/Paste the contents of that document.

Note 1:: If any security program requests permission to access the Internet, allow it to
Note 2. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message, (or similar) restart computer and Security Check should run

Please download RKill by Grinler to your desktop

  • If you have an old version, please delete it first
  • Right click on the new Red icon and select Run as Administrator
  • A black DOS box will appear for a short time and then disappear.
  • This is normal and indicates the tool ran successfully.
  • At most the tool will usually run for about 2 minutes
  • Please Copy and Paste the small log back here.

Do not reboot your computer until you complete the next step.

Now :

  • Download AdwCleaner by Xplode from Here or Here and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
     * Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button (only once)
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button only once for accuracy.
  • A report (AdwCleaner[R0].txt) will open in Notepad for your review.
  • Check the listed removals and see if you are OK with them.
  • If you have questions, post the Report log back here.
  • Next
  • Click on the Clean button only once for accuracy
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK finally to allow AdwCleaner to Restart the computer and complete the removal process.
  • After rebooting, a log report (AdwCleaner[S0].txt) will open automatically.
  • **Copy and Paste the contents of that log in your next reply.**
  • To restore an item that has been deleted by accident : Open the program again,
  • Go to Tools (top left) > Quarantine Manager > check what you want restored > now click on Restore.

Note: With most Adware / Junkware / PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features or Add/Remove Programs in the Control Panel. In many cases, using the uninstaller of the adware not only removes the adware more effectively, but it also restores any changed configuration. After uninstallation, then you can run specialized tools like AdwCleaner and JRT to fix any remaining entries they may find.
 

 

 

Malwarebytes Anti-Malware - If you already have a current version installed, Please update it
Please download Malwarebytes Anti-Malware from this link

  • Follow the simple directions to install the program to desktop
  • Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
  • Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
  • If you find malware and tick it to remove it, you may be asked to re-boot the computer to finish cleaning.
  • Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

 

Run ESET Online Scanner.

  • For Internet Explorer users only, hold down Control  (Ctrl) and click on This Link to open ESET OnlineScan in a new window.
  • Click the ESET Online button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu. to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser. ( Temporarily Disable your Antivirus )
  • Under scan settings, check "Scan Archives and Remove Threats"
  • Click Advanced settings and select the following:
    Scan potentially unwanted applications
     Scan for potentially unsafe applications
     Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • Please be patient as this will take some time (2 hours is not unusual for a first scan).
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.

 

 

Once you are finished Empty your temp folders using TFC (Temporary File Cleaner)

  • Please download TFC by Old Timer and save it to your desktop.
  • Alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • If TFC prompts you to reboot, do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally to ensure a complete clean.

No log is produced or expected.

 

Please report on the problems with your computer with the logs.

 

Thank You -



#4 rhysenn

rhysenn
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 21 March 2015 - 11:44 PM

Thank you , noknojon, I appreciate you taking  time out of your day to help me! (: 
Logs are as followed:

Security Check:

 

Results of screen317's Security Check version 0.99.99  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader XI  
 Google Chrome (41.0.2272.101) 
 Google Chrome (41.0.2272.89) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

Rkill

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/22/2015 12:40:16 AM in x64 mode.
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 03/22/2015 12:41:36 AM
Execution time: 0 hours(s), 1 minute(s), and 20 seconds(s)

Malwarebytes and Adware both came up clean, and I'm running ESET as we speak! I will post the log as soon as it finishes scanning.


#5 rhysenn

rhysenn
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 22 March 2015 - 12:41 AM

ESET Log:
 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\BetweenLinesbho.dll.vir a variant of Win32/BrowseFox.AE potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\BetweenLinesUninstall.exe.vir Win32/BrowseFox.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\updateBetweenLines.exe.vir a variant of MSIL/BrowseFox.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\bin\38c95e98da814038a23a.dll.vir a variant of Win32/BrowseFox.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\bin\38c95e98da814038a23a50d0e098cff8.dll.vir a variant of Win32/BrowseFox.M potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\bin\38c95e98da814038a23a50d0e098cff864.dll.vir a variant of Win64/BrowseFox.CK potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\bin\38c95e98da814038a23a64.dll.vir a variant of Win64/BrowseFox.CI potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\bin\BetweenLines.BrowserAdapter.exe.vir a variant of Win32/BrowseFox.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\bin\BetweenLines.BrowserAdapter64.exe.vir Win64/BrowseFox.CO potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\bin\BetweenLines.expext.exe.vir a variant of Win32/BrowseFox.AA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\bin\BetweenLines.expextdll.dll.vir a variant of Win64/BrowseFox.CJ potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\bin\BetweenLines.PurBrowse64.exe.vir a variant of Win64/BrowseFox.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\bin\utilBetweenLines.exe.vir a variant of MSIL/BrowseFox.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\bin\plugins\BetweenLines.BrowserAdapter.dll.vir a variant of MSIL/BrowseFox.L potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\bin\plugins\BetweenLines.CompatibilityChecker.dll.vir a variant of MSIL/BrowseFox.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\bin\plugins\BetweenLines.ExpExt.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\bin\plugins\BetweenLines.FFUpdate.dll.vir a variant of MSIL/BrowseFox.L potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\bin\plugins\BetweenLines.GCUpdate.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Between Lines\bin\plugins\BetweenLines.PurBrowseG.dll.vir a variant of MSIL/BrowseFox.H potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined


#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:56 AM

Posted 22 March 2015 - 03:50 AM

Hi -

It seems that you ran AdwCleaner earlier or you missed the main results.

All of the items listed as "C:\AdwCleaner\Quarantine\C\Program Files" are usually quarantined items from earlier scans, as the program will not remove, only quarantine items.

Plus the AdwCleaner scan would leave a number to show how many times it was used.

 

 

Reset Internet Explorer settings
You can reset Internet Explorer settings to return them to the state they were in when Internet Explorer was first installed on your PC.
This can be useful for troubleshooting problems that might be caused by settings changed after installation. Resetting Internet Explorer isn't reversible, and all previous settings are lost after reset.
To reset Internet Explorer settings
    Close all Internet Explorer windows that are currently open.
    Open the desktop, and then tap or click the Internet Explorer icon on the taskbar. Changing your settings will affect both Internet Explorer and Internet Explorer for the desktop.
    Tap or click the Tools button Tools, and then tap or click Internet options.
    Tap or Click the Advanced tab, and then tap or click Reset.
    In the Reset Internet Explorer Settings dialog box, tap or click Reset.
    When Internet Explorer finishes applying default settings, tap or click Close, and then tap or click OK. You'll need to restart your PC for these changes to take effect.
 
 

Reset Chrome Browser Taken from Chrome forum directions.
1) Reset your browser settings which will revert settings including your default search engine and homepage to the original state. (Note: passwords and bookmarks will not be reset.)
2) Check to see if there is a program on your computer or an extension that’s making unwanted changes. Find your extensions by going to Chrome Menu > Settings > Extensions and disable any extensions you don’t recognize.
3) Also, check your program files for any suspicious programs you don’t remember installing. You can also run anti-virus software to find malicious files and programs for removal.
    1. Click the Chrome menu Chrome menu on the browser toolbar
    2. Select Settings.
    3. Click Show advanced settings and find the "Reset browser settings” section.
    4. Click Reset browser settings.
 

 

Please download MiniToolBox  to desktop to run it and Checkmark the following boxes:

  • List content of Hosts
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy / Paste the result. (result.txt)

 

 

Also include if there has been any changes to the computer yet.

Thank You



#7 rhysenn

rhysenn
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 22 March 2015 - 08:51 PM

Hi again-
Yes, I did run Adwcleaner once before, when I first realized that my browser had been hijacked. I believe I mentioned that in my first post, but if I didn't, than my apologies.

Also, I was a little surprised by some of the ESET infections. WINZIPSSRegClean.exe, Registryoptimiser, etc. I've never used a registry cleaning program before in my life. I'm going to assume that this crapware was installed along with Binkiland... I had a feeling that something was still lurking on my System. MiniToolBox log is as follows:
 

MiniToolBox by Farbar  Version: 09-03-2015
Ran by Rhysenn (administrator) on 22-03-2015 at 21:45:22
Running from "C:\Users\Rhysenn\Downloads"
Microsoft Windows 8.1  (X64)
Model: Satellite C50t-B Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/22/2015 01:42:24 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (03/22/2015 00:47:26 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (03/22/2015 00:46:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (03/22/2015 00:46:54 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (03/22/2015 00:46:48 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (03/22/2015 00:46:48 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (03/21/2015 06:59:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.32.0, time stamp: 0x54ff42f1
Faulting module name: mbamservice.exe, version: 3.0.32.0, time stamp: 0x54ff42f1
Exception code: 0xc0000005
Fault offset: 0x0006ea97
Faulting process id: 0x1588
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
 
 
System errors:
=============
Error: (03/22/2015 08:11:54 PM) (Source: DCOM) (User: RHYSENN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (03/22/2015 08:11:54 PM) (Source: DCOM) (User: RHYSENN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (03/22/2015 08:11:54 PM) (Source: DCOM) (User: RHYSENN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (03/22/2015 08:11:54 PM) (Source: DCOM) (User: RHYSENN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (03/22/2015 08:11:51 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/22/2015 01:56:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/22/2015 01:42:54 AM) (Source: DCOM) (User: RHYSENN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (03/22/2015 01:42:53 AM) (Source: DCOM) (User: RHYSENN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (03/22/2015 01:42:48 AM) (Source: DCOM) (User: RHYSENN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (03/22/2015 01:42:48 AM) (Source: DCOM) (User: RHYSENN)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
 
Microsoft Office Sessions:
=========================
Error: (03/22/2015 01:42:24 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\$RECYCLE.BIN\S-1-5-21-1914131970-121516607-845701584-1001\$R7WU5QW.exe
 
Error: (03/22/2015 00:47:26 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Rhysenn\Downloads\esetsmartinstaller_enu.exe
 
Error: (03/22/2015 00:46:57 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Rhysenn\Downloads\esetsmartinstaller_enu.exe
 
Error: (03/22/2015 00:46:54 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Rhysenn\Downloads\esetsmartinstaller_enu.exe
 
Error: (03/22/2015 00:46:48 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Rhysenn\Downloads\esetsmartinstaller_enu.exe
 
Error: (03/22/2015 00:46:48 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Rhysenn\Downloads\esetsmartinstaller_enu.exe
 
Error: (03/21/2015 06:59:24 PM) (Source: Application Error)(User: )
Description: mbamservice.exe3.0.32.054ff42f1mbamservice.exe3.0.32.054ff42f1c00000050006ea97158801d06358ba211590C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeea8474a6-d01d-11e4-826e-18cf5ed3eada
 
 
 
=========================== Installed Programs ============================
Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazing World (HKLM-x32\...\Steam App 293500) (Version:  - Ganz)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2214 - AVAST Software)
Cubic Castles (HKLM-x32\...\Steam App 317470) (Version:  - Cosmic Cow LLC)
Divine Souls (HKLM-x32\...\Steam App 300040) (Version:  - GamePrix)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel® Trusted Execution Engine (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel® Trusted Execution Engine Driver (Version: 1.0.0.1064 - Intel Corporation) Hidden
Last Dream (HKLM-x32\...\Steam App 266230) (Version:  - White Giant RPG Studios)
Lucius (HKLM-x32\...\Steam App 218640) (Version:  - Shiver Games)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.316 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
Torchlight (HKLM-x32\...\Steam App 41500) (Version:  - Runic Games)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.02.6402 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.51.81.2C - TOSHIBA CORPORATION) Hidden
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
TOSHIBA Password Utility (x32 Version: 2.0.0.15C - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 3.01.02.6400 - Toshiba Corporation)
Toshiba Quality Application (HKLM-x32\...\InstallShield_{716C8275-A4A9-48CB-88C0-9829334CA3C5}) (Version: 1.0.9.4B1 - TOSHIBA)
Toshiba Quality Application (x32 Version: 1.0.9.4B1 - TOSHIBA) Hidden
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Utility Common Driver (x32 Version: 1.0.53.3 - Compal) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
 
========================= Memory info: ===================================
 
Percentage of memory in use: 24%
Total physical RAM: 8078.79 MB
Available physical RAM: 6072.86 MB
Total Pagefile: 9358.79 MB
Available Pagefile: 6897.42 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.2 MB
 
========================= Partitions: =====================================
 
1 Drive c: (TI31286600A) (Fixed) (Total:687.51 GB) (Free:630.37 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\RHYSENN
 
Administrator            Rhysenn                  Guest                    
 
 
**** End of log ****


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:56 AM

Posted 23 March 2015 - 05:33 AM

Also, I was a little surprised by some of the ESET infections. WINZIPSSRegClean.exe, Registryoptimiser, etc. I've never used a registry cleaning program before in my life. I'm going to assume that this crapware was installed along with Binkiland..

Yes , I will agree that they are often related ...and have been downloaded with other programs.

 

Note : This, or similar items often shows in many of your Errors ...................

Error: (03/21/2015 06:59:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.32.0, time stamp: 0x54ff42f1
Faulting module name: mbamservice.exe, version: 3.0.32.0, time stamp: 0x54ff42f1

You still do have a problem and the "infection"/ download of Binkiland is most likely the cause.

First : Please "uninstall" Malwarebytes Anti-Malware according to the specific directions on This Page
 

Now : Please download a fresh version of Malwarebytes Anti-Malware

  • Follow the simple directions to install the program to desktop
  • Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
  • Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
  • If you find malware and tick it to remove it, you may be asked to re-boot the computer to finish cleaning.
  • Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users