Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Popups Adware Virus [Solved]


  • This topic is locked This topic is locked

#1
sblank56

sblank56

    Member

  • Member
  • PipPip
  • 28 posts
Right after I click to open internet I receive a popup that says
The page at http://pcfixing3.infosays:
Possible Privacy Breach and Computer Errorarrow-10x10.png Detected Due to Suspicious Activity Found on Your Computer.
Contact A Certified Live Technician Now:
1-855=448-0701 (Toll Free)
I also receive a popup that says Sytem Error:  The current flash version is not compatible with the browser, please updatearrow-10x10.png to fix this problem.
I think I started having these problems while playing a game got an alert that the flashplayer needed updatedarrow-10x10.png.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Sharon (administrator) on SHARON on 02-04-2015 20:36:10
Running from C:\Users\Sharon\Desktop
Loaded Profiles: Sharon (Available profiles: Sharon & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AECLSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
() C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [Dell Audio] => c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [ospd_us_666] => [X]
HKLM-x32\...\RunOnce: [Binkiland] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Sharon\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\RunOnce: [Binkiland] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Sharon\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
AppInit_DLLs-x32: c:/progra~3/{753d9~1/171~1.0/more.dll => "c:\progra~3\{753d9~1\171~1.0\more.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
ProxyServer: [HKLM] => http=127.0.0.1:49299;https=127.0.0.1:49299
ProxyServer: [HKLM-x32] => http=127.0.0.1:49299;https=127.0.0.1:49299
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.bing.com/...=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://Taplika.com/r...r=253408140&ir=
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {1F0EB737-2072-4440-8A18-74BD5E83ED10} URL =
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: LuckYShuopper -> {5b4ceb83-f3ce-4076-b103-c8d9383f6007} -> C:\Program Files (x86)\LuckYShuopper\5DjjsHuqHRI7KX.x64.dll [2015-03-05] ()
BHO: Saverr  boX -> {9fccff62-a2e3-40e6-914b-887fe6b55125} -> C:\Program Files (x86)\Saverr  boX\m2PqAY7dRE2qoc.x64.dll [2015-03-14] ()
BHO: siaofferweb -> {f6bd424c-79cd-4257-90b1-6dd205773692} -> C:\Program Files (x86)\siaofferweb\QhNBhVNwnUwABK.x64.dll [2015-03-14] ()
BHO-x32: LuckYShuopper -> {5b4ceb83-f3ce-4076-b103-c8d9383f6007} -> C:\Program Files (x86)\LuckYShuopper\5DjjsHuqHRI7KX.dll [2015-03-05] ()
BHO-x32: Saverr  boX -> {9fccff62-a2e3-40e6-914b-887fe6b55125} -> C:\Program Files (x86)\Saverr  boX\m2PqAY7dRE2qoc.dll [2015-03-14] ()
BHO-x32: siaofferweb -> {f6bd424c-79cd-4257-90b1-6dd205773692} -> C:\Program Files (x86)\siaofferweb\QhNBhVNwnUwABK.dll [2015-03-14] ()
Toolbar: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} -  No File
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Binkiland
FF Homepage: www.msn.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4172938740-681052224-3228742750-1001: @nsroblox.roblox.com/launcher -> C:\Users\Sharon\AppData\Local\Roblox\Versions\version-f9d6d23b9b1b466e\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4172938740-681052224-3228742750-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Sharon\AppData\Local\Roblox\Versions\version-f9d6d23b9b1b466e\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF user.js: detected! => C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\user.js [2015-02-06]
FF SearchPlugin: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\searchplugins\Binkiland.xml [2015-02-22]
FF Extension: CoupScannnero - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\Extensions\[email protected] [2015-03-14]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2013-08-29] (Andrea Electronics Corporation)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c1522223; c:\Program Files (x86)\UpgradeSystem\UpgradeSystem.dll [1589760 2015-02-02] () [File not signed]
S2 CirrusAudioService; c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6824520 2012-07-10] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2013-08-29] (Cirrus Logic)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R1 {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64; C:\Windows\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys [48792 2015-01-13] (StdLib)
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
S1 ssnfd_1_10_0_5; system32\drivers\ssnfd_1_10_0_5.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-02 20:36 - 2015-04-02 20:37 - 00014406 _____ () C:\Users\Sharon\Desktop\FRST.txt
2015-04-02 20:35 - 2015-04-02 20:36 - 00000000 ____D () C:\FRST
2015-04-02 20:34 - 2015-04-02 20:34 - 02095616 _____ (Farbar) C:\Users\Sharon\Desktop\FRST64.exe
2015-03-31 19:15 - 2015-03-31 19:15 - 00001173 _____ () C:\Users\Sharon\Desktop\Continue CCleaner Installation.lnk
2015-03-31 19:14 - 2015-03-31 19:14 - 00794264 _____ (Dnldstr_Aggregator) C:\Users\Sharon\Downloads\CCleaner_Setup.exe
2015-03-27 09:56 - 2015-03-27 09:57 - 00153706 _____ () C:\Users\Sharon\Downloads\AdobeFlashPlayer(2).exe
2015-03-27 09:54 - 2015-03-27 09:55 - 00153706 _____ () C:\Users\Sharon\Downloads\AdobeFlashPlayer(1).exe
2015-03-27 09:53 - 2015-03-27 09:54 - 00153706 _____ () C:\Users\Sharon\Downloads\AdobeFlashPlayer.exe
2015-03-22 14:17 - 2015-03-22 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-17 19:39 - 2015-03-17 19:39 - 00537824 _____ () C:\Users\Sharon\Downloads\Adobe%20Flash%20Player.exe
2015-03-16 18:13 - 2015-03-16 18:13 - 01255416 _____ () C:\Users\Sharon\Downloads\Setup(4).exe
2015-03-16 18:12 - 2015-03-16 18:12 - 01255424 _____ () C:\Users\Sharon\Downloads\Setup(2).exe
2015-03-16 18:12 - 2015-03-16 18:12 - 01255408 _____ () C:\Users\Sharon\Downloads\Setup(3).exe
2015-03-16 18:11 - 2015-03-16 18:12 - 01255408 _____ () C:\Users\Sharon\Downloads\Setup(1).exe
2015-03-14 22:22 - 2015-03-14 22:23 - 00000000 ____D () C:\Program Files (x86)\siaofferweb
2015-03-14 22:22 - 2015-03-14 22:22 - 00000000 ____D () C:\Program Files (x86)\Talking Tom Cat Kid Ginger
2015-03-14 22:22 - 2015-03-14 22:22 - 00000000 ____D () C:\Program Files (x86)\Saverr  boX
2015-03-14 22:22 - 2015-03-14 22:22 - 00000000 ____D () C:\Program Files (x86)\CoupScannnero
2015-03-11 17:03 - 2015-02-03 18:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-11 17:03 - 2015-02-03 18:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-11 17:03 - 2015-02-03 18:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-11 17:03 - 2015-02-02 18:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-11 17:03 - 2015-02-02 18:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-11 17:03 - 2015-01-26 22:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-11 17:03 - 2015-01-23 20:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-11 17:02 - 2015-03-05 21:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-11 17:02 - 2015-03-05 21:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-11 17:02 - 2015-02-25 18:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-11 17:02 - 2015-02-19 22:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-11 17:02 - 2015-02-19 21:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-11 17:02 - 2015-02-19 21:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-11 17:02 - 2015-02-19 21:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-11 17:02 - 2015-02-06 18:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-11 17:02 - 2015-02-05 20:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-11 17:02 - 2015-02-05 20:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-11 17:02 - 2015-02-05 15:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-11 17:02 - 2015-02-02 19:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-11 17:02 - 2015-02-02 19:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-11 17:02 - 2015-01-30 18:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-11 17:02 - 2015-01-30 18:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-11 17:02 - 2015-01-30 18:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-11 17:02 - 2015-01-29 22:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-11 17:02 - 2015-01-29 22:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-11 17:02 - 2015-01-29 21:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-11 17:02 - 2015-01-29 21:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-11 17:02 - 2015-01-29 21:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-11 17:02 - 2015-01-29 20:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-11 17:02 - 2015-01-29 20:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-11 17:02 - 2015-01-29 20:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-11 17:02 - 2015-01-29 20:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-11 17:02 - 2015-01-29 20:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-11 17:02 - 2015-01-29 20:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-11 17:02 - 2015-01-29 20:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-11 17:02 - 2015-01-29 20:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-11 17:02 - 2015-01-29 20:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-11 17:02 - 2015-01-29 20:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-11 17:02 - 2015-01-28 20:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-11 17:02 - 2015-01-28 20:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-11 17:02 - 2015-01-28 20:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 17:02 - 2015-01-28 20:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-11 17:02 - 2015-01-28 20:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-11 17:02 - 2015-01-28 20:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 17:02 - 2015-01-28 19:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-11 17:02 - 2015-01-28 19:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-11 17:02 - 2015-01-28 19:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-11 17:02 - 2015-01-28 19:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-11 17:02 - 2015-01-28 10:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-11 17:02 - 2015-01-28 10:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-11 17:02 - 2015-01-28 10:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-11 17:02 - 2015-01-27 21:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-11 17:02 - 2015-01-27 20:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-11 17:02 - 2015-01-26 23:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-11 17:02 - 2015-01-26 21:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-11 17:02 - 2015-01-23 02:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-11 17:02 - 2015-01-23 00:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-11 17:01 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-11 17:01 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-11 17:01 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-11 17:01 - 2015-02-20 19:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-11 17:01 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-11 17:01 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-11 17:01 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-11 17:01 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-11 17:01 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-11 17:01 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-11 17:01 - 2015-02-19 21:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-11 17:01 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-11 17:01 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-11 17:01 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-11 17:01 - 2015-02-19 21:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-11 17:01 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-11 17:01 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-11 17:01 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-11 17:01 - 2015-02-19 20:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-11 17:01 - 2015-02-19 20:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-11 17:01 - 2015-02-19 20:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-11 17:01 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-11 17:01 - 2015-02-19 20:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-11 17:01 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-11 17:01 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-11 17:01 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-11 17:01 - 2015-02-19 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-11 17:01 - 2015-02-19 20:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-11 17:01 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-11 17:01 - 2015-02-19 20:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-11 17:01 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-11 17:01 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-11 17:01 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-11 17:01 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-11 17:01 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-11 17:01 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-11 17:01 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-11 17:01 - 2015-02-12 12:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-11 17:01 - 2015-02-12 12:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-11 17:01 - 2015-02-07 18:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-11 17:01 - 2015-02-07 18:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-11 17:01 - 2015-01-29 13:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-11 17:01 - 2015-01-29 13:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-11 17:01 - 2015-01-27 20:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-11 17:01 - 2015-01-27 20:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-11 17:01 - 2015-01-27 18:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-11 17:01 - 2015-01-27 18:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-11 17:01 - 2015-01-21 00:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-11 17:01 - 2015-01-21 00:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-11 17:01 - 2014-12-11 00:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-05 18:59 - 2015-03-05 18:59 - 00000000 ____D () C:\Program Files (x86)\LuckYShuopper
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-02 20:35 - 2014-12-19 16:52 - 01492192 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-02 20:32 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-02 20:29 - 2012-11-15 23:17 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-04-02 20:27 - 2014-12-19 18:44 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{225CDD63-2F5F-4EB8-AE71-2E7A267CBE60}
2015-04-02 20:27 - 2014-09-24 02:15 - 00338442 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-02 20:25 - 2015-01-14 11:01 - 00000134 _____ () C:\Users\Sharon\AppData\Roaming\WB.CFG
2015-04-02 20:24 - 2014-12-19 18:44 - 00000000 ___RD () C:\Users\Sharon\OneDrive
2015-03-31 19:03 - 2015-01-13 21:02 - 00000310 _____ () C:\WINDOWS\Tasks\UpdaterEX.job
2015-03-31 18:54 - 2015-02-06 19:54 - 00000310 _____ () C:\WINDOWS\Tasks\Binkiland.job
2015-03-31 18:54 - 2015-01-18 18:41 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-30 17:10 - 2013-08-22 09:46 - 00330453 _____ () C:\WINDOWS\setupact.log
2015-03-30 17:10 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-30 17:06 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-29 18:15 - 2014-11-08 13:11 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4172938740-681052224-3228742750-1001
2015-03-29 18:09 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-28 14:10 - 2014-11-16 14:31 - 00001405 _____ () C:\Users\Sharon\Desktop\ROBLOX Player.lnk
2015-03-28 14:10 - 2014-11-16 14:27 - 00001220 _____ () C:\Users\Sharon\Desktop\ROBLOX Studio.lnk
2015-03-28 14:10 - 2014-11-16 14:27 - 00000000 ____D () C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-03-25 18:19 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-23 19:32 - 2014-12-19 16:37 - 00000000 ____D () C:\Users\Sharon
2015-03-23 12:30 - 2015-01-18 18:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-23 12:30 - 2014-09-24 02:03 - 00031070 _____ () C:\WINDOWS\PFRO.log
2015-03-23 12:29 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-03-17 13:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-15 15:54 - 2015-02-28 15:05 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-03-15 15:48 - 2015-02-02 20:46 - 00000000 ____D () C:\ProgramData\99711752367997524
2015-03-12 14:55 - 2013-08-22 09:44 - 00346768 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-11 19:59 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-11 19:59 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 19:59 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 19:59 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 19:59 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-11 19:59 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-11 19:59 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-11 18:28 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-11 18:22 - 2014-11-08 16:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-11 18:20 - 2014-11-08 16:12 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-05 18:59 - 2015-02-22 19:52 - 00000000 ____D () C:\Program Files (x86)\PraiceDoWnloader
2015-03-05 18:59 - 2015-02-02 20:46 - 00000000 ____D () C:\Program Files (x86)\Toopbbuyier
2015-03-05 18:59 - 2015-02-02 20:46 - 00000000 ____D () C:\Program Files (x86)\ddeal4real
2015-03-04 16:24 - 2014-09-24 04:55 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 16:24 - 2014-09-24 04:55 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-03 16:20 - 2013-08-22 10:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2015-03-03 08:17 - 2014-11-08 23:13 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-03 00:41 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-03 00:41 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-03 00:41 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-03 00:41 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-03 00:41 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-03 00:41 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-03 00:41 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-03 00:41 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-03 00:41 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-03 00:40 - 2014-09-24 04:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-03 00:40 - 2014-09-24 01:53 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\IME
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-03-03 00:40 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-03-03 00:40 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-03-03 00:40 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-03-03 00:40 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-03-03 00:40 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-03-03 00:40 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-03-03 00:40 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\servicing
==================== Files in the root of some directories =======
2015-01-14 11:01 - 2015-04-02 20:25 - 0000134 _____ () C:\Users\Sharon\AppData\Roaming\WB.CFG
2015-02-22 19:32 - 2015-02-22 19:32 - 0274045 _____ () C:\Users\Sharon\AppData\Local\dsi1.dat
2015-02-22 19:32 - 2015-02-22 19:32 - 0161916 _____ () C:\Users\Sharon\AppData\Local\dsi2.dat
2015-02-07 15:00 - 2015-02-07 15:00 - 0007605 _____ () C:\Users\Sharon\AppData\Local\Resmon.ResmonCfg
2012-11-15 23:13 - 2012-11-15 23:14 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-15 23:09 - 2012-11-15 23:10 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-15 23:10 - 2012-11-15 23:11 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-15 23:09 - 2012-11-15 23:09 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-15 23:12 - 2012-11-15 23:13 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
Some content of TEMP:
====================
C:\Users\Sharon\AppData\Local\Temp\2FEEF638-2A16-38C7-2BEB-2F43425D9593.exe
C:\Users\Sharon\AppData\Local\Temp\489820.exe.exe
C:\Users\Sharon\AppData\Local\Temp\APNSetup.exe
C:\Users\Sharon\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sharon\AppData\Local\Temp\bbgcabfgcfe.exe
C:\Users\Sharon\AppData\Local\Temp\C09107B7-B686-DA2E-B150-D3304342CF78.dll
C:\Users\Sharon\AppData\Local\Temp\C09107B7-B686-DA2E-B150-D3304342CF78.exe
C:\Users\Sharon\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Sharon\AppData\Local\Temp\ICReinstall_CCleaner_Setup.exe
C:\Users\Sharon\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Sharon\AppData\Local\Temp\No_Problem_setup.exe
C:\Users\Sharon\AppData\Local\Temp\nst7FF4.exe
C:\Users\Sharon\AppData\Local\Temp\optprosetup.exe
C:\Users\Sharon\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Sharon\AppData\Local\Temp\System.Data.SQLite9606b01d-bb23-4790-aca0-cb790d49030c.dll
C:\Users\Sharon\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-31 21:20
==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Sharon at 2015-04-02 20:38:36
Running from C:\Users\Sharon\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Cirrus Logic Audio Panel (Version: 1.2.10.0 - Cirrus Logic) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.210 - ALPS ELECTRIC CO., LTD.)
DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.59.26 - Dell Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
ROBLOX Player for Sharon (HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
UpgradeSystem (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{c1522223}) (Version:  - Software Publisher) <==== ATTENTION
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 12.0.0.1600 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4172938740-681052224-3228742750-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Sharon\AppData\Local\Roblox\Versions\version-f9d6d23b9b1b466e\RobloxProxy64.dll (ROBLOX Corporation)
==================== Restore Points  =========================
11-03-2015 18:09:19 Windows Update
21-03-2015 12:08:54 Scheduled Checkpoint
28-03-2015 17:57:07 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2015-01-15 00:56 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {04A0D37A-89F6-4F12-BDCF-A50B63F9AFA2} - System32\Tasks\UpdaterEX => C:\Users\Sharon\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {07230A4A-0192-4BB9-B4D4-523BC50168CE} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {27F9BB94-A37C-4E07-BE04-21BA5AFB445F} - System32\Tasks\DonutQuotes => C:\Program Files (x86)\donutleads\ScheduledTask.exe
Task: {5313F086-EE11-4DAD-A814-39E6B6BC726E} - System32\Tasks\Binkiland => C:\Users\Sharon\AppData\Roaming\Binkiland\UpdateProc\UpdateTask.exe [2015-02-06] () <==== ATTENTION
Task: {5852B717-D153-4D75-B12F-D56AA61EEC90} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {8C92774B-76F1-4BD2-8CBC-25243C7AF2E3} - System32\Tasks\{D2EE8D0A-BDF2-4820-A71B-4DBC257E80F0} => pcalua.exe -a "C:\Program Files\McAfee\MSC\mcuihost.exe" -c /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall
Task: {D9B520B6-83A4-43FE-A19E-72B4EE158A48} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {DB099F06-1AD8-426F-9839-115FD371A254} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {F7471AE0-AD47-410F-8509-BC1DB231C111} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {F817E342-69BB-4111-BD34-83FE3920CF7A} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Binkiland.job => C:\Users\Sharon\AppData\Roaming\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Sharon\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) ==============
2012-07-19 14:53 - 2012-07-19 14:53 - 00043384 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\BtwLeAPI.dll
2012-11-15 23:11 - 2012-04-24 21:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-01-30 00:02 - 2014-01-30 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 20591616 _____ () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
2012-08-06 20:16 - 2012-08-06 20:16 - 03765248 _____ () C:\Program Files\Cirrus Logic Audio Panel\en-US\CirrusAudioPanel_Dell.resources.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00048128 _____ () C:\Program Files\Cirrus Logic Audio Panel\CoreAudioApi.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00013312 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizationControlsLib.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00270848 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizeLanguage.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00011776 _____ () C:\Program Files\Cirrus Logic Audio Panel\ExtendedWindowsControls.dll
2015-02-02 20:25 - 2015-02-02 20:25 - 01589760 _____ () c:\Program Files (x86)\UpgradeSystem\UpgradeSystem.dll
2014-12-27 19:51 - 2014-12-27 19:51 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\80a14cd14e9579821dba2282b4349fef\PSIClient.ni.dll
2012-11-15 23:00 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-11-15 23:17 - 2012-09-12 22:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2012-11-15 23:17 - 2012-08-06 11:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2012-11-15 23:17 - 2012-08-06 11:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2012-11-15 23:10 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Sharon\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Sharon\OneDrive.old:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sharon\Pictures\Roblox\0a0c98a71917c7df5db4a7eee41f5991.jpeg
DNS Servers: 209.18.47.61 - 209.18.47.62
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
==================== Accounts: =============================
Administrator (S-1-5-21-4172938740-681052224-3228742750-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-4172938740-681052224-3228742750-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4172938740-681052224-3228742750-1003 - Limited - Enabled)
Sharon (S-1-5-21-4172938740-681052224-3228742750-1001 - Administrator - Enabled) => C:\Users\Sharon
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/30/2015 05:11:05 PM) (Source: CirrusAudioService) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
   at CirrusService.ServiceContractImpl..ctor()
   at CirrusService.CirrusService.CreateServiceHost()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/28/2015 06:00:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x1570
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5
Error: (03/27/2015 07:02:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x1794
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5
Error: (03/26/2015 00:20:47 PM) (Source: CirrusAudioService) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
   at CirrusService.ServiceContractImpl..ctor()
   at CirrusService.CirrusService.CreateServiceHost()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/24/2015 06:51:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x10c8
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5
Error: (03/23/2015 07:29:10 PM) (Source: CirrusAudioService) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
   at CirrusService.ServiceContractImpl..ctor()
   at CirrusService.CirrusService.CreateServiceHost()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/23/2015 00:30:55 PM) (Source: CirrusAudioService) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
   at CirrusService.ServiceContractImpl..ctor()
   at CirrusService.CirrusService.CreateServiceHost()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/21/2015 03:19:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x2918
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5
Error: (03/21/2015 01:57:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.3.9600.17415, time stamp: 0x54503ea8
Faulting module name: FFMicAPO64.dll, version: 1.0.0.9, time stamp: 0x4f1db764
Exception code: 0xc0000005
Fault offset: 0x0000000000002fe6
Faulting process id: 0x3e60
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5
Error: (03/21/2015 00:28:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 36.0.3.5556, time stamp: 0x550bb6a0
Faulting module name: mozalloc.dll, version: 36.0.3.5556, time stamp: 0x550ba813
Exception code: 0x80000003
Fault offset: 0x00001e02
Faulting process id: 0x4164
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

System errors:
=============
Error: (03/31/2015 09:22:42 PM) (Source: DCOM) (EventID: 10010) (User: SHARON)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/31/2015 09:22:42 PM) (Source: DCOM) (EventID: 10010) (User: SHARON)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/31/2015 09:22:36 PM) (Source: DCOM) (EventID: 10010) (User: SHARON)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/31/2015 09:22:36 PM) (Source: DCOM) (EventID: 10010) (User: SHARON)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/31/2015 09:22:36 PM) (Source: DCOM) (EventID: 10010) (User: SHARON)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/31/2015 09:22:36 PM) (Source: DCOM) (EventID: 10010) (User: SHARON)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/30/2015 05:10:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:30:35 PM on ‎3/‎30/‎2015 was unexpected.
Error: (03/30/2015 02:59:57 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.2.2 with the system
having network hardware address 8C-84-01-89-E4-D8. Network operations on this system may
be disrupted as a result.
Error: (03/28/2015 08:43:00 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.2.2 with the system
having network hardware address 8C-84-01-89-E4-D8. Network operations on this system may
be disrupted as a result.
Error: (03/28/2015 05:19:23 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.2.2 with the system
having network hardware address 8C-84-01-89-E4-D8. Network operations on this system may
be disrupted as a result.

Microsoft Office Sessions:
=========================
Error: (03/30/2015 05:11:05 PM) (Source: CirrusAudioService) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
   at CirrusService.ServiceContractImpl..ctor()
   at CirrusService.CirrusService.CreateServiceHost()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/28/2015 06:00:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f157001d069aaf1ce2003C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll30de44d4-d59e-11e4-bebc-642737fade74
Error: (03/27/2015 07:02:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f179401d068ea6bbe68b5C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dllaaef990b-d4dd-11e4-bebc-642737fade74
Error: (03/26/2015 00:20:47 PM) (Source: CirrusAudioService) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
   at CirrusService.ServiceContractImpl..ctor()
   at CirrusService.CirrusService.CreateServiceHost()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/24/2015 06:51:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f10c801d0668d5e53a52fC:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dlla1919fe9-d280-11e4-bebb-642737fade74
Error: (03/23/2015 07:29:10 PM) (Source: CirrusAudioService) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
   at CirrusService.ServiceContractImpl..ctor()
   at CirrusService.CirrusService.CreateServiceHost()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/23/2015 00:30:55 PM) (Source: CirrusAudioService) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
   at CirrusService.ServiceContractImpl..ctor()
   at CirrusService.CirrusService.CreateServiceHost()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/21/2015 03:19:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f291801d0641459394298C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll98765e93-d007-11e4-beb9-642737fade74
Error: (03/21/2015 01:57:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.3.9600.1741554503ea8FFMicAPO64.dll1.0.0.94f1db764c00000050000000000002fe63e6001d0629bc2f46abaC:\WINDOWS\system32\AUDIODG.EXEC:\WINDOWS\system32\FFMicAPO64.dll10d991f8-cffc-11e4-beb9-642737fade74
Error: (03/21/2015 00:28:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.3.5556550bb6a0mozalloc.dll36.0.3.5556550ba8138000000300001e02416401d063fbcb665809C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla7d450a9-cfef-11e4-beb9-642737fade74

CodeIntegrity Errors:
===================================
  Date: 2015-03-21 17:54:44.732
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2015-03-21 17:54:44.529
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2015-03-21 17:54:44.186
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2015-03-21 17:54:43.920
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2015-03-21 17:54:43.560
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2015-03-21 17:54:43.295
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2015-03-21 17:54:42.951
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2015-03-21 17:54:42.701
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2015-03-21 17:54:42.342
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2015-03-21 17:54:42.092
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel® Core™ i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 50%
Total physical RAM: 3959.09 MB
Available physical RAM: 1943.84 MB
Total Pagefile: 4663.09 MB
Available Pagefile: 2612.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:456.54 GB) (Free:421.99 GB) NTFS
Drive d: (MSHA Web Nursery) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive x: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:7.2 GB) (Free:0.3 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 565A9B2D)
Partition: GPT Partition Type.
==================== End Of Log ============================
  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's start clearing the junk away. Please let me know how the machine is running after these steps, and we'll proceed from there.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.



Step 1: Program Uninstalls


Please uninstall the following program(s) from your machine as they/it are adware/malware related.

UpgradeSystem


Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [ospd_us_666] => [X]
HKLM-x32\...\RunOnce: [Binkiland] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Sharon\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
C:\Users\Sharon\AppData\Roaming\Binkiland
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\RunOnce: [Binkiland] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Sharon\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
AppInit_DLLs-x32: c:/progra~3/{753d9~1/171~1.0/more.dll => "c:\progra~3\{753d9~1\171~1.0\more.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
ProxyServer: [HKLM] => http=127.0.0.1:49299;https=127.0.0.1:49299
ProxyServer: [HKLM-x32] => http=127.0.0.1:49299;https=127.0.0.1:49299
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {1F0EB737-2072-4440-8A18-74BD5E83ED10} URL =
BHO: LuckYShuopper -> {5b4ceb83-f3ce-4076-b103-c8d9383f6007} -> C:\Program Files (x86)\LuckYShuopper\5DjjsHuqHRI7KX.x64.dll [2015-03-05] ()
BHO: Saverr boX -> {9fccff62-a2e3-40e6-914b-887fe6b55125} -> C:\Program Files (x86)\Saverr boX\m2PqAY7dRE2qoc.x64.dll [2015-03-14] ()
BHO: siaofferweb -> {f6bd424c-79cd-4257-90b1-6dd205773692} -> C:\Program Files (x86)\siaofferweb\QhNBhVNwnUwABK.x64.dll [2015-03-14] ()
BHO-x32: LuckYShuopper -> {5b4ceb83-f3ce-4076-b103-c8d9383f6007} -> C:\Program Files (x86)\LuckYShuopper\5DjjsHuqHRI7KX.dll [2015-03-05] ()
BHO-x32: Saverr boX -> {9fccff62-a2e3-40e6-914b-887fe6b55125} -> C:\Program Files (x86)\Saverr boX\m2PqAY7dRE2qoc.dll [2015-03-14] ()
BHO-x32: siaofferweb -> {f6bd424c-79cd-4257-90b1-6dd205773692} -> C:\Program Files (x86)\siaofferweb\QhNBhVNwnUwABK.dll [2015-03-14] ()
Toolbar: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
C:\Program Files (x86)\LuckYShuopper
C:\Program Files (x86)\Saverr boX
C:\Program Files (x86)\siaofferweb
FF SelectedSearchEngine: Binkiland
FF SearchPlugin: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\searchplugins\Binkiland.xml [2015-02-22]
FF Extension: CoupScannnero - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\Extensions\[email protected] [2015-03-14]
R2 c1522223; c:\Program Files (x86)\UpgradeSystem\UpgradeSystem.dll [1589760 2015-02-02] () [File not signed]
c:\Program Files (x86)\UpgradeSystem
R1 {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64; C:\Windows\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys [48792 2015-01-13] (StdLib)
C:\Windows\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys
S1 ssnfd_1_10_0_5; system32\drivers\ssnfd_1_10_0_5.sys [X]
2015-03-14 22:22 - 2015-03-14 22:23 - 00000000 ____D () C:\Program Files (x86)\siaofferweb
2015-03-14 22:22 - 2015-03-14 22:22 - 00000000 ____D () C:\Program Files (x86)\Saverr boX
2015-03-14 22:22 - 2015-03-14 22:22 - 00000000 ____D () C:\Program Files (x86)\CoupScannnero
2015-03-05 18:59 - 2015-03-05 18:59 - 00000000 ____D () C:\Program Files (x86)\LuckYShuopper
2015-03-31 19:03 - 2015-01-13 21:02 - 00000310 _____ () C:\WINDOWS\Tasks\UpdaterEX.job
2015-03-31 18:54 - 2015-02-06 19:54 - 00000310 _____ () C:\WINDOWS\Tasks\Binkiland.job
2015-03-05 18:59 - 2015-02-22 19:52 - 00000000 ____D () C:\Program Files (x86)\PraiceDoWnloader
2015-03-05 18:59 - 2015-02-02 20:46 - 00000000 ____D () C:\Program Files (x86)\Toopbbuyier
2015-03-05 18:59 - 2015-02-02 20:46 - 00000000 ____D () C:\Program Files (x86)\ddeal4real
Task: {04A0D37A-89F6-4F12-BDCF-A50B63F9AFA2} - System32\Tasks\UpdaterEX => C:\Users\Sharon\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {07230A4A-0192-4BB9-B4D4-523BC50168CE} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {5313F086-EE11-4DAD-A814-39E6B6BC726E} - System32\Tasks\Binkiland => C:\Users\Sharon\AppData\Roaming\Binkiland\UpdateProc\UpdateTask.exe [2015-02-06] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\Binkiland.job => C:\Users\Sharon\AppData\Roaming\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Sharon\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
cmd: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Removeproxy:
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

  • 0

#3
sblank56

sblank56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Sharon at 2015-04-03 15:06:16 Run:1
Running from C:\Users\Sharon\Desktop
Loaded Profiles: Sharon (Available profiles: Sharon & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [ospd_us_666] => [X]
HKLM-x32\...\RunOnce: [Binkiland] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Sharon\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
C:\Users\Sharon\AppData\Roaming\Binkiland
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\RunOnce: [Binkiland] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Sharon\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
AppInit_DLLs-x32: c:/progra~3/{753d9~1/171~1.0/more.dll => "c:\progra~3\{753d9~1\171~1.0\more.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
ProxyServer: [HKLM] => http=127.0.0.1:49299;https=127.0.0.1:49299
ProxyServer: [HKLM-x32] => http=127.0.0.1:49299;https=127.0.0.1:49299
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {1F0EB737-2072-4440-8A18-74BD5E83ED10} URL =
BHO: LuckYShuopper -> {5b4ceb83-f3ce-4076-b103-c8d9383f6007} -> C:\Program Files (x86)\LuckYShuopper\5DjjsHuqHRI7KX.x64.dll [2015-03-05] ()
BHO: Saverr boX -> {9fccff62-a2e3-40e6-914b-887fe6b55125} -> C:\Program Files (x86)\Saverr boX\m2PqAY7dRE2qoc.x64.dll [2015-03-14] ()
BHO: siaofferweb -> {f6bd424c-79cd-4257-90b1-6dd205773692} -> C:\Program Files (x86)\siaofferweb\QhNBhVNwnUwABK.x64.dll [2015-03-14] ()
BHO-x32: LuckYShuopper -> {5b4ceb83-f3ce-4076-b103-c8d9383f6007} -> C:\Program Files (x86)\LuckYShuopper\5DjjsHuqHRI7KX.dll [2015-03-05] ()
BHO-x32: Saverr boX -> {9fccff62-a2e3-40e6-914b-887fe6b55125} -> C:\Program Files (x86)\Saverr boX\m2PqAY7dRE2qoc.dll [2015-03-14] ()
BHO-x32: siaofferweb -> {f6bd424c-79cd-4257-90b1-6dd205773692} -> C:\Program Files (x86)\siaofferweb\QhNBhVNwnUwABK.dll [2015-03-14] ()
Toolbar: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
C:\Program Files (x86)\LuckYShuopper
C:\Program Files (x86)\Saverr boX
C:\Program Files (x86)\siaofferweb
FF SelectedSearchEngine: Binkiland
FF SearchPlugin: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\searchplugins\Binkiland.xml [2015-02-22]
FF Extension: CoupScannnero - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\Extensions\[email protected] [2015-03-14]
R2 c1522223; c:\Program Files (x86)\UpgradeSystem\UpgradeSystem.dll [1589760 2015-02-02] () [File not signed]
c:\Program Files (x86)\UpgradeSystem
R1 {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64; C:\Windows\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys [48792 2015-01-13] (StdLib)
C:\Windows\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys
S1 ssnfd_1_10_0_5; system32\drivers\ssnfd_1_10_0_5.sys [X]
2015-03-14 22:22 - 2015-03-14 22:23 - 00000000 ____D () C:\Program Files (x86)\siaofferweb
2015-03-14 22:22 - 2015-03-14 22:22 - 00000000 ____D () C:\Program Files (x86)\Saverr boX
2015-03-14 22:22 - 2015-03-14 22:22 - 00000000 ____D () C:\Program Files (x86)\CoupScannnero
2015-03-05 18:59 - 2015-03-05 18:59 - 00000000 ____D () C:\Program Files (x86)\LuckYShuopper
2015-03-31 19:03 - 2015-01-13 21:02 - 00000310 _____ () C:\WINDOWS\Tasks\UpdaterEX.job
2015-03-31 18:54 - 2015-02-06 19:54 - 00000310 _____ () C:\WINDOWS\Tasks\Binkiland.job
2015-03-05 18:59 - 2015-02-22 19:52 - 00000000 ____D () C:\Program Files (x86)\PraiceDoWnloader
2015-03-05 18:59 - 2015-02-02 20:46 - 00000000 ____D () C:\Program Files (x86)\Toopbbuyier
2015-03-05 18:59 - 2015-02-02 20:46 - 00000000 ____D () C:\Program Files (x86)\ddeal4real
Task: {04A0D37A-89F6-4F12-BDCF-A50B63F9AFA2} - System32\Tasks\UpdaterEX => C:\Users\Sharon\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {07230A4A-0192-4BB9-B4D4-523BC50168CE} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {5313F086-EE11-4DAD-A814-39E6B6BC726E} - System32\Tasks\Binkiland => C:\Users\Sharon\AppData\Roaming\Binkiland\UpdateProc\UpdateTask.exe [2015-02-06] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\Binkiland.job => C:\Users\Sharon\AppData\Roaming\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Sharon\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
cmd: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Removeproxy:
Emptytemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_666 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Binkiland => value deleted successfully.
C:\Users\Sharon\AppData\Roaming\Binkiland => Moved successfully.
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Binkiland => value deleted successfully.
"c:/progra~3/{753d9~1/171~1.0/more.dll" => Value Data removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => Key deleted successfully.
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
"HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F0EB737-2072-4440-8A18-74BD5E83ED10}" => Key deleted successfully.
HKCR\CLSID\{1F0EB737-2072-4440-8A18-74BD5E83ED10} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b4ceb83-f3ce-4076-b103-c8d9383f6007}" => Key deleted successfully.
"HKCR\CLSID\{5b4ceb83-f3ce-4076-b103-c8d9383f6007}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9fccff62-a2e3-40e6-914b-887fe6b55125}" => Key deleted successfully.
"HKCR\CLSID\{9fccff62-a2e3-40e6-914b-887fe6b55125}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6bd424c-79cd-4257-90b1-6dd205773692}" => Key deleted successfully.
"HKCR\CLSID\{f6bd424c-79cd-4257-90b1-6dd205773692}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b4ceb83-f3ce-4076-b103-c8d9383f6007}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5b4ceb83-f3ce-4076-b103-c8d9383f6007}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9fccff62-a2e3-40e6-914b-887fe6b55125}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9fccff62-a2e3-40e6-914b-887fe6b55125}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6bd424c-79cd-4257-90b1-6dd205773692}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{f6bd424c-79cd-4257-90b1-6dd205773692}" => Key deleted successfully.
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => Key not found.
C:\Program Files (x86)\LuckYShuopper => Moved successfully.
"C:\Program Files (x86)\Saverr boX" => File/Directory not found.
C:\Program Files (x86)\siaofferweb => Moved successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\searchplugins\Binkiland.xml => Moved successfully.
C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\Extensions\[email protected] => Moved successfully.
c1522223 => Service not found.
"c:\Program Files (x86)\UpgradeSystem" => File/Directory not found.
{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64 => Unable to stop service
{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64 => Service deleted successfully.
C:\Windows\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys => Moved successfully.
ssnfd_1_10_0_5 => Service deleted successfully.
"C:\Program Files (x86)\siaofferweb" => File/Directory not found.
"C:\Program Files (x86)\Saverr boX" => File/Directory not found.
C:\Program Files (x86)\CoupScannnero => Moved successfully.
"C:\Program Files (x86)\LuckYShuopper" => File/Directory not found.
C:\WINDOWS\Tasks\UpdaterEX.job => Moved successfully.
C:\WINDOWS\Tasks\Binkiland.job => Moved successfully.
C:\Program Files (x86)\PraiceDoWnloader => Moved successfully.
C:\Program Files (x86)\Toopbbuyier => Moved successfully.
C:\Program Files (x86)\ddeal4real => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04A0D37A-89F6-4F12-BDCF-A50B63F9AFA2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04A0D37A-89F6-4F12-BDCF-A50B63F9AFA2}" => Key deleted successfully.
C:\Windows\System32\Tasks\UpdaterEX => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07230A4A-0192-4BB9-B4D4-523BC50168CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07230A4A-0192-4BB9-B4D4-523BC50168CE}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5313F086-EE11-4DAD-A814-39E6B6BC726E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5313F086-EE11-4DAD-A814-39E6B6BC726E}" => Key deleted successfully.
C:\Windows\System32\Tasks\Binkiland => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Binkiland" => Key deleted successfully.
C:\WINDOWS\Tasks\Binkiland.job not found.
C:\WINDOWS\Tasks\UpdaterEX.job not found.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {D8CDCFB3-EDB7-47A0-A2B9-B27F913FF594}.
Unable to cancel {2A945F3F-23D7-477F-AB43-2994920AF5D3}.
Unable to cancel {E8D7C7FC-7229-413C-B98A-7F7300E6B168}.
{760F9CF9-1730-4133-A1C0-78D13B10CBB7} canceled.
1 out of 4 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========


=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 898.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 15:06:59 ====


  • 0

#4
sblank56

sblank56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Sharon at 2015-04-03 15:06:16 Run:1
Running from C:\Users\Sharon\Desktop
Loaded Profiles: Sharon (Available profiles: Sharon & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [ospd_us_666] => [X]
HKLM-x32\...\RunOnce: [Binkiland] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Sharon\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
C:\Users\Sharon\AppData\Roaming\Binkiland
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\RunOnce: [Binkiland] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Sharon\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
AppInit_DLLs-x32: c:/progra~3/{753d9~1/171~1.0/more.dll => "c:\progra~3\{753d9~1\171~1.0\more.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
ProxyServer: [HKLM] => http=127.0.0.1:49299;https=127.0.0.1:49299
ProxyServer: [HKLM-x32] => http=127.0.0.1:49299;https=127.0.0.1:49299
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {1F0EB737-2072-4440-8A18-74BD5E83ED10} URL =
BHO: LuckYShuopper -> {5b4ceb83-f3ce-4076-b103-c8d9383f6007} -> C:\Program Files (x86)\LuckYShuopper\5DjjsHuqHRI7KX.x64.dll [2015-03-05] ()
BHO: Saverr boX -> {9fccff62-a2e3-40e6-914b-887fe6b55125} -> C:\Program Files (x86)\Saverr boX\m2PqAY7dRE2qoc.x64.dll [2015-03-14] ()
BHO: siaofferweb -> {f6bd424c-79cd-4257-90b1-6dd205773692} -> C:\Program Files (x86)\siaofferweb\QhNBhVNwnUwABK.x64.dll [2015-03-14] ()
BHO-x32: LuckYShuopper -> {5b4ceb83-f3ce-4076-b103-c8d9383f6007} -> C:\Program Files (x86)\LuckYShuopper\5DjjsHuqHRI7KX.dll [2015-03-05] ()
BHO-x32: Saverr boX -> {9fccff62-a2e3-40e6-914b-887fe6b55125} -> C:\Program Files (x86)\Saverr boX\m2PqAY7dRE2qoc.dll [2015-03-14] ()
BHO-x32: siaofferweb -> {f6bd424c-79cd-4257-90b1-6dd205773692} -> C:\Program Files (x86)\siaofferweb\QhNBhVNwnUwABK.dll [2015-03-14] ()
Toolbar: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
C:\Program Files (x86)\LuckYShuopper
C:\Program Files (x86)\Saverr boX
C:\Program Files (x86)\siaofferweb
FF SelectedSearchEngine: Binkiland
FF SearchPlugin: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\searchplugins\Binkiland.xml [2015-02-22]
FF Extension: CoupScannnero - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\Extensions\[email protected] [2015-03-14]
R2 c1522223; c:\Program Files (x86)\UpgradeSystem\UpgradeSystem.dll [1589760 2015-02-02] () [File not signed]
c:\Program Files (x86)\UpgradeSystem
R1 {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64; C:\Windows\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys [48792 2015-01-13] (StdLib)
C:\Windows\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys
S1 ssnfd_1_10_0_5; system32\drivers\ssnfd_1_10_0_5.sys [X]
2015-03-14 22:22 - 2015-03-14 22:23 - 00000000 ____D () C:\Program Files (x86)\siaofferweb
2015-03-14 22:22 - 2015-03-14 22:22 - 00000000 ____D () C:\Program Files (x86)\Saverr boX
2015-03-14 22:22 - 2015-03-14 22:22 - 00000000 ____D () C:\Program Files (x86)\CoupScannnero
2015-03-05 18:59 - 2015-03-05 18:59 - 00000000 ____D () C:\Program Files (x86)\LuckYShuopper
2015-03-31 19:03 - 2015-01-13 21:02 - 00000310 _____ () C:\WINDOWS\Tasks\UpdaterEX.job
2015-03-31 18:54 - 2015-02-06 19:54 - 00000310 _____ () C:\WINDOWS\Tasks\Binkiland.job
2015-03-05 18:59 - 2015-02-22 19:52 - 00000000 ____D () C:\Program Files (x86)\PraiceDoWnloader
2015-03-05 18:59 - 2015-02-02 20:46 - 00000000 ____D () C:\Program Files (x86)\Toopbbuyier
2015-03-05 18:59 - 2015-02-02 20:46 - 00000000 ____D () C:\Program Files (x86)\ddeal4real
Task: {04A0D37A-89F6-4F12-BDCF-A50B63F9AFA2} - System32\Tasks\UpdaterEX => C:\Users\Sharon\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {07230A4A-0192-4BB9-B4D4-523BC50168CE} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {5313F086-EE11-4DAD-A814-39E6B6BC726E} - System32\Tasks\Binkiland => C:\Users\Sharon\AppData\Roaming\Binkiland\UpdateProc\UpdateTask.exe [2015-02-06] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\Binkiland.job => C:\Users\Sharon\AppData\Roaming\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Sharon\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
cmd: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Removeproxy:
Emptytemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_666 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Binkiland => value deleted successfully.
C:\Users\Sharon\AppData\Roaming\Binkiland => Moved successfully.
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Binkiland => value deleted successfully.
"c:/progra~3/{753d9~1/171~1.0/more.dll" => Value Data removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => Key deleted successfully.
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
"HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F0EB737-2072-4440-8A18-74BD5E83ED10}" => Key deleted successfully.
HKCR\CLSID\{1F0EB737-2072-4440-8A18-74BD5E83ED10} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b4ceb83-f3ce-4076-b103-c8d9383f6007}" => Key deleted successfully.
"HKCR\CLSID\{5b4ceb83-f3ce-4076-b103-c8d9383f6007}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9fccff62-a2e3-40e6-914b-887fe6b55125}" => Key deleted successfully.
"HKCR\CLSID\{9fccff62-a2e3-40e6-914b-887fe6b55125}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6bd424c-79cd-4257-90b1-6dd205773692}" => Key deleted successfully.
"HKCR\CLSID\{f6bd424c-79cd-4257-90b1-6dd205773692}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b4ceb83-f3ce-4076-b103-c8d9383f6007}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5b4ceb83-f3ce-4076-b103-c8d9383f6007}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9fccff62-a2e3-40e6-914b-887fe6b55125}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9fccff62-a2e3-40e6-914b-887fe6b55125}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6bd424c-79cd-4257-90b1-6dd205773692}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{f6bd424c-79cd-4257-90b1-6dd205773692}" => Key deleted successfully.
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => Key not found.
C:\Program Files (x86)\LuckYShuopper => Moved successfully.
"C:\Program Files (x86)\Saverr boX" => File/Directory not found.
C:\Program Files (x86)\siaofferweb => Moved successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\searchplugins\Binkiland.xml => Moved successfully.
C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\Extensions\[email protected] => Moved successfully.
c1522223 => Service not found.
"c:\Program Files (x86)\UpgradeSystem" => File/Directory not found.
{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64 => Unable to stop service
{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64 => Service deleted successfully.
C:\Windows\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys => Moved successfully.
ssnfd_1_10_0_5 => Service deleted successfully.
"C:\Program Files (x86)\siaofferweb" => File/Directory not found.
"C:\Program Files (x86)\Saverr boX" => File/Directory not found.
C:\Program Files (x86)\CoupScannnero => Moved successfully.
"C:\Program Files (x86)\LuckYShuopper" => File/Directory not found.
C:\WINDOWS\Tasks\UpdaterEX.job => Moved successfully.
C:\WINDOWS\Tasks\Binkiland.job => Moved successfully.
C:\Program Files (x86)\PraiceDoWnloader => Moved successfully.
C:\Program Files (x86)\Toopbbuyier => Moved successfully.
C:\Program Files (x86)\ddeal4real => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04A0D37A-89F6-4F12-BDCF-A50B63F9AFA2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04A0D37A-89F6-4F12-BDCF-A50B63F9AFA2}" => Key deleted successfully.
C:\Windows\System32\Tasks\UpdaterEX => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07230A4A-0192-4BB9-B4D4-523BC50168CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07230A4A-0192-4BB9-B4D4-523BC50168CE}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5313F086-EE11-4DAD-A814-39E6B6BC726E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5313F086-EE11-4DAD-A814-39E6B6BC726E}" => Key deleted successfully.
C:\Windows\System32\Tasks\Binkiland => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Binkiland" => Key deleted successfully.
C:\WINDOWS\Tasks\Binkiland.job not found.
C:\WINDOWS\Tasks\UpdaterEX.job not found.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {D8CDCFB3-EDB7-47A0-A2B9-B27F913FF594}.
Unable to cancel {2A945F3F-23D7-477F-AB43-2994920AF5D3}.
Unable to cancel {E8D7C7FC-7229-413C-B98A-7F7300E6B168}.
{760F9CF9-1730-4133-A1C0-78D13B10CBB7} canceled.
1 out of 4 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========


=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 898.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 15:06:59 ====


  • 0

#5
sblank56

sblank56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Sharon at 2015-04-03 15:06:16 Run:1
Running from C:\Users\Sharon\Desktop
Loaded Profiles: Sharon (Available profiles: Sharon & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [ospd_us_666] => [X]
HKLM-x32\...\RunOnce: [Binkiland] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Sharon\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
C:\Users\Sharon\AppData\Roaming\Binkiland
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\...\RunOnce: [Binkiland] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Sharon\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"
AppInit_DLLs-x32: c:/progra~3/{753d9~1/171~1.0/more.dll => "c:\progra~3\{753d9~1\171~1.0\more.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Policy Restriction on ProxySettings)
ProxyServer: [HKLM] => http=127.0.0.1:49299;https=127.0.0.1:49299
ProxyServer: [HKLM-x32] => http=127.0.0.1:49299;https=127.0.0.1:49299
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> {1F0EB737-2072-4440-8A18-74BD5E83ED10} URL =
BHO: LuckYShuopper -> {5b4ceb83-f3ce-4076-b103-c8d9383f6007} -> C:\Program Files (x86)\LuckYShuopper\5DjjsHuqHRI7KX.x64.dll [2015-03-05] ()
BHO: Saverr boX -> {9fccff62-a2e3-40e6-914b-887fe6b55125} -> C:\Program Files (x86)\Saverr boX\m2PqAY7dRE2qoc.x64.dll [2015-03-14] ()
BHO: siaofferweb -> {f6bd424c-79cd-4257-90b1-6dd205773692} -> C:\Program Files (x86)\siaofferweb\QhNBhVNwnUwABK.x64.dll [2015-03-14] ()
BHO-x32: LuckYShuopper -> {5b4ceb83-f3ce-4076-b103-c8d9383f6007} -> C:\Program Files (x86)\LuckYShuopper\5DjjsHuqHRI7KX.dll [2015-03-05] ()
BHO-x32: Saverr boX -> {9fccff62-a2e3-40e6-914b-887fe6b55125} -> C:\Program Files (x86)\Saverr boX\m2PqAY7dRE2qoc.dll [2015-03-14] ()
BHO-x32: siaofferweb -> {f6bd424c-79cd-4257-90b1-6dd205773692} -> C:\Program Files (x86)\siaofferweb\QhNBhVNwnUwABK.dll [2015-03-14] ()
Toolbar: HKU\S-1-5-21-4172938740-681052224-3228742750-1001 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
C:\Program Files (x86)\LuckYShuopper
C:\Program Files (x86)\Saverr boX
C:\Program Files (x86)\siaofferweb
FF SelectedSearchEngine: Binkiland
FF SearchPlugin: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\searchplugins\Binkiland.xml [2015-02-22]
FF Extension: CoupScannnero - C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\Extensions\[email protected] [2015-03-14]
R2 c1522223; c:\Program Files (x86)\UpgradeSystem\UpgradeSystem.dll [1589760 2015-02-02] () [File not signed]
c:\Program Files (x86)\UpgradeSystem
R1 {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64; C:\Windows\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys [48792 2015-01-13] (StdLib)
C:\Windows\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys
S1 ssnfd_1_10_0_5; system32\drivers\ssnfd_1_10_0_5.sys [X]
2015-03-14 22:22 - 2015-03-14 22:23 - 00000000 ____D () C:\Program Files (x86)\siaofferweb
2015-03-14 22:22 - 2015-03-14 22:22 - 00000000 ____D () C:\Program Files (x86)\Saverr boX
2015-03-14 22:22 - 2015-03-14 22:22 - 00000000 ____D () C:\Program Files (x86)\CoupScannnero
2015-03-05 18:59 - 2015-03-05 18:59 - 00000000 ____D () C:\Program Files (x86)\LuckYShuopper
2015-03-31 19:03 - 2015-01-13 21:02 - 00000310 _____ () C:\WINDOWS\Tasks\UpdaterEX.job
2015-03-31 18:54 - 2015-02-06 19:54 - 00000310 _____ () C:\WINDOWS\Tasks\Binkiland.job
2015-03-05 18:59 - 2015-02-22 19:52 - 00000000 ____D () C:\Program Files (x86)\PraiceDoWnloader
2015-03-05 18:59 - 2015-02-02 20:46 - 00000000 ____D () C:\Program Files (x86)\Toopbbuyier
2015-03-05 18:59 - 2015-02-02 20:46 - 00000000 ____D () C:\Program Files (x86)\ddeal4real
Task: {04A0D37A-89F6-4F12-BDCF-A50B63F9AFA2} - System32\Tasks\UpdaterEX => C:\Users\Sharon\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {07230A4A-0192-4BB9-B4D4-523BC50168CE} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {5313F086-EE11-4DAD-A814-39E6B6BC726E} - System32\Tasks\Binkiland => C:\Users\Sharon\AppData\Roaming\Binkiland\UpdateProc\UpdateTask.exe [2015-02-06] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\Binkiland.job => C:\Users\Sharon\AppData\Roaming\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\Sharon\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
cmd: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Removeproxy:
Emptytemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_666 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Binkiland => value deleted successfully.
C:\Users\Sharon\AppData\Roaming\Binkiland => Moved successfully.
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Binkiland => value deleted successfully.
"c:/progra~3/{753d9~1/171~1.0/more.dll" => Value Data removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => Key deleted successfully.
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
"HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F0EB737-2072-4440-8A18-74BD5E83ED10}" => Key deleted successfully.
HKCR\CLSID\{1F0EB737-2072-4440-8A18-74BD5E83ED10} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b4ceb83-f3ce-4076-b103-c8d9383f6007}" => Key deleted successfully.
"HKCR\CLSID\{5b4ceb83-f3ce-4076-b103-c8d9383f6007}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9fccff62-a2e3-40e6-914b-887fe6b55125}" => Key deleted successfully.
"HKCR\CLSID\{9fccff62-a2e3-40e6-914b-887fe6b55125}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6bd424c-79cd-4257-90b1-6dd205773692}" => Key deleted successfully.
"HKCR\CLSID\{f6bd424c-79cd-4257-90b1-6dd205773692}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b4ceb83-f3ce-4076-b103-c8d9383f6007}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5b4ceb83-f3ce-4076-b103-c8d9383f6007}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9fccff62-a2e3-40e6-914b-887fe6b55125}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9fccff62-a2e3-40e6-914b-887fe6b55125}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f6bd424c-79cd-4257-90b1-6dd205773692}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{f6bd424c-79cd-4257-90b1-6dd205773692}" => Key deleted successfully.
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => Key not found.
C:\Program Files (x86)\LuckYShuopper => Moved successfully.
"C:\Program Files (x86)\Saverr boX" => File/Directory not found.
C:\Program Files (x86)\siaofferweb => Moved successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\searchplugins\Binkiland.xml => Moved successfully.
C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\1l6xnxdx.default\Extensions\[email protected] => Moved successfully.
c1522223 => Service not found.
"c:\Program Files (x86)\UpgradeSystem" => File/Directory not found.
{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64 => Unable to stop service
{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64 => Service deleted successfully.
C:\Windows\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys => Moved successfully.
ssnfd_1_10_0_5 => Service deleted successfully.
"C:\Program Files (x86)\siaofferweb" => File/Directory not found.
"C:\Program Files (x86)\Saverr boX" => File/Directory not found.
C:\Program Files (x86)\CoupScannnero => Moved successfully.
"C:\Program Files (x86)\LuckYShuopper" => File/Directory not found.
C:\WINDOWS\Tasks\UpdaterEX.job => Moved successfully.
C:\WINDOWS\Tasks\Binkiland.job => Moved successfully.
C:\Program Files (x86)\PraiceDoWnloader => Moved successfully.
C:\Program Files (x86)\Toopbbuyier => Moved successfully.
C:\Program Files (x86)\ddeal4real => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04A0D37A-89F6-4F12-BDCF-A50B63F9AFA2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04A0D37A-89F6-4F12-BDCF-A50B63F9AFA2}" => Key deleted successfully.
C:\Windows\System32\Tasks\UpdaterEX => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07230A4A-0192-4BB9-B4D4-523BC50168CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07230A4A-0192-4BB9-B4D4-523BC50168CE}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5313F086-EE11-4DAD-A814-39E6B6BC726E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5313F086-EE11-4DAD-A814-39E6B6BC726E}" => Key deleted successfully.
C:\Windows\System32\Tasks\Binkiland => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Binkiland" => Key deleted successfully.
C:\WINDOWS\Tasks\Binkiland.job not found.
C:\WINDOWS\Tasks\UpdaterEX.job not found.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {D8CDCFB3-EDB7-47A0-A2B9-B27F913FF594}.
Unable to cancel {2A945F3F-23D7-477F-AB43-2994920AF5D3}.
Unable to cancel {E8D7C7FC-7229-413C-B98A-7F7300E6B168}.
{760F9CF9-1730-4133-A1C0-78D13B10CBB7} canceled.
1 out of 4 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========


=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 898.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 15:06:59 ====


  • 0

#6
sblank56

sblank56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 8.1 x64
Ran by Sharon on Fri 04/03/2015 at 15:14:30.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{feab0c41-e45e-4498-b6d2-a5d07639765a}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{feab0c41-e45e-4498-b6d2-a5d07639765a}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{feab0c41-e45e-4498-b6d2-a5d07639765a}

~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\TOOLBAR.EXE-EB4E10B3.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERRESTORE.EXE-19C86239.pf
Successfully deleted: [File] "C:\WINDOWS\patsearch.bin"
Successfully deleted: [File] "C:\WINDOWS\wininit.ini"
Successfully deleted: [File] C:\Users\Sharon\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe

 

~~~ Folders

Successfully deleted: [Folder] C:\Users\Sharon\AppData\Roaming\UpdaterEX
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Sharon\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Users\Sharon\appdata\local\globalupdate"
Successfully deleted: [Folder] "C:\Users\Sharon\appdata\local\vosteran"
Successfully deleted: [Folder] "C:\Program Files (x86)\globalupdate"
Successfully deleted: [Folder] "C:\Program Files (x86)\predm"
Successfully deleted: [Folder] "C:\Users\Sharon\documents\optimizer pro"

~~~ FireFox

Successfully deleted: [File] C:\Users\Sharon\AppData\Roaming\mozilla\firefox\profiles\1l6xnxdx.default\user.js
Successfully deleted the following from C:\Users\Sharon\AppData\Roaming\mozilla\firefox\profiles\1l6xnxdx.default\prefs.js

user_pref("extensions.HC4z011qmUO7e1jv.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdCHqHC8rjk7qTk9qHaFrjg8qa\")>-1){return;}}catch(e){}try{var d=[[\"acebo
user_pref("extensions.YjOcRDR4Diq5IqTz.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdCHqHC8rjk7qTk9qHaFrjg8qa\")>-1){return;}}catch(e){}try{var d=[[\"trian
user_pref("extensions.syfNtdVETNGnfw6w.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdCHqHC8rjk7qTk9qHaFrjg8qa\")>-1){return;}}catch(e){}try{var d=[[\"acebo
user_pref("extensions.tqNmCZgoxtFSFUhH.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdCHqHC8rjk7qTk9qHaFrjg8qa\")>-1){return;}}catch(e){}try{var d=[[\"acebo

~~~ Event Viewer Logs were cleared

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/03/2015 at 15:17:15.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#7
sblank56

sblank56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

# AdwCleaner v4.200 - Logfile created 03/04/2015 at 15:37:39
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Sharon - SHARON
# Running from : C:\Users\Sharon\Downloads\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\GetDiscountApp
Folder Deleted : C:\ProgramData\donutleads
Folder Deleted : C:\ProgramData\979b422c00003306
Folder Deleted : C:\ProgramData\a3eba923000062a7
Folder Deleted : C:\Program Files (x86)\savernet
Folder Deleted : C:\Program Files (x86)\DealsFinderPro
Folder Deleted : C:\Program Files (x86)\deal4immee
Folder Deleted : C:\Program Files (x86)\Saverr  boX
Folder Deleted : C:\Program Files (x86)\WaowCoUipon
Folder Deleted : C:\Program Files (x86)\wiebsavEr
Folder Deleted : C:\Users\Sharon\AppData\Local\Binkiland
File Deleted : C:\END
File Deleted : C:\WINDOWS\System32\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\b9d9af53-46e6-5fb3-39ad-155505ec2445
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FCE74B5F-13A9-47C3-B69E-5210C1EECBEF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}
Key Deleted : HKCU\Software\Boost
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKCU\Software\Vosteran Browser
Key Deleted : HKCU\Software\DesktopDockApp
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\CheckMeUp
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Boost
Key Deleted : HKLM\SOFTWARE\EZ Software Updater
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : [x64] HKLM\SOFTWARE\DriverRestore
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0.4 (x86 en-US)

[1l6xnxdx.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "Binkiland,DuckDuckGo");

*************************

AdwCleaner[R0].txt - [4687 bytes] - [03/04/2015 15:30:40]
AdwCleaner[R1].txt - [4746 bytes] - [03/04/2015 15:33:00]
AdwCleaner[R2].txt - [4805 bytes] - [03/04/2015 15:36:42]
AdwCleaner[S0].txt - [4206 bytes] - [03/04/2015 15:37:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4265  bytes] ##########


  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Thank you for the logs, how is the machine performing?

Let's run some scans for orphans and remnants. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#9
sblank56

sblank56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

I am not seeing the popup but haven't been doing anything but trying to follow your instructions.....Thanks!!!

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/3/2015
Scan Time: 7:03:00 PM
Logfile: scanlog.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.03.09
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sharon

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 386696
Time Elapsed: 14 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 16
PUP.Optional.StrongSignal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{c723a437-2eaf-466d-a95b-3fa0966bf88c}, Quarantined, [ce674c1c058523135b4958d54db650b0],
PUP.Optional.StrongSignal.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{e806ac01-e7a5-4949-af7c-7e6e5775035b}, Quarantined, [ce674c1c058523135b4958d54db650b0],
PUP.Optional.StrongSignal.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BA6EB888-8424-4C93-8E71-6050C714CFBE}, Quarantined, [ce674c1c058523135b4958d54db650b0],
PUP.Optional.StrongSignal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BA6EB888-8424-4C93-8E71-6050C714CFBE}, Quarantined, [ce674c1c058523135b4958d54db650b0],
PUP.Optional.StrongSignal.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BA6EB888-8424-4C93-8E71-6050C714CFBE}, Quarantined, [ce674c1c058523135b4958d54db650b0],
PUP.Optional.StrongSignal.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{e806ac01-e7a5-4949-af7c-7e6e5775035b}, Quarantined, [ce674c1c058523135b4958d54db650b0],
PUP.Optional.StrongSignal.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{e806ac01-e7a5-4949-af7c-7e6e5775035b}, Quarantined, [ce674c1c058523135b4958d54db650b0],
PUP.Optional.StrongSignal.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C723A437-2EAF-466D-A95B-3FA0966BF88C}, Quarantined, [ce674c1c058523135b4958d54db650b0],
PUP.Optional.StrongSignal.A, HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C723A437-2EAF-466D-A95B-3FA0966BF88C}, Quarantined, [ce674c1c058523135b4958d54db650b0],
PUP.Optional.StrongSignal.A, HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C723A437-2EAF-466D-A95B-3FA0966BF88C}, Quarantined, [ce674c1c058523135b4958d54db650b0],
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, Quarantined, [f441d89021692115493a36a02fd443bd],
PUP.Optional.SearchSnacks.A, HKLM\SOFTWARE\WOW6432NODE\SearchSnacks_1.10.0.5, Quarantined, [15209acefc8e76c0fd10725fd231a957],
PUP.Optional.DonutLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\donutleadsServiceCore, Quarantined, [ad8896d28dfd2016a61922a641c26b95],
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\PlusHD Q-9.1V15.01, Quarantined, [ee47bcac8dfd6ec8a04c7a57699ad927],
PUP.Optional.SmartSaver.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\SmartSaver+ 21, Quarantined, [13228bddc6c42f0711a711f08b79d22e],
PUP.Optional.NoProblem.A, HKU\S-1-5-21-4172938740-681052224-3228742750-1001\SOFTWARE\No_Problem, Quarantined, [989d79ef1f6b54e227648144f112946c],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 21
PUP.Optional.SpywareClear.C, C:\WINDOWS\SYSTEM32\drivers\stflt.sys, Delete-on-Reboot, [b9657a0aff28c1cb114acc0cb93ee4bb],
PUP.Optional.IBryte, C:\Users\Sharon\Downloads\setup (1).exe, Quarantined, [f83df177d0ba95a17e65f105df22de22],
PUP.Optional.IBryte, C:\Users\Sharon\Downloads\setup (2).exe, Quarantined, [53e2c2a64f3bc37342a1eb0b0bf6ad53],
PUP.Optional.IBryte, C:\Users\Sharon\Downloads\setup (3).exe, Quarantined, [5fd671f75e2cba7c7073b145b8499e62],
PUP.Optional.IBryte, C:\Users\Sharon\Downloads\setup (4).exe, Quarantined, [5ed7551386048ea8a83b46b016eb56aa],
PUP.Optional.IBryte, C:\Users\Sharon\Downloads\setup (5).exe, Quarantined, [54e169ffa8e28da941a21adc778ab14f],
PUP.Optional.IBryte, C:\Users\Sharon\Downloads\setup (6).exe, Quarantined, [1520a0c83b4f68cef1f2797d21e0fe02],
PUP.Optional.IBryte, C:\Users\Sharon\Downloads\setup (7).exe, Quarantined, [76bfdb8d0387af8718cb5a9c7c85669a],
PUP.Optional.IBryte, C:\Users\Sharon\Downloads\setup (8).exe, Quarantined, [58ddee7a5832a78f6281e70f1de40000],
PUP.Optional.IBryte, C:\Users\Sharon\Downloads\setup (9).exe, Quarantined, [3ef75b0deaa03cfaaf34d71f19e8a55b],
PUP.Optional.VideoPlugin.C, C:\Users\Sharon\Downloads\Setup(1).exe, Quarantined, [6bcaafb9f8923ff759ab22183bc7eb15],
PUP.Optional.VideoPlugin.C, C:\Users\Sharon\Downloads\Setup(2).exe, Quarantined, [50e5d6925d2d38fe7d8799a1a65cc040],
PUP.Optional.VideoPlugin.C, C:\Users\Sharon\Downloads\Setup(3).exe, Quarantined, [e352ff695337a690dc2898a2dc2607f9],
PUP.Optional.VideoPlugin.C, C:\Users\Sharon\Downloads\Setup(4).exe, Quarantined, [51e4aeba028853e3bf45e65459a9619f],
PUP.Optional.OptimunInstaller, C:\Users\Sharon\Downloads\setup.exe, Quarantined, [49ec7cec5733de5888db4a01e8186d93],
PUP.Optional.Popeler, C:\Users\Sharon\Downloads\Adobe%20Flash%20Player.exe, Quarantined, [e94cb3b5a8e20c2a15cf97438a7bc23e],
PUP.Adware.Agent, C:\Users\Sharon\Downloads\AdobeFlashPlayer(1).exe, Quarantined, [d26375f32c5e81b5070e9c6cc33d37c9],
PUP.Adware.Agent, C:\Users\Sharon\Downloads\AdobeFlashPlayer(2).exe, Quarantined, [290c98d01674d46237de11f7827ebb45],
PUP.Adware.Agent, C:\Users\Sharon\Downloads\AdobeFlashPlayer.exe, Quarantined, [9f96baae2f5ba393c154cd3b1be515eb],
PUP.Optional.SoftPulse, C:\Users\Sharon\Downloads\AdwCleaner.exe, Quarantined, [181d2e3af8920f27b98ec56b48ba9f61],
PUP.Optional.DonutQuotes, C:\Windows\System32\Tasks\DonutQuotes, Quarantined, [d95c37310486d0661d0a824a24dff808],

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I am not seeing the popup but haven't been doing anything but trying to follow your instructions.....Thanks!!!


That's good, and considering that it no longer pops up when you get on the internet, that's very encouraging. And, you're quite welcome. :-)

The MBAM log looks good, and when the last 2 logs are posted, we'll proceed. :thumbsup:
  • 0

Advertisements


#11
sblank56

sblank56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

When I installed program I only had start button maybe where I chose to install one time use & not paid but I didn't have an advance settings etc.

 

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3e0f24c465accc42b3958eab971de731
# engine=23226
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-04 01:07:55
# local_time=2015-04-03 08:07:55 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 5105667 0 0
# scanned=175791
# found=2
# cleaned=2
# scan_time=1512
sh=427EFF7BA28BC352EB71EFC9AFB271981D70AAA1 ft=1 fh=32eff6183e8d5884 vn="Win32/Bundlore.Q potentially unwanted application (deleted - quarantined)" ac=C fn="C:\2db0aeec-6dfb-4dec-a24f-9c8e884e70d9\InstallerHelper.dll"
sh=F86CEEAE71721AF8D48CDBF36CB082C573B05D7E ft=0 fh=0000000000000000 vn="VBS/Kryptik.DY trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Sharon\AppData\Roaming\Binkiland\UpdateProc\bkup.dat"


  • 0

#12
sblank56

sblank56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Results of screen317's Security Check version 0.99.99 
   x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled! 
Windows Defender  
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31 
Java version 32-bit out of Date!
  Adobe Flash Player  16.0.0.305 Flash Player out of Date! 
Mozilla Firefox (36.0.4)
````````Process Check: objlist.exe by Laurent```````` 
Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````


  • 0

#13
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looks good, the only items found were already quarantined. :thumbsup:

Subject to no further issues, let's go through some tool removal, update some programs, and I think you'll be all set. :)


Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.



Step 2: Program Updates


A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.
  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.
You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java


Update Adobe flash Player
  • Your current version of Adobe Flash is out of date. Please update it by clicking the link below.
  • Also, make sure you Uncheck the box to install the McAfee Security Scan Plus software.
http://get.adobe.com/flashplayer/


Re-installation of Chrome Web Browser

One of the infections has turned your copy of Chrome to a developmental version. This means it's security is greatly reduced. Please uninstall your current version of Chrome. Please follow the link below to download a new copy and install it.

https://www.google.c...rowser/desktop/


Step 3: Tips, Information, and Optional Installation of Unchecky
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go. :)
To help protect yourself while on the web, I recommend you read How did I get infected in the first place?


Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.


unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:



Things I need to see in your next post

Delfix Log

  • 0

#14
sblank56

sblank56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

# DelFix v10.9 - Logfile created 04/04/2015 at 08:39:08
# Updated 27/02/2015 by Xplode
# Username : Sharon - SHARON
# Operating System : Windows 8.1  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Sharon\Desktop\Addition.txt
Deleted : C:\Users\Sharon\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\Sharon\Desktop\adwcleaner_4.200.lnk
Deleted : C:\Users\Sharon\Desktop\Fixlog.txt
Deleted : C:\Users\Sharon\Desktop\FRST.txt
Deleted : C:\Users\Sharon\Desktop\FRST64.exe
Deleted : C:\Users\Sharon\Desktop\JRT.txt
Deleted : C:\Users\Sharon\Desktop\OTL.Txt
Deleted : C:\Users\Sharon\Desktop\SecurityCheck.lnk
Deleted : C:\Users\Sharon\Downloads\adwcleaner_4.200.exe
Deleted : C:\Users\Sharon\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Sharon\Downloads\Extras.Txt
Deleted : C:\Users\Sharon\Downloads\JRT.exe
Deleted : C:\Users\Sharon\Downloads\OTL.Txt
Deleted : C:\Users\Sharon\Downloads\OTL.exe
Deleted : C:\Users\Sharon\Downloads\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #15 [Windows Update | 03/11/2015 23:09:19]
Deleted : RP #16 [Scheduled Checkpoint | 03/21/2015 17:08:54]
Deleted : RP #17 [Scheduled Checkpoint | 03/28/2015 22:57:07]
Deleted : RP #19 [Restore Point Created by FRST | 04/03/2015 20:06:19]

New restore point created !

########## - EOF - ##########


  • 0

#15
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looks good, is everything running ok? No more problems with the popups?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP