Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware/Malware/Virus Cannot remove....


  • Please log in to reply
23 replies to this topic

#1 Ax1226

Ax1226

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 23 October 2014 - 12:36 AM

So I have been having a problem with non-stop ads, malware/spyware. I cannot remove them no matter what I try. I need some guidance to the proper logs to post and what to do.

 

Thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:38 PM

Posted 25 October 2014 - 03:34 PM

hi Ax1266,

 

 

Your post is a few days old. If you still need help download FRST.exe and post its log.

Please download Farbar Recovery Scan Tool and save it to your Desktop:


http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Right-click FRST then click "Run as admin"
    When the tool opens
    click Yes to disclaimer.
    Press the Scan button.
    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


How Can I Reduce My Risk to Malware?


#3 Ax1226

Ax1226
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 27 October 2014 - 12:16 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014
Ran by Alex (administrator) on ALEX-PC on 27-10-2014 01:11:39
Running from C:\Users\Alex\Downloads
Loaded Profile: Alex (Available profiles: Alex)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
( ) C:\Windows\System32\lxdncoms.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmsdmon.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(Dropbox, Inc.) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Appandora\AppandoraDeviceService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-04] ()
HKLM\...\Run: [lxdnamon] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [16040 2010-02-04] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Appandora device service] => C:\Program Files (x86)\Appandora\AppandoraDeviceService.exe [719872 2013-10-31] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-08-31] (Samsung Electronics Co., Ltd.)
HKLM\...\RunOnce: [NCInstallQueue] => rundll32 netman.dll,ProcessQueue
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-893756805-2383135729-2098188712-1001\...\Run: [NextLive] => C:\windows\SysWOW64\rundll32.exe "C:\Users\Alex\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-893756805-2383135729-2098188712-1001\...\Run: [JumiController] => C:\Program Files (x86)\Jumi\jumi.exe [3664896 2014-10-19] (Jumi Technologies)
HKU\S-1-5-21-893756805-2383135729-2098188712-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [964024 2012-08-31] (Samsung)
HKU\S-1-5-21-893756805-2383135729-2098188712-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-08-31] ()
HKU\S-1-5-21-893756805-2383135729-2098188712-1001\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [2043904 2014-09-29] (RemoteMouse.net)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {926F7473-EAA4-4CA4-B733-034B48CFD998} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {926F7473-EAA4-4CA4-B733-034B48CFD998} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3299570&CUI=UN17572734383107577&UM=2
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {1532EAAB-DD97-40C6-966E-EC5A512743F4} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {9F37C256-1809-45D3-BFDD-5905916824AF} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Alex\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-02-06]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP654472D4-F755-4C9A-BF01-DB1FD2D903A8&SSPV=
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Alex\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Adblock Plus) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-23]
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-02-07]
CHR Extension: (Google Wallet) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (i-beta) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbmbgangfmfbhnngbdgkplhjnfoaeihd [2013-10-11]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]
CHR HKCU\...\Chrome\Extension: [ediokgmgdgljankdgmhboimegljmnbld] - C:\Users\Alex\AppData\Local\CRE\ediokgmgdgljankdgmhboimegljmnbld.crx [2013-10-02]
CHR HKCU\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Alex\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-10-02]
CHR HKLM-x32\...\Chrome\Extension: [ediokgmgdgljankdgmhboimegljmnbld] - C:\Users\Alex\AppData\Local\CRE\ediokgmgdgljankdgmhboimegljmnbld.crx [2013-10-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Alex\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [pbmbgangfmfbhnngbdgkplhjnfoaeihd] - C:\Program Files (x86)\i-beta\Extensions\Chrome\i-beta.crx [2013-10-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-10-13] (Just Develop It) <==== ATTENTION
S2 lxdnCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-28] (Lexmark International, Inc.)
R2 lxdn_device; C:\windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 lxdn_device; C:\windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [131512 2012-08-21] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 jumi; C:\Windows\System32\DRIVERS\jumi.sys [15160 2010-06-03] (Windows ® Codename Longhorn DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-27 01:11 - 2014-10-27 01:12 - 00023832 _____ () C:\Users\Alex\Downloads\FRST.txt
2014-10-27 01:11 - 2014-10-27 01:11 - 00000000 ____D () C:\FRST
2014-10-27 01:10 - 2014-10-27 01:11 - 02113024 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe
2014-10-23 02:12 - 2014-10-23 02:12 - 00000000 ____D () C:\Users\Alex\Desktop\My Websites
2014-10-22 01:22 - 2014-10-22 01:22 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Sublime Text 2
2014-10-22 01:18 - 2014-10-22 01:18 - 06513608 _____ ( ) C:\Users\Alex\Downloads\Sublime Text 2.0.2 x64 Setup.exe
2014-10-22 01:18 - 2014-10-22 01:18 - 00000833 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 2.lnk
2014-10-22 01:18 - 2014-10-22 01:18 - 00000000 ____D () C:\Program Files\Sublime Text 2
2014-10-22 01:16 - 2014-10-22 01:16 - 00000173 _____ () C:\Users\Alex\Downloads\index (1).html
2014-10-22 01:14 - 2014-10-23 02:18 - 00000000 ____D () C:\Users\Alex\Desktop\AlexVozWeb
2014-10-22 01:09 - 2014-10-23 15:49 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\FileZilla
2014-10-22 01:09 - 2014-10-22 01:09 - 00001971 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-10-22 01:09 - 2014-10-22 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-10-22 01:09 - 2014-10-22 01:09 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-10-22 01:08 - 2014-10-22 01:08 - 06126536 _____ (Tim Kosse) C:\Users\Alex\Downloads\FileZilla_3.9.0.6_win32-setup.exe
2014-10-22 01:00 - 2014-10-22 01:00 - 00000000 ____D () C:\Users\Alex\AppData\Local\LogMeIn
2014-10-22 01:00 - 2014-10-22 01:00 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-10-22 00:59 - 2014-10-22 00:59 - 11239032 _____ () C:\Users\Alex\Downloads\join.me.exe
2014-10-22 00:58 - 2014-10-22 00:58 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\FileZilla Server
2014-10-22 00:54 - 2014-10-22 00:54 - 00000000 ____D () C:\Users\Alex\AppData\Local\PerforMax Cleaner
2014-10-22 00:52 - 2014-10-22 00:52 - 00004022 _____ () C:\windows\System32\Tasks\LaunchSignup
2014-10-22 00:51 - 2014-10-27 01:01 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-10-22 00:51 - 2014-10-22 00:51 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-10-22 00:51 - 2014-10-22 00:50 - 02088658 _____ (FileZilla Project) C:\Users\Alex\Downloads\FileZilla_Server-0_9_47 [1].exe
2014-10-22 00:50 - 2014-10-22 00:50 - 00764912 _____ ( ) C:\Users\Alex\Downloads\FileZilla_Server-0_9_47.exe
2014-10-22 00:32 - 2014-10-22 00:32 - 00000168 _____ () C:\Users\Alex\Downloads\index.html
2014-10-21 21:35 - 2014-10-21 21:36 - 11609702 _____ () C:\Users\Alex\Downloads\black4.eps
2014-10-21 21:35 - 2014-10-21 21:36 - 07012818 _____ () C:\Users\Alex\Downloads\black5.eps
2014-10-21 21:30 - 2014-10-21 21:30 - 28657890 _____ () C:\Users\Alex\Downloads\black2.eps
2014-10-21 21:30 - 2014-10-21 21:30 - 08389942 _____ () C:\Users\Alex\Downloads\black3.eps
2014-10-21 21:27 - 2014-10-21 21:28 - 17623082 _____ () C:\Users\Alex\Downloads\black1.eps
2014-10-21 19:21 - 2014-10-21 19:21 - 01323737 _____ () C:\Users\Alex\Downloads\DS design Parts.ai
2014-10-20 02:43 - 2014-10-20 02:44 - 161134547 _____ () C:\Users\Alex\Downloads\ALEX_VOZ_FINAL_VIDEO.m4v
2014-10-16 10:08 - 2014-10-16 10:10 - 00000000 ____D () C:\Users\Alex\Downloads\HippoVNC
2014-10-16 10:08 - 2014-10-16 10:08 - 00000000 ____D () C:\Users\Alex\Downloads\New folder
2014-10-16 10:07 - 2014-10-16 10:08 - 01345722 _____ (Igor Pavlov) C:\Users\Alex\Downloads\HippoVNC.exe
2014-10-16 09:59 - 2014-10-16 10:05 - 00000000 ____D () C:\Program Files (x86)\Remote Mouse
2014-10-16 09:59 - 2014-10-16 09:59 - 00707224 _____ (Remote Mouse ) C:\Users\Alex\Downloads\RemoteMouse.exe
2014-10-15 08:56 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-15 08:56 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-10-15 08:56 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-10-15 08:56 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-10-15 08:56 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-10-15 08:56 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-10-15 08:56 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-10-15 08:56 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-10-15 08:56 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-10-15 08:56 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-10-15 08:56 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-10-15 08:56 - 2014-07-08 18:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-10-15 08:56 - 2014-07-08 18:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-10-15 08:56 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-15 08:56 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-15 08:56 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-15 08:56 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-15 08:56 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-15 08:56 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-15 08:54 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-15 08:54 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-15 08:54 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-15 08:54 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-15 08:54 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-15 08:54 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-15 08:54 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-15 08:54 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-15 08:54 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-15 08:54 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-15 08:54 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-15 08:54 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-15 08:54 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-15 08:54 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-15 08:54 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-15 08:54 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-15 08:54 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-15 08:54 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-15 08:54 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-15 08:54 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 08:54 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-15 08:54 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-15 08:54 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-15 08:54 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-15 08:54 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-15 08:54 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-15 08:54 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-15 08:54 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-15 08:54 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-15 08:54 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 08:54 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-15 08:54 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-15 08:54 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-15 08:53 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-15 08:53 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-15 08:53 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-15 08:53 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-15 08:53 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-15 08:53 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-15 08:53 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-15 08:53 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-15 08:53 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-15 08:53 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-15 08:53 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-15 08:53 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-15 08:53 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-15 08:53 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-15 08:53 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-15 08:53 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-15 08:53 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-15 08:53 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-15 08:53 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-15 08:53 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-15 08:53 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-15 08:53 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-15 08:53 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-15 08:53 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-15 08:53 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-15 08:53 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-15 08:53 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-15 08:53 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-15 08:52 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 08:52 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-15 08:52 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-15 08:52 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 08:52 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-15 08:52 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-15 08:52 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-15 08:52 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-15 08:52 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-15 08:52 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-15 08:52 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-15 08:52 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-15 08:52 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-15 08:52 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-15 08:52 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-15 08:52 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-15 08:52 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-15 08:52 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-15 08:52 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-15 08:52 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-14 02:20 - 2014-10-14 02:20 - 00008050 _____ () C:\Users\Alex\Downloads\[kickass.to]andrew.mayne.ghost.vision (1).torrent
2014-10-14 02:18 - 2014-10-14 02:18 - 00008050 _____ () C:\Users\Alex\Downloads\[kickass.to]andrew.mayne.ghost.vision.torrent
2014-10-10 19:22 - 2014-10-10 19:22 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-10 19:22 - 2014-10-10 19:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-10 19:22 - 2014-10-10 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-10 18:59 - 2014-10-24 14:49 - 00000000 ____D () C:\Users\Alex\Desktop\October 2014
2014-10-10 01:46 - 2014-10-10 01:46 - 00760802 _____ () C:\Users\Alex\Downloads\99 designs my old letterhead.pages
2014-10-07 19:59 - 2014-10-07 19:59 - 01112102 _____ () C:\Users\Alex\Downloads\grey_real_carbon_fiber_background_vector_graphic_267643.zip
2014-10-07 19:05 - 2014-10-07 19:05 - 00085504 _____ () C:\Users\Alex\Downloads\Quotation from Sanhe factory.xls
2014-10-07 18:36 - 2014-10-07 18:37 - 39511731 _____ () C:\Users\Alex\Downloads\Alex_V3.mov
2014-10-07 14:51 - 2014-10-07 14:51 - 23924355 _____ () C:\Users\Alex\Downloads\Alex_V3.mp4
2014-10-07 01:44 - 2014-10-07 01:44 - 00247337 _____ () C:\Users\Alex\Downloads\logo-professional-magician-men (1).zip
2014-10-07 01:40 - 2014-10-07 01:40 - 00247337 _____ () C:\Users\Alex\Downloads\logo-professional-magician-men.zip
2014-10-07 00:50 - 2014-10-07 01:04 - 00022392 _____ () C:\Users\Alex\Desktop\dds.txt
2014-10-07 00:50 - 2014-10-07 01:03 - 00008318 _____ () C:\Users\Alex\Desktop\attach.txt
2014-10-07 00:43 - 2014-10-07 00:43 - 00688992 ____R (Swearware) C:\Users\Alex\Downloads\dds.com
2014-10-06 23:15 - 2014-10-06 23:15 - 00081408 _____ () C:\Users\Alex\Downloads\32086_Components of Vectors 4.2.ppt
2014-10-06 23:15 - 2014-10-06 23:15 - 00081408 _____ () C:\Users\Alex\Downloads\32086_Components of Vectors 4.2 (1).ppt
2014-10-06 20:21 - 2014-10-07 02:04 - 00190688 _____ () C:\Users\Alex\Desktop\Alex Voz.eps
2014-10-06 15:27 - 2014-10-06 15:27 - 00014598 _____ () C:\Users\Alex\Downloads\11F66AC59E655AFEB31AA9C435F92EEB477A98BD.torrent
2014-10-05 02:24 - 2014-10-05 02:26 - 230761275 _____ () C:\Users\Alex\Desktop\Alex Niyazov rough cut  project_final.m4v
2014-10-02 01:22 - 2014-10-02 01:23 - 09184914 _____ () C:\Users\Alex\Downloads\wetransfer-11916b.zip
2014-09-30 14:02 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-09-30 14:02 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-09-29 13:49 - 2014-10-24 14:47 - 00310784 ___SH () C:\Users\Alex\Desktop\Thumbs.db
2014-09-29 13:48 - 2014-10-24 00:23 - 00188416 ___SH () C:\Users\Alex\Downloads\Thumbs.db
2014-09-28 10:50 - 2014-09-28 10:50 - 01596015 _____ () C:\Users\Alex\Downloads\DS 2.ai
2014-09-28 10:09 - 2014-09-28 10:09 - 02024398 _____ () C:\Users\Alex\Downloads\Dollar Scent Logo [Final].eps
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-27 01:12 - 2011-11-02 20:45 - 01554706 _____ () C:\windows\WindowsUpdate.log
2014-10-27 01:11 - 2009-07-14 00:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 01:11 - 2009-07-14 00:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 01:06 - 2014-09-23 13:32 - 00000000 ___RD () C:\Users\Alex\Dropbox
2014-10-27 01:06 - 2014-09-23 13:12 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Dropbox
2014-10-27 01:03 - 2014-01-18 17:44 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\newnext.me
2014-10-27 01:01 - 2010-10-29 00:08 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 01:00 - 2013-04-23 02:44 - 00021715 _____ () C:\windows\setupact.log
2014-10-27 01:00 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-25 11:01 - 2012-04-28 19:51 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-25 11:01 - 2011-12-31 02:40 - 00000924 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-893756805-2383135729-2098188712-1001UA.job
2014-10-25 11:01 - 2010-10-29 00:08 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 19:28 - 2010-10-29 00:08 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-24 19:27 - 2010-10-29 00:08 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-24 14:37 - 2011-12-31 02:40 - 00000902 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-893756805-2383135729-2098188712-1001Core.job
2014-10-24 14:36 - 2014-04-17 19:59 - 00000000 ____D () C:\Users\Alex\Downloads\Future - Honest
2014-10-24 13:53 - 2013-07-31 01:26 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\vlc
2014-10-24 00:37 - 2014-04-11 19:41 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\XBMC
2014-10-24 00:24 - 2014-08-12 19:39 - 00000000 ____D () C:\Users\Alex\Desktop\Alex Voz New Trailer
2014-10-23 01:04 - 2011-12-04 20:13 - 00000000 ____D () C:\Users\Alex\AppData\Local\CrashDumps
2014-10-22 01:02 - 2014-07-17 01:17 - 00000000 ____D () C:\Users\Alex\Desktop\Pictures as of june through july 2014
2014-10-22 01:01 - 2014-05-17 15:41 - 00000000 ____D () C:\Users\Alex\AppData\Local\join.me
2014-10-19 12:39 - 2014-06-06 16:57 - 00000942 _____ () C:\Jumi.Log.Run
2014-10-19 12:15 - 2014-06-06 16:57 - 00004717 ____N () C:\Jumi.Log
2014-10-19 12:15 - 2014-06-06 16:55 - 00000000 ____D () C:\Program Files (x86)\Jumi
2014-10-18 19:35 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-10-18 18:47 - 2009-07-14 00:45 - 05104880 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-18 18:42 - 2014-05-07 16:43 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-18 18:31 - 2011-11-21 20:07 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Skype
2014-10-17 09:59 - 2013-08-06 03:00 - 00000000 ____D () C:\windows\system32\MRT
2014-10-17 09:48 - 2011-12-16 16:41 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-16 19:16 - 2014-05-18 19:36 - 00000000 ____D () C:\Users\Alex\Desktop\DollarScent
2014-10-16 10:09 - 2014-07-14 23:57 - 00000000 ____D () C:\Users\Alex\Downloads\Animal Ambition
2014-10-16 10:09 - 2014-07-14 23:57 - 00000000 ____D () C:\Users\Alex\Downloads\50 Cent - Animal Ambition (Deluxe Version)
2014-10-15 21:17 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-10-15 16:11 - 2011-11-27 22:41 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\BitTorrent
2014-10-10 19:22 - 2011-11-21 20:07 - 00000000 ____D () C:\ProgramData\Skype
2014-10-09 17:30 - 2013-07-25 20:43 - 00000000 ____D () C:\Users\Alex\Documents\Outlook Files
2014-10-07 14:25 - 2014-07-08 22:50 - 00000000 ____D () C:\Users\Alex\Desktop\g35 coupe
2014-10-07 14:04 - 2014-03-17 21:29 - 00000000 ____D () C:\Users\Alex\Desktop\Magic Items For Sale
2014-10-06 22:53 - 2013-04-20 10:33 - 00000000 ____D () C:\Users\Alex\Desktop\Introduce May
2014-10-06 22:53 - 2012-10-02 17:28 - 00000000 ____D () C:\Users\Alex\Desktop\Car Manhole
2014-10-06 22:53 - 2012-09-10 14:05 - 00000000 ____D () C:\Users\Alex\Desktop\Elina Headshots Poses
2014-10-06 22:53 - 2011-11-16 22:16 - 00000000 ____D () C:\Users\Alex\Desktop\Make That Happen
2014-10-06 22:53 - 2011-11-08 12:35 - 00000000 ____D () C:\Users\Alex\Desktop\Business Pix
2014-10-06 22:52 - 2013-11-15 00:51 - 00000000 ____D () C:\Users\Alex\Desktop\Iphone Lesia
2014-10-06 22:52 - 2013-09-19 08:27 - 00000000 ____D () C:\Users\Alex\Desktop\Good pix Italy
2014-10-06 22:52 - 2013-09-18 13:22 - 00000000 ____D () C:\Users\Alex\Desktop\Italy Pix Yuriy
2014-10-06 22:52 - 2013-09-15 21:37 - 00000000 ____D () C:\Users\Alex\Desktop\Italy Pictures 2
2014-10-06 22:52 - 2013-06-20 09:58 - 00000000 ____D () C:\Users\Alex\Desktop\Gastro Doc Results
2014-10-06 22:52 - 2012-04-20 20:54 - 00000000 ____D () C:\Users\Alex\Desktop\ferrari
2014-10-06 22:51 - 2014-05-14 21:01 - 00000000 ____D () C:\Users\Alex\Desktop\GreenLights and stuff
2014-10-06 22:51 - 2013-11-29 17:52 - 00000000 ____D () C:\Users\Alex\Desktop\Jeans AX
2014-09-30 01:39 - 2014-05-04 19:42 - 00000000 ____D () C:\Users\Alex\Desktop\Vegas, GL, Random 04.2014
2014-09-30 01:39 - 2013-11-26 23:09 - 00000000 ____D () C:\Users\Alex\Desktop\November Hip hop 2013
2014-09-30 01:39 - 2013-09-20 19:58 - 00000000 ____D () C:\Users\Alex\Desktop\Rap Sept
2014-09-30 01:39 - 2013-08-13 17:54 - 00000000 ____D () C:\Users\Alex\Desktop\New Hermes Items
2014-09-30 01:39 - 2013-01-23 11:40 - 00000000 ____D () C:\Users\Alex\Desktop\SmartChoice
2014-09-30 01:39 - 2013-01-23 11:37 - 00000000 ____D () C:\Users\Alex\Desktop\Business Enterprize
2014-09-30 00:56 - 2014-01-27 01:57 - 00000000 ____D () C:\Users\Alex\Desktop\Lesia Case
2014-09-30 00:56 - 2013-07-06 01:03 - 00000000 ____D () C:\Users\Alex\Desktop\July HipHop
2014-09-30 00:56 - 2013-06-16 17:33 - 00000000 ____D () C:\Users\Alex\Desktop\June 16 2013
2014-09-30 00:56 - 2013-06-15 11:35 - 00000000 ____D () C:\Users\Alex\Desktop\June Hits
2014-09-30 00:31 - 2014-09-23 13:09 - 00000000 ____D () C:\Users\Alex\Desktop\Alex Voz Bridal Shower Dee Prat
2014-09-29 13:50 - 2014-09-23 12:40 - 00000000 ____D () C:\Users\Alex\Desktop\Iphone Vids and Pics July.14 - Sept.14
2014-09-29 13:50 - 2014-06-16 18:33 - 00000000 ____D () C:\Users\Alex\Desktop\Elinas Birthday
2014-09-28 21:25 - 2013-07-23 19:06 - 00000000 ____D () C:\Users\Alex\Desktop\MagicalAlex
2014-09-28 13:37 - 2009-07-14 01:13 - 00783400 _____ () C:\windows\system32\PerfStringBackup.INI
 
Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\CloudBackup4586.exe
C:\Users\Alex\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpijwwjp.dll
C:\Users\Alex\AppData\Local\Temp\JumiAutoUpdateAgent.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 11:26
 
==================== End
 
addition
 
dditional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2014
Ran by Alex at 2014-10-27 01:14:12
Running from C:\Users\Alex\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.02 - Adobe Systems)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MF Toolbox 4.9.1.1.mf14 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf14 - CANON INC.)
Canon MF4700 Series (HKLM\...\{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}) (Version: 4.1.0.0 - CANON INC.)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Fone Rescue (build 2.8.0) (HKLM-x32\...\Fone Rescue_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 11.1.10400.2.65 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.)
join.me (HKCU\...\JoinMe) (Version: 1.17.0.156 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version:  - Lexmark International, Inc.)
LifeDesigns (HKLM-x32\...\{BE739816-739D-457D-A0B2-D96B7465C4B6}) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MC160 Scanner English Driver for 64 Bit Operating System (HKLM-x32\...\{38BC5941-AF94-45F5-A0FB-257F1E3D4943}) (Version: 1.00.0000 - OKI® Printing Solutions)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Nero 11 (HKLM-x32\...\{F021D637-BBDA-486B-96F0-225B62596C3B}) (Version: 11.0.11000 - Nero AG)
Nero 11 Disc Menus Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Effects Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Image Samples (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 PiP Effects Basic (x32 Version: 11.0.11300.12.0 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp 11 (x32 Version: 6.0.16000.13.100 - Nero AG) Hidden
Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10200 - Nero AG) Hidden
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG)
Nero Burning ROM 11 (x32 Version: 11.0.12200.23.100 - Nero AG) Hidden
Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero ControlCenter 11 (x32 Version: 11.0.12300.0.23 - Nero AG) Hidden
Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Core Components 11 (x32 Version: 11.0.15000.1.12 - Nero AG) Hidden
Nero CoverDesigner 11 (x32 Version: 6.0.10800.11.100 - Nero AG) Hidden
Nero CoverDesigner 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Express 11 (x32 Version: 11.0.11700.23.100 - Nero AG) Hidden
Nero Express 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.10.19300.93.100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 11.0.10200 - Nero AG) Hidden
Nero Recode 11 (x32 Version: 5.0.13300.32.100 - Nero AG) Hidden
Nero Recode 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100 - Nero AG) Hidden
Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero SoundTrax 11 (x32 Version: 5.0.10400.4.100 - Nero AG) Hidden
Nero SoundTrax 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11400.27.0 - Nero AG) Hidden
Nero Video 11 (x32 Version: 8.0.14000.21.100 - Nero AG) Hidden
Nero Video 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero WaveEditor 11 (x32 Version: 6.0.10800.5.100 - Nero AG) Hidden
Nero WaveEditor 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
nero.prerequisites.msi (x32 Version: 11.0.20008 - Nero AG) Hidden
OKI MC160 User's Guide (HKLM-x32\...\OKI MC160 User's Guide) (Version:  - )
OKI MC160n Scanner (HKLM-x32\...\InstallShield_{DC0F0A10-182E-43A9-AAA4-830C3C6701BF}) (Version:  - )
OKI MC160n Scanner (Version: 1.01.0000 - Okidata) Hidden
OKI Scanner Utility for MC160n (HKLM-x32\...\{6BD2E303-7B46-473B-A606-8DB028EB6490}) (Version: 1.1.3.28 - Okidata)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 5.10 - Philipp Winterberg)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.20.503.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
Search Protection (HKCU\...\Search Protection) (Version: 7.3.0.3 - Spigot, Inc.) <==== ATTENTION
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.18.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.18.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.18.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.26C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.26C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.6.22 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.16.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.19.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
welcome (x32 Version: 11.0.21500.0.4 - Nero AG) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
WinSCP 5.5.2 (HKLM-x32\...\winscp3_is1) (Version: 5.5.2 - Martin Prikryl)
Wondershare Dr.Fone for iOS(Build 4.5.1.6) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 4.5.1.6 - Wondershare Software Co.,Ltd.)
XBMC (HKCU\...\XBMC) (Version:  - Team XBMC)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-893756805-2383135729-2098188712-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-893756805-2383135729-2098188712-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-893756805-2383135729-2098188712-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-893756805-2383135729-2098188712-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-893756805-2383135729-2098188712-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-893756805-2383135729-2098188712-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-893756805-2383135729-2098188712-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-893756805-2383135729-2098188712-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-893756805-2383135729-2098188712-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
05-10-2014 06:18:12 Windows Update
09-10-2014 05:30:50 Windows Update
12-10-2014 19:08:50 Windows Update
16-10-2014 14:00:09 Windows Update
17-10-2014 13:47:48 Windows Update
20-10-2014 18:26:06 Windows Update
22-10-2014 04:51:37 PerforMax Cleaner
22-10-2014 04:56:27 PerforMax Cleaner
24-10-2014 04:19:08 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-09-04 12:34 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {14A0EB93-4BC1-451D-9FAC-DB7B1D008320} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {169FF8DE-65C0-4F3E-A3F2-02B5D53DEA06} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-893756805-2383135729-2098188712-1001UA => C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {1AE95C2F-F356-4C81-819A-B02F07CBFAF8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {445A79FD-42F2-4C00-8DB6-E1171BFB5DFC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-893756805-2383135729-2098188712-1001Core => C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {82A005AD-7B96-4B43-AA41-ABF1EEF68E9F} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2012-08-21] (Symantec Corporation)
Task: {8EE9FA59-9292-4F98-BFAA-CB9991AEA62E} - System32\Tasks\{54DEB7E5-FD57-4BEB-8B2E-B7D05683617C} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.120&amp;LastError=404
Task: {B80D1D53-AF0C-44CA-BF93-36D759C8B2D0} - System32\Tasks\Scheduled Task Name => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2012-08-21] (Symantec Corporation)
Task: {D52657E2-C022-4D01-970A-46DA917D2E2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {D9C52A47-31C8-4467-AFD8-0D8429C925D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {F99F4E2B-BB9F-4E44-979D-AFE418406CFC} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-10-13] (MyPC Backup) <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-893756805-2383135729-2098188712-1001Core.job => C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-893756805-2383135729-2098188712-1001UA.job => C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-02-20 16:36 - 2013-02-20 16:36 - 00076800 _____ () C:\windows\System32\OFAXMON.DLL
2014-04-05 17:20 - 2009-08-13 07:06 - 00177152 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2013-02-20 16:37 - 2013-02-20 16:36 - 00089088 _____ () C:\windows\system32\spool\PRTPROCS\x64\OFAXPPR.DLL
2013-02-20 16:36 - 2013-02-20 16:36 - 00355840 _____ () C:\windows\system32\spool\DRIVERS\x64\3\OFAXUI.DLL
2014-10-13 10:31 - 2014-10-13 10:31 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2009-11-11 07:28 - 2009-11-11 07:28 - 00079872 _____ () C:\windows\system32\M160_WDV.dll
2014-05-01 15:29 - 2014-05-01 15:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-04-05 17:16 - 2010-02-04 04:05 - 00660136 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
2014-04-05 17:16 - 2010-02-04 04:05 - 00025256 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe
2012-08-31 09:52 - 2012-08-31 09:52 - 00021432 _____ () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
2014-10-13 10:36 - 2014-10-13 10:36 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-02-05 19:55 - 2013-10-31 16:30 - 00719872 _____ () C:\Program Files (x86)\Appandora\AppandoraDeviceService.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-05 17:16 - 2009-07-23 14:48 - 00380928 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnscw.dll
2014-04-05 17:16 - 2007-05-29 02:39 - 00589824 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdndatr.dll
2014-04-05 17:16 - 2007-03-26 02:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncats.dll
2014-04-05 17:16 - 2009-07-23 14:49 - 00782336 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnDRS.dll
2014-04-05 17:16 - 2009-05-14 08:46 - 00081920 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncaps.dll
2014-04-05 17:16 - 2007-10-02 09:51 - 00069632 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncnv4.dll
2014-04-05 17:16 - 2010-02-03 05:21 - 00028672 _____ () C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Common.dll
2014-04-05 17:16 - 2010-02-03 05:21 - 00036864 _____ () C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Core.dll
2014-04-05 17:16 - 2010-02-03 05:20 - 00065536 _____ () C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll
2014-04-05 17:16 - 2009-06-26 08:17 - 00012288 _____ () C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
2014-09-04 17:52 - 2014-09-04 17:52 - 00115137 _____ () C:\Users\Alex\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
2010-01-09 21:18 - 2010-01-09 21:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:34 - 2010-01-21 02:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-16 09:59 - 2013-11-19 22:34 - 00152576 _____ () C:\Program Files (x86)\Remote Mouse\FileS.dll
2014-10-27 01:04 - 2014-10-27 01:04 - 00043008 _____ () c:\users\alex\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpijwwjp.dll
2014-09-23 13:13 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Alex\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-05 19:55 - 2013-12-04 15:30 - 00377344 _____ () C:\Program Files (x86)\Appandora\DuiLib.dll
2014-02-05 19:55 - 2013-09-22 13:03 - 00059904 _____ () C:\Program Files (x86)\Appandora\zlib.dll
2014-02-05 19:55 - 2013-09-22 13:03 - 00526848 _____ () C:\Program Files (x86)\Appandora\sqlite3.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-10-16 05:15 - 2014-10-16 05:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 12:41 - 2014-05-24 12:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 12:41 - 2014-05-24 12:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2014-10-15 09:04 - 2014-10-09 22:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-15 09:04 - 2014-10-09 22:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-15 09:04 - 2014-10-09 22:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-15 09:04 - 2014-10-09 22:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-10-15 09:04 - 2014-10-09 22:04 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: MFNetworkScanUtility => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Scanner Utility for MC160n => C:\Program Files (x86)\Okidata\Scanner Utility for MC160n\lm160n.exe -startup
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-893756805-2383135729-2098188712-500 - Administrator - Disabled)
Alex (S-1-5-21-893756805-2383135729-2098188712-1001 - Administrator - Enabled) => C:\Users\Alex
Guest (S-1-5-21-893756805-2383135729-2098188712-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-893756805-2383135729-2098188712-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/24/2014 02:15:17 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (10/23/2014 05:18:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5601
 
Error: (10/23/2014 05:18:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5601
 
Error: (10/23/2014 05:18:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/23/2014 05:18:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2668
 
Error: (10/23/2014 05:18:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2668
 
Error: (10/23/2014 05:18:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/23/2014 03:20:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (10/23/2014 02:21:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 42179051
 
Error: (10/23/2014 02:21:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 42179051
 
 
System errors:
=============
Error: (10/27/2014 01:00:37 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Common Client Job Manager Service service terminated with service-specific error %%-1.
 
Error: (10/27/2014 01:00:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxdnCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (10/27/2014 01:00:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.
 
Error: (10/27/2014 01:00:13 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:01:05 AM on ‎10/‎25/‎2014 was unexpected.
 
Error: (10/23/2014 01:01:27 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Common Client Job Manager Service service terminated with service-specific error %%-1.
 
Error: (10/23/2014 01:01:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxdnCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (10/23/2014 01:01:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.
 
Error: (10/23/2014 01:01:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error: 
%%1053
 
Error: (10/23/2014 01:01:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
 
Error: (10/23/2014 01:00:56 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:59:28 AM on ‎10/‎23/‎2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (10/24/2014 02:15:17 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (10/23/2014 05:18:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5601
 
Error: (10/23/2014 05:18:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5601
 
Error: (10/23/2014 05:18:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/23/2014 05:18:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2668
 
Error: (10/23/2014 05:18:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2668
 
Error: (10/23/2014 05:18:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/23/2014 03:20:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (10/23/2014 02:21:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 42179051
 
Error: (10/23/2014 02:21:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 42179051
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-04 12:30:24.013
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-04 12:30:23.799
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-22 23:28:06.179
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-22 23:28:06.038
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 68%
Total physical RAM: 3890.67 MB
Available physical RAM: 1244.96 MB
Total Pagefile: 7779.52 MB
Available Pagefile: 4486.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (TI106045W0C) (Fixed) (Total:582.67 GB) (Free:165.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 62FD86AC)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=582.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)
 
==================== End Of Log ===========================


#4 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:38 PM

Posted 27 October 2014 - 04:54 PM

OK thanks for the info. We will get a download to use.

 

Look in add.remove programs panel and uninstall: MyPcBackup. Why? bundles other garbage during the install, nagware, foistware.

 

Adwcleaner:

 

Please download Adwcleaner.exe to your desktop.
    Double click on AdwCleaner.exe, select OK
    Click on the Scan button
    Once the scan is done click on the Delete button
    Machine will reboot and produce a log.

    Please post the log in your reply.


How Can I Reduce My Risk to Malware?


#5 Ax1226

Ax1226
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 27 October 2014 - 05:10 PM

There is no delete button
states "Pending. Please uncheck elements you dont want to remove. 
clickable buttons (clean/report/uninstall)
 
 
 
 
 
 
# AdwCleaner v4.002 - Report created 27/10/2014 at 17:59:04
# Updated 27/10/2014 by Xplode
# Database : 2014-10-26.6
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alex - ALEX-PC
# Running from : C:\Users\Alex\Downloads\AdwCleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.zabasearch.com_0.localstorage
File Found : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.zabasearch.com_0.localstorage-journal
File Found : C:\Users\Alex\daemonprocess.txt
Folder Found : C:\ProgramData\Conduit
Folder Found : C:\Users\Alex\AppData\Local\Conduit
Folder Found : C:\Users\Alex\AppData\Local\DefineExt
Folder Found : C:\Users\Alex\AppData\Local\genienext
Folder Found : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbmbgangfmfbhnngbdgkplhjnfoaeihd
Folder Found : C:\Users\Alex\AppData\Local\Mobogenie
Folder Found : C:\Users\Alex\AppData\LocalLow\Conduit
Folder Found : C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Found : C:\Users\Alex\AppData\Roaming\newnext.me
Folder Found : C:\Users\Alex\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Alex\AppData\Roaming\pccustubinstaller
Folder Found : C:\Users\Alex\AppData\Roaming\Search Protection
Folder Found : C:\Users\Alex\Documents\Mobogenie
 
***** [ Scheduled Tasks ] *****
 
Task Found : LaunchSignup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Search Protection
Key Found : HKCU\Software\AppDataLow\Software\Smartbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3299570
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3309350
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pbmbgangfmfbhnngbdgkplhjnfoaeihd
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP654472D4-F755-4C9A-BF01-DB1FD2D903A8&SSPV=
 
-\\ Google Chrome v38.0.2125.111
 
 
*************************
 
AdwCleaner[R0].txt - [4956 octets] - [27/10/2014 17:59:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5016 octets] ##########


#6 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:38 PM

Posted 27 October 2014 - 07:41 PM

Sorry Make that the Clean button not delete. Just leave everything thats checked after the scan, then click on delete. See how things run after that. You had several third party addons.


Edited by shelf life, 27 October 2014 - 07:44 PM.

How Can I Reduce My Risk to Malware?


#7 Ax1226

Ax1226
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 28 October 2014 - 12:29 AM

 
 
I have something called plum comptroller which I want to delete (it launches on startup)
 
Also startup is slow, loading all the programs and opening up chrome after computer restarts
 
 
 
 
 
 
 
# AdwCleaner v4.002 - Report created 28/10/2014 at 01:14:53
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alex - ALEX-PC
# Running from : C:\Users\Alex\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Users\Alex\AppData\Local\Conduit
Folder Deleted : C:\Users\Alex\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Alex\AppData\Local\DefineExt
Folder Deleted : C:\Users\Alex\AppData\Local\genienext
Folder Deleted : C:\Users\Alex\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\Alex\Documents\Mobogenie
Folder Deleted : C:\Users\Alex\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Alex\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Alex\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Alex\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbmbgangfmfbhnngbdgkplhjnfoaeihd
File Deleted : C:\Users\Alex\daemonprocess.txt
File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.zabasearch.com_0.localstorage
File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.zabasearch.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : LaunchSignup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pbmbgangfmfbhnngbdgkplhjnfoaeihd
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3299570
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309350
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v38.0.2125.111
 
 
*************************
 
AdwCleaner[R0].txt - [5128 octets] - [27/10/2014 17:59:04]
AdwCleaner[R1].txt - [5188 octets] - [28/10/2014 01:11:25]
AdwCleaner[S0].txt - [4757 octets] - [28/10/2014 01:14:53]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4817 octets] ##########


#8 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:38 PM

Posted 28 October 2014 - 05:19 PM

ok. thanks for the info. Did you uninstall MyPCBackup?

plum comptroller: Is that software that starts up? did you look in the add/remove programs panel. does it put a icon by the clock. do you see it here:

Start>All Programs>Startup?  delete it from the start up folder.

 

You can also run JRT.exe which does the same thing that Adwcleaner does:

 

Please download Junkware Removal Tool to your desktop.

     http://thisisudax.org/downloads/JRT.exe

    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message

 

Please copy and paste the contents of the below code box into the open notepad and save it to your desktop as fixlist.txt

Run FRST agaib and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply-

 

 

Task: {F99F4E2B-BB9F-4E44-979D-AFE418406CFC} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-10-13] (MyPC Backup) <==== ATTENTION

Search Protection (HKCU\...\Search Protection) (Version: 7.3.0.3 - Spigot, Inc.) <==== ATTENTION

CHR HKLM-x32\...\Chrome\Extension: [ediokgmgdgljankdgmhboimegljmnbld] - C:\Users\Alex\AppData\Local\CRE\ediokgmgdgljankdgmhboimegljmnbld.crx [2013-10-02]

CHR HKCU\...\Chrome\Extension: [ediokgmgdgljankdgmhboimegljmnbld] - C:\Users\Alex\AppData\Local\CRE\ediokgmgdgljankdgmhboimegljmnbld.crx [2013-10-02]
CHR HKCU\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Alex\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-10-02]

Reset chrome back to its defaults:

 

https://support.google.com/chrome/answer/3296214?hl=en

 


How Can I Reduce My Risk to Malware?


#9 Ax1226

Ax1226
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 29 October 2014 - 12:02 AM

ok. thanks for the info. Did you uninstall MyPCBackup?

plum comptroller: Is that software that starts up? did you look in the add/remove programs panel. does it put a icon by the clock. do you see it here:

Start>All Programs>Startup?  delete it from the start up folder.

 

I uninstalled My PC-Backup

Plum Comptroller cannot be found there/also not in start-up folder (I believe it is a remote mouse which I cannot find as well)

 

I cannot understand the instructions for the fixlist.txt the error I get after saving it in a NEW notepad is (no fixlist.txt found, please make sure the list is saved in same folder/directory as this tool)

 

Log for the junktool

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Alex on Wed 10/29/2014 at  0:48:40.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{926F7473-EAA4-4CA4-B733-034B48CFD998}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Alex\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{0D86A876-CCCC-4E58-B148-2B06039ED7E2}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{1C247490-D063-4E39-B3DA-924DCB4BCDA5}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{2E31A865-0DED-4449-980C-9EF178D49D63}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{38B394B0-D3C4-49BF-A483-57AC5D89CE99}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{38B65A0F-138C-4C6B-8F9B-72787712119F}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{3B7186CE-ACA7-4F4C-B692-E3238AAF35CA}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{3C877F62-F11A-462A-906B-15404E4BC7D8}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{564E7178-A439-458C-9596-BAF36161A1F1}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{5F6DC872-966A-4685-8071-A809FEEF9E4E}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{70C628BC-77A2-4371-B72F-C0A7E3CEEECB}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{777B59B0-AEC8-4AAA-8E4E-9BB0D9062DCB}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{97D44404-D379-4B14-A6E8-26E209C613BD}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{9EB28D53-BD02-41B0-87C9-1E85707BB24D}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{A1E75987-252E-41A4-87BE-254EF599E8B9}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{A6BCB3B2-66AB-414E-9AA3-392CB41625FC}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{B461DCB7-BF96-4684-AB68-2032E0D51F99}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{CB25EFB9-9667-4533-9876-52BBA56A1EC6}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{D27E9260-4767-4CB8-9CE7-B4A721C29FD7}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{DDA6A93F-4FFB-416C-BDF6-70738D72E23A}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{DE25E7F1-0EAB-43BF-B266-C284055A7BEF}
Successfully deleted: [Empty Folder] C:\Users\Alex\appdata\local\{F1E63BFF-24A1-4F05-9946-C8A3774A3901}
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/29/2014 at  0:52:22.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:38 PM

Posted 29 October 2014 - 05:32 PM

ok. No problem,  the fixlist.txt should be saved here: C:\Users\Alex\Downloads

 

the same directory that you have FRST in.

I added to the list so please delete the one you saved to your desktop and use the new one below:

 

Please copy and paste the contents of the below code box into the open notepad and save it here:C:\Users\Alex\Downloads   as fixlist.txt

 

Run FRST again and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply-

Task: {F99F4E2B-BB9F-4E44-979D-AFE418406CFC} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-10-13] (MyPC Backup) <==== ATTENTION
Search Protection (HKCU\...\Search Protection) (Version: 7.3.0.3 - Spigot, Inc.) <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [ediokgmgdgljankdgmhboimegljmnbld] - C:\Users\Alex\AppData\Local\CRE\ediokgmgdgljankdgmhboimegljmnbld.crx [2013-10-02]
CHR HKCU\...\Chrome\Extension: [ediokgmgdgljankdgmhboimegljmnbld] - C:\Users\Alex\AppData\Local\CRE\ediokgmgdgljankdgmhboimegljmnbld.crx [2013-10-02]
CHR HKCU\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Alex\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-10-02]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-10-13] (Just Develop It) <==== ATTENTION
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Appandora device service] => C:\Program Files (x86)\Appandora\AppandoraDeviceService.exe [719872 2013-10-31] ()
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
C:\Windows\System32\drivers\anvsnddrv.sys
EmptyTemp:

When you first ran FRST it created a addition.txt:

 

 

The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

You should find it here also: C:\Users\Alex\Downloads

Want to see if I can spot anything like the plum comptroller item your seeing.

 


How Can I Reduce My Risk to Malware?


#11 Ax1226

Ax1226
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 30 October 2014 - 12:30 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014
Ran by Alex at 2014-10-30 01:09:47 Run:1
Running from C:\Users\Alex\Downloads
Loaded Profile: Alex (Available profiles: Alex)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Task: {F99F4E2B-BB9F-4E44-979D-AFE418406CFC} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-10-13] (MyPC Backup) <==== ATTENTION
Search Protection (HKCU\...\Search Protection) (Version: 7.3.0.3 - Spigot, Inc.) <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [ediokgmgdgljankdgmhboimegljmnbld] - C:\Users\Alex\AppData\Local\CRE\ediokgmgdgljankdgmhboimegljmnbld.crx [2013-10-02]
CHR HKCU\...\Chrome\Extension: [ediokgmgdgljankdgmhboimegljmnbld] - C:\Users\Alex\AppData\Local\CRE\ediokgmgdgljankdgmhboimegljmnbld.crx [2013-10-02]
CHR HKCU\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Alex\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-10-02]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-10-13] (Just Develop It) <==== ATTENTION
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Appandora device service] => C:\Program Files (x86)\Appandora\AppandoraDeviceService.exe [719872 2013-10-31] ()
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
C:\Windows\System32\drivers\anvsnddrv.sys
EmptyTemp:
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F99F4E2B-BB9F-4E44-979D-AFE418406CFC}" => Key not found.
C:\Windows\System32\Tasks\LaunchSignup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key not found.
Search Protection (HKCU\...\Search Protection) (Version: 7.3.0.3 - Spigot, Inc.) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ediokgmgdgljankdgmhboimegljmnbld" => Key deleted successfully.
"C:\Users\Alex\AppData\Local\CRE\ediokgmgdgljankdgmhboimegljmnbld.crx" => File/Directory not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\ediokgmgdgljankdgmhboimegljmnbld" => Key deleted successfully.
"C:\Users\Alex\AppData\Local\CRE\ediokgmgdgljankdgmhboimegljmnbld.crx" => File/Directory not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl" => Key not found.
"C:\Users\Alex\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx" => File/Directory not found.
catchme => Service deleted successfully.
BackupStack => Service not found.
"C:\Program Files (x86)\MyPC Backup\BackupStack.exe" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Appandora device service => value deleted successfully.
anvsnddrv => Service deleted successfully.
C:\Windows\System32\drivers\anvsnddrv.sys => Moved successfully.
EmptyTemp: => Removed 3.5 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
I cant find the other logs

That app is RemoteMouse

 

I cant find it on add/remove



#12 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:38 PM

Posted 30 October 2014 - 05:33 PM

Ok thanks for the info. We will use a fixlist again. Like before:

 

Please copy and paste the contents of the below code box into the open notepad and save it here:C:\Users\Alex\Downloads   as fixlist.txt

 

Run FRST again and press the Fix button just once and wait.
The tool will make a log here: C:\Users\Alex\Downloads  (Fixlog.txt) please post it to your reply-

C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
C:\Users\Alex\Downloads\RemoteMouse.exe
HKU\S-1-5-21-893756805-2383135729-2098188712-1001\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [2043904 2014-09-29] (RemoteMouse.net)
C:\Program Files (x86)\Remote Mouse\FileS.dll

How Can I Reduce My Risk to Malware?


#13 Ax1226

Ax1226
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 31 October 2014 - 09:46 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014
Ran by Alex at 2014-10-31 10:46:07 Run:2
Running from C:\Users\Alex\Downloads
Loaded Profile: Alex (Available profiles: Alex)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
C:\Users\Alex\Downloads\RemoteMouse.exe
HKU\S-1-5-21-893756805-2383135729-2098188712-1001\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [2043904 2014-09-29] (RemoteMouse.net)
C:\Program Files (x86)\Remote Mouse\FileS.dll
*****************
 
C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe => Moved successfully.
C:\Users\Alex\Downloads\RemoteMouse.exe => Moved successfully.
HKU\S-1-5-21-893756805-2383135729-2098188712-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Remote Mouse => value deleted successfully.
C:\Program Files (x86)\Remote Mouse\FileS.dll => Moved successfully.
 
==== End of Fixlog ====


#14 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:38 PM

Posted 31 October 2014 - 02:14 PM

Well Ok, and hows it looking on your end now?


How Can I Reduce My Risk to Malware?


#15 Ax1226

Ax1226
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 PM

Posted 01 November 2014 - 04:42 PM

I definitely see improvement. It runs faster and better, do you think I need to do stuff like defrag? Or you would say I'm good to go now.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users