Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probably a malware & words in browsers page text have links to adds


  • This topic is locked This topic is locked
7 replies to this topic

#1 lizzardoni

lizzardoni

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:25 AM

Posted 31 May 2015 - 06:26 AM

Hello,

 

Thank you in advance for helping me with this problem. My computer is probably affected with a malware because when i use a browser, even though I have adblock plus enabled, pop up windows appear and some words in the text of the page that i am looking have links to adds.

 

what can i do? please help me out.

 

thanks Lizi

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Nikos (administrator) on NIKOS-VAIO on 31-05-2015 14:14:48
Running from C:\Users\Nikos\Desktop
Loaded Profiles: Nikos (Available Profiles: Nikos)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Ελληνικά (Ελλάδας)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Giraffic) C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
( ) C:\Windows\System32\lxebcoms.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Giraffic) C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google) C:\Users\Nikos\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13631704 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [212480 2010-06-01] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [lxebmon.exe] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-06-01] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-09-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lexmark Pro200-S500 Series] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\fm3032.exe [316072 2011-01-23] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2730824447-2197223683-4253413979-1000\...\Run: [Google Update] => C:\Users\Nikos\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
HKU\S-1-5-21-2730824447-2197223683-4253413979-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2730824447-2197223683-4253413979-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-04-10]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NTUA OpenVPN.lnk [2014-10-22]
ShortcutTarget: NTUA OpenVPN.lnk -> C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2011-02-03] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2730824447-2197223683-4253413979-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchtotal.info/?pid=22942&r=2015/05/29&hid=5371321858361815557&lg=EN&cc=GR&unqvl=88
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2730824447-2197223683-4253413979-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2730824447-2197223683-4253413979-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchtotal.info/?pid=22942&r=2015/05/29&hid=5371321858361815557&lg=EN&cc=GR&unqvl=88
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=22942&r=2015/05/29&hid=5371321858361815557&lg=EN&cc=GR&unqvl=88
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=22942&r=2015/05/29&hid=5371321858361815557&lg=EN&cc=GR&unqvl=88
SearchScopes: HKU\S-1-5-21-2730824447-2197223683-4253413979-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=22942&r=2015/05/29&hid=5371321858361815557&lg=EN&cc=GR&unqvl=88
SearchScopes: HKU\S-1-5-21-2730824447-2197223683-4253413979-1000 -> {21268798-9430-4C28-8670-CBFFD9D2E150} URL = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices
SearchScopes: HKU\S-1-5-21-2730824447-2197223683-4253413979-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=22942&r=2015/05/29&hid=5371321858361815557&lg=EN&cc=GR&unqvl=88
SearchScopes: HKU\S-1-5-21-2730824447-2197223683-4253413979-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://gr.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150528__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2730824447-2197223683-4253413979-1000 -> {C14622EB-20BA-471E-B366-B2942E1E42E6} URL = http://rover.ebay.com/rover/1//4?satitle={searchTerms}
BHO: PriceMinus -> {6D0039B9-A295-4CE1-8EEC-8EA37FD369C4} -> C:\Program Files (x86)\PriceMinus\mLvygECDQI1joL.x64.dll [2015-05-29] ()
BHO: bestadblocker -> {8139BF64-9435-4B2D-812E-5DE0F043F341} -> C:\Program Files (x86)\bestadblocker\LAlmrILJe9CHCO.x64.dll [2015-05-29] ()
BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll [2008-05-22] ()
BHO-x32: Razor Web -> {2e22e1c9-9ddb-40da-85c7-0753217fff76} -> C:\Program Files (x86)\Razor Web\Extensions\2e22e1c9-9ddb-40da-85c7-0753217fff76.dll No File
BHO-x32: eye perform 1.0.0.7 -> {3f6a8cc5-74fe-45c1-b092-bdb7b857b77a} -> C:\Program Files (x86)\eye perform\eyeperformbho.dll [2015-05-30] (eye perform)
BHO-x32: PriceMinus -> {6D0039B9-A295-4CE1-8EEC-8EA37FD369C4} -> C:\Program Files (x86)\PriceMinus\mLvygECDQI1joL.dll [2015-05-29] ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: bestadblocker -> {8139BF64-9435-4B2D-812E-5DE0F043F341} -> C:\Program Files (x86)\bestadblocker\LAlmrILJe9CHCO.dll [2015-05-29] ()
BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll [2008-05-22] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll [2008-05-22] ()
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-04-09] (Skype Technologies S.A.)
Tcpip\..\Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}: [NameServer] 62.38.0.81,62.38.1.81

FireFox:
========
FF ProfilePath: C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default
FF NewTab: about:blank
FF DefaultSearchEngine: Google Default
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchtotal.info/?pid=22942&r=2015/05/29&hid=5371321858361815557&lg=EN&cc=GR&unqvl=88&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://spreadthelink.com/
FF Keyword.URL: hxxp://websearch.searchtotal.info/?pid=22942&r=2015/05/29&hid=5371321858361815557&lg=EN&cc=GR&unqvl=88&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-25] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2730824447-2197223683-4253413979-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Nikos\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2730824447-2197223683-4253413979-1000: @talk.google.com/O1DPlugin -> C:\Users\Nikos\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2730824447-2197223683-4253413979-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Nikos\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2730824447-2197223683-4253413979-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Nikos\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nikos\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Nikos\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\searchplugins\google-default.xml [2015-05-28]
FF Extension: Web Developer - C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2011-05-14]
FF Extension: Adblock Plus - C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-26]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-18]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: No Name - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-05-08]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Google Search) - C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (AdBlock) - C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-14]
CHR Extension: (Bookmark Manager) - C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-13]
CHR Extension: (Google Wallet) - C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (rbutr) - C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocnieghejiknjhadhngmmnbfjocbbfpm [2015-05-29]
CHR Extension: (Gmail) - C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKU\S-1-5-21-2730824447-2197223683-4253413979-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Nikos\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-04-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 4dd8d474; c:\Program Files (x86)\RelayDouble\RelayDouble.dll [1785856 2015-05-29] () [File not signed]
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )
R2 lxeb_device; C:\Windows\SysWOW64\lxebcoms.exe [598696 2010-04-14] ( )
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [836608 2010-06-08] (Sony Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [10326784 2010-06-24] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [271872 2010-06-24] (Intel® Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 14:14 - 2015-05-31 14:15 - 00023232 _____ () C:\Users\Nikos\Desktop\FRST.txt
2015-05-31 14:14 - 2015-05-31 14:14 - 00000000 ____D () C:\FRST
2015-05-31 13:58 - 2015-05-31 13:58 - 02108928 _____ (Farbar) C:\Users\Nikos\Desktop\FRST64.exe
2015-05-30 17:01 - 2015-05-30 17:02 - 51789024 _____ (Microsoft Corporation) C:\Users\Nikos\Desktop\Windows-KB890830-x64-V5.24.exe
2015-05-30 17:00 - 2015-05-30 17:00 - 00000099 _____ () C:\Windows\Reimage.ini
2015-05-30 16:42 - 2015-05-30 16:42 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-30 16:42 - 2015-05-30 16:42 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-30 16:42 - 2015-05-30 16:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-30 15:29 - 2015-05-30 15:29 - 00000000 ____D () C:\Program Files (x86)\eye perform
2015-05-29 20:46 - 2015-05-30 17:10 - 00000000 ____D () C:\Users\Nikos\Desktop\Tali
2015-05-29 13:45 - 2015-05-29 13:45 - 00000000 ____D () C:\Program Files (x86)\RelayDouble
2015-05-29 13:44 - 2015-05-29 13:44 - 00000000 ____D () C:\Program Files (x86)\rbutr
2015-05-29 13:43 - 2015-05-29 13:44 - 00000000 ____D () C:\ProgramData\12288655249530958039
2015-05-29 13:43 - 2015-05-29 13:43 - 00000000 ____D () C:\Program Files (x86)\PriceMinus
2015-05-29 13:43 - 2015-05-29 13:43 - 00000000 ____D () C:\Program Files (x86)\bestadblocker
2015-05-29 13:42 - 2015-05-29 13:42 - 00000000 ____D () C:\ProgramData\idkdieipheckdcanbgalppfpimcjknol
2015-05-29 13:42 - 2015-05-29 13:42 - 00000000 ____D () C:\Program Files (x86)\PricoeMinus
2015-05-29 13:41 - 2015-05-30 15:29 - 00000000 ____D () C:\ProgramData\{0746f77c-6d2a-3a6d-0746-6f77c6d2ddf1}
2015-05-29 11:28 - 2015-05-29 11:45 - 00000000 ____D () C:\Users\Nikos\Desktop\site_flash teliko
2015-05-28 17:30 - 2015-05-28 17:30 - 00000020 _____ () C:\Windows\tω3
2015-05-28 17:06 - 2015-05-28 17:06 - 00000000 ____D () C:\ProgramData\Wondershare
2015-05-28 17:04 - 2015-05-28 17:04 - 00001720 _____ () C:\Windows\PFRO.log
2015-05-28 16:52 - 2015-05-28 16:52 - 00002864 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-05-28 16:52 - 2015-05-28 16:52 - 00002864 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-05-28 16:52 - 2015-05-25 10:24 - 00429392 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-05-28 16:52 - 2015-05-25 10:24 - 00347976 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-05-28 16:51 - 2015-05-28 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-05-28 16:49 - 2015-05-28 16:49 - 00000000 ____D () C:\Users\Nikos\AppData\Roaming\OpenCandy
2015-05-28 16:49 - 2014-12-09 13:21 - 00081792 _____ (Flash-Integro LLC) C:\Windows\SysWOW64\mslvddsfilter2.ax
2015-05-28 16:49 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\Lagarith.dll
2015-05-28 16:49 - 2005-08-01 19:43 - 00245760 _____ () C:\Windows\SysWOW64\lame.ax
2015-05-28 16:49 - 2004-12-10 10:03 - 00438272 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-05-28 16:49 - 2004-02-04 21:11 - 00081920 _____ (fccHandler) C:\Windows\SysWOW64\AC3ACM.acm
2015-05-28 16:49 - 2003-05-22 12:26 - 00638976 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divx.dll
2015-05-28 16:49 - 2003-05-22 12:26 - 00221215 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divxdec.ax
2015-05-28 16:49 - 2003-05-21 23:50 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-05-28 16:49 - 2003-05-21 23:50 - 00261632 _____ (MainConcept) C:\Windows\SysWOW64\mcdvd_32.dll
2015-05-28 16:49 - 2003-05-21 23:50 - 00156910 _____ () C:\Windows\WMSysPr8.prx
2015-05-28 16:49 - 2003-05-21 23:50 - 00082944 _____ (Voxware, Inc.) C:\Windows\SysWOW64\vct3216.acm
2015-05-28 16:49 - 2003-05-21 23:50 - 00038912 _____ (NCT Company) C:\Windows\SysWOW64\alf2cd.acm
2015-05-28 16:49 - 2003-05-21 23:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2015-05-28 16:49 - 2003-03-25 05:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\L3CODECX.AX
2015-05-28 16:49 - 2002-08-20 00:41 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll
2015-05-28 16:49 - 2000-03-14 20:55 - 00013239 _____ (SHARP Corporation) C:\Windows\SysWOW64\Scg726.acm
2015-05-28 16:39 - 2015-05-28 16:39 - 00000000 ____D () C:\Users\Nikos\.MCTranscodingSDK
2015-05-28 16:37 - 2015-05-28 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
2015-05-28 16:37 - 2015-05-28 16:37 - 00000000 ____D () C:\ProgramData\Geevs
2015-05-28 16:36 - 2015-05-28 16:45 - 00000000 ____D () C:\Program Files\Lightworks
2015-05-28 16:36 - 2015-05-28 16:42 - 00000000 ____D () C:\Users\Public\Documents\Lightworks
2015-05-28 15:50 - 2015-05-28 15:59 - 00000760 _____ () C:\Windows\DirectX.log
2015-05-28 15:25 - 2015-05-28 15:25 - 00000000 ____D () C:\Users\Nikos\AppData\Local\Wondershare
2015-05-28 15:24 - 2015-05-28 15:25 - 00000000 ____D () C:\Users\Nikos\Documents\Wondershare Filmora
2015-05-28 15:22 - 2015-05-28 15:24 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2015-05-26 16:29 - 2015-05-26 17:07 - 03921041 _____ () C:\Users\Nikos\Desktop\test.dwg
2015-05-26 16:23 - 2015-05-26 16:23 - 13620700 _____ () C:\Users\Nikos\Desktop\Siskou - Ag. Pantes.dxf
2015-05-19 12:24 - 2015-05-19 18:34 - 00000000 ____D () C:\Users\Nikos\Desktop\diplomat
2015-05-18 10:44 - 2015-05-18 10:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-14 00:20 - 2015-05-01 16:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:20 - 2015-05-01 16:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 15:04 - 2015-05-05 04:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 15:04 - 2015-05-05 04:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 15:04 - 2015-04-22 05:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 15:04 - 2015-04-22 04:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 15:04 - 2015-04-21 20:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 15:04 - 2015-04-21 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 15:04 - 2015-04-21 19:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 15:04 - 2015-04-21 19:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 15:04 - 2015-04-21 19:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 15:04 - 2015-04-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 15:04 - 2015-04-21 19:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 15:04 - 2015-04-21 19:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 15:04 - 2015-04-21 19:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 15:04 - 2015-04-21 19:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 15:04 - 2015-04-21 19:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 15:04 - 2015-04-21 19:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 15:04 - 2015-04-21 19:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 15:04 - 2015-04-21 19:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 15:04 - 2015-04-21 19:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 15:04 - 2015-04-21 19:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 15:04 - 2015-04-21 19:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 15:04 - 2015-04-21 19:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 15:04 - 2015-04-21 19:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 15:04 - 2015-04-21 19:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 15:04 - 2015-04-21 19:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 15:04 - 2015-04-21 19:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 15:04 - 2015-04-21 19:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 15:04 - 2015-04-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 15:04 - 2015-04-21 19:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 15:04 - 2015-04-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 15:04 - 2015-04-21 19:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 15:04 - 2015-04-21 19:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 15:04 - 2015-04-21 19:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 15:04 - 2015-04-21 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 15:04 - 2015-04-21 18:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 15:04 - 2015-04-21 18:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 15:04 - 2015-04-21 18:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 15:04 - 2015-04-21 18:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 15:04 - 2015-04-21 18:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 15:04 - 2015-04-21 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 15:04 - 2015-04-21 18:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 15:04 - 2015-04-21 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 15:04 - 2015-04-21 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 15:04 - 2015-04-21 18:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 15:04 - 2015-04-21 18:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 15:04 - 2015-04-21 18:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 15:04 - 2015-04-21 18:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 15:04 - 2015-04-21 18:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 15:04 - 2015-04-21 18:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 15:04 - 2015-04-21 18:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 15:04 - 2015-04-21 18:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 15:04 - 2015-04-21 18:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 15:04 - 2015-04-21 18:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 15:04 - 2015-04-21 18:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 15:04 - 2015-04-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 15:04 - 2015-04-21 18:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 15:04 - 2015-04-21 17:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 15:04 - 2015-04-21 17:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 15:04 - 2015-04-18 06:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 15:04 - 2015-04-18 05:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 15:04 - 2015-02-18 10:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 15:04 - 2015-02-18 10:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 15:03 - 2015-04-27 22:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 15:03 - 2015-04-27 22:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 15:03 - 2015-04-27 22:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 15:03 - 2015-04-27 22:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 15:03 - 2015-04-27 22:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 15:03 - 2015-04-27 22:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 15:03 - 2015-04-27 22:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 15:03 - 2015-04-27 22:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 15:03 - 2015-04-27 22:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 15:03 - 2015-04-27 22:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 15:03 - 2015-04-27 22:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 15:03 - 2015-04-27 22:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 15:03 - 2015-04-27 22:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 15:03 - 2015-04-27 22:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 15:03 - 2015-04-27 22:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 15:03 - 2015-04-27 22:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 15:03 - 2015-04-27 22:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 22:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 15:03 - 2015-04-27 22:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 15:03 - 2015-04-27 22:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 15:03 - 2015-04-27 22:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 15:03 - 2015-04-27 22:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 15:03 - 2015-04-27 22:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 15:03 - 2015-04-27 22:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 15:03 - 2015-04-27 22:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 15:03 - 2015-04-27 22:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 15:03 - 2015-04-27 22:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 15:03 - 2015-04-27 22:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 15:03 - 2015-04-27 22:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 15:03 - 2015-04-27 22:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 15:03 - 2015-04-27 22:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 15:03 - 2015-04-27 22:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 15:03 - 2015-04-27 22:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 15:03 - 2015-04-27 22:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 15:03 - 2015-04-27 22:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 15:03 - 2015-04-27 22:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 15:03 - 2015-04-27 22:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 15:03 - 2015-04-27 22:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 15:03 - 2015-04-27 22:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 15:03 - 2015-04-27 22:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 15:03 - 2015-04-27 22:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 15:03 - 2015-04-27 22:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 15:03 - 2015-04-27 22:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 15:03 - 2015-04-27 22:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 15:03 - 2015-04-27 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 21:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 15:03 - 2015-04-27 20:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 15:03 - 2015-04-27 20:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 15:03 - 2015-04-27 20:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 20:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 15:03 - 2015-04-27 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 15:03 - 2015-04-21 20:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 15:03 - 2015-04-21 19:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 15:03 - 2015-04-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 15:03 - 2015-04-21 19:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 15:03 - 2015-04-13 06:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 13:44 - 2015-04-20 06:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 13:44 - 2015-04-20 06:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 13:44 - 2015-04-20 05:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 13:44 - 2015-04-20 05:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 13:44 - 2015-04-08 06:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 13:44 - 2015-04-08 06:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 13:44 - 2015-04-08 06:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 13:43 - 2015-03-04 07:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 13:43 - 2015-03-04 07:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 13:43 - 2015-03-04 07:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 13:43 - 2015-03-04 07:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 13:43 - 2015-03-04 07:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 13:43 - 2015-03-04 07:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 13:43 - 2015-03-04 07:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 13:43 - 2015-01-29 06:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 13:43 - 2015-01-29 06:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-10 11:45 - 2015-05-10 11:45 - 00000000 ____D () C:\Users\Nikos\AppData\Roaming\UnknownApplicationVendor
2015-05-10 11:40 - 2015-05-10 11:40 - 00000000 ____D () C:\Users\Nikos\AppData\Roaming\MEDiX
2015-05-10 11:40 - 2015-05-10 11:40 - 00000000 ____D () C:\Users\Nikos\AppData\Local\MEDiX
2015-05-05 09:23 - 2015-03-05 08:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-05 09:23 - 2015-03-05 07:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-04 18:08 - 2015-05-29 13:08 - 00000000 ____D () C:\Users\Nikos\Desktop\5-15

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 14:15 - 2011-08-23 23:43 - 00000000 ____D () C:\Program Files (x86)\Giraffic
2015-05-31 14:09 - 2010-12-06 12:00 - 00001184 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-31 14:04 - 2009-07-14 07:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-31 14:04 - 2009-07-14 07:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-31 13:51 - 2011-06-16 21:04 - 00001194 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2730824447-2197223683-4253413979-1000UA.job
2015-05-31 13:13 - 2011-10-02 18:50 - 02045109 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 11:17 - 2015-03-17 21:38 - 00008568 _____ () C:\Windows\setupact.log
2015-05-31 11:09 - 2010-12-06 12:00 - 00001180 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-31 10:15 - 2011-08-23 23:43 - 00000000 ____D () C:\ProgramData\Giraffic
2015-05-31 10:14 - 2011-09-07 15:09 - 00348311 _____ () C:\ProgramData\lxebscan.log
2015-05-31 10:14 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-30 16:42 - 2014-04-06 21:07 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-30 15:32 - 2010-10-14 23:50 - 00611280 _____ () C:\Windows\system32\perfh008.dat
2015-05-30 15:32 - 2010-10-14 23:50 - 00112882 _____ () C:\Windows\system32\perfc008.dat
2015-05-30 15:32 - 2009-07-14 08:13 - 01501666 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-30 15:30 - 2013-07-04 14:06 - 00000000 ____D () C:\Users\Nikos\AppData\Local\CrashDumps
2015-05-30 10:13 - 2011-05-05 20:47 - 00003968 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0AF50588-8677-4250-8E2E-B1D100233ECB}
2015-05-29 14:00 - 2010-12-06 12:29 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-05-29 13:59 - 2011-05-07 21:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-05-29 13:56 - 2010-12-06 12:32 - 00000000 ____D () C:\Program Files\Windows Live
2015-05-29 11:43 - 2011-05-13 15:24 - 00001456 _____ () C:\Users\Nikos\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-05-28 18:41 - 2011-05-07 15:53 - 00000000 ____D () C:\Users\Nikos\AppData\Roaming\uTorrent
2015-05-28 17:30 - 2011-09-09 14:09 - 00000000 ____D () C:\Windows\el
2015-05-28 17:04 - 2009-07-14 07:45 - 05493448 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-28 16:39 - 2011-05-05 20:38 - 00000000 ____D () C:\Users\Nikos
2015-05-28 15:46 - 2011-05-07 15:56 - 00000000 ____D () C:\Users\Nikos\AppData\Local\Windows Live
2015-05-28 15:42 - 2011-05-05 20:39 - 00319256 _____ () C:\Users\Nikos\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-26 16:24 - 2014-01-27 13:18 - 00000000 ____D () C:\Users\Nikos\AppData\Local\cache
2015-05-26 10:11 - 2014-07-30 10:25 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-26 00:11 - 2014-08-15 17:57 - 00000000 ____D () C:\Users\Nikos\AppData\Local\Adobe
2015-05-25 08:51 - 2011-06-16 21:04 - 00001142 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2730824447-2197223683-4253413979-1000Core.job
2015-05-23 20:52 - 2015-03-26 23:02 - 00000000 ____D () C:\Users\Nikos\Desktop\autocad
2015-05-20 21:46 - 2015-04-05 00:20 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 21:46 - 2015-04-05 00:20 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 10:00 - 2011-05-16 13:33 - 00000000 ____D () C:\Users\Nikos\AppData\Roaming\FileZilla
2015-05-19 08:46 - 2011-06-16 21:04 - 00004168 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2730824447-2197223683-4253413979-1000UA
2015-05-19 08:46 - 2011-06-16 21:04 - 00003772 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2730824447-2197223683-4253413979-1000Core
2015-05-18 19:27 - 2014-11-04 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-18 09:48 - 2011-05-10 14:03 - 00000000 ____D () C:\Users\Nikos\Desktop\kleo
2015-05-17 11:04 - 2010-12-06 12:00 - 00004180 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 11:04 - 2010-12-06 12:00 - 00003928 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 13:45 - 2013-01-12 12:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 12:17 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache
2015-05-14 09:56 - 2009-07-14 10:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 09:56 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 00:36 - 2011-05-08 04:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 00:35 - 2013-07-12 12:53 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 00:20 - 2012-05-09 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 00:19 - 2012-05-09 11:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 00:19 - 2012-05-09 11:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 23:05 - 2015-02-08 17:07 - 00000000 ____D () C:\Users\Nikos\Desktop\alb
2015-05-03 09:17 - 2011-09-07 15:20 - 00109318 _____ () C:\ProgramData\lxeb.log
2015-05-02 08:45 - 2015-04-16 16:25 - 00000000 ____D () C:\Users\Nikos\AppData\Local\Battle.net

==================== Files in the root of some directories =======

2011-08-09 10:54 - 2014-07-18 13:23 - 0000132 _____ () C:\Users\Nikos\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-05-13 15:24 - 2015-05-29 11:43 - 0001456 _____ () C:\Users\Nikos\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-07-04 13:15 - 2014-12-23 17:20 - 0003584 _____ () C:\Users\Nikos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-12 16:50 - 2013-04-12 16:50 - 0000218 _____ () C:\Users\Nikos\AppData\Local\recently-used.xbel
2011-07-17 14:00 - 2011-07-17 14:00 - 0000000 _____ () C:\Users\Nikos\AppData\Local\{2A483E9C-F1E4-43D9-B158-91F2E441C93D}
2011-05-23 18:21 - 2011-05-23 18:21 - 0000000 _____ () C:\Users\Nikos\AppData\Local\{2D283CA4-0541-4A23-BE8A-10C3E8B36DCF}
2011-09-07 15:02 - 2011-09-07 15:02 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2011-09-07 15:31 - 2011-09-08 10:53 - 0000504 _____ () C:\ProgramData\FastPics.log
2011-05-28 16:19 - 2012-04-29 20:44 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys
2011-09-07 15:20 - 2015-05-03 09:17 - 0109318 _____ () C:\ProgramData\lxeb.log
2011-09-07 15:40 - 2013-03-19 13:44 - 0001712 _____ () C:\ProgramData\lxebDiagnostics.log
2011-09-07 15:30 - 2013-11-24 11:17 - 0017474 _____ () C:\ProgramData\lxebJSW.log
2011-09-07 15:09 - 2015-05-31 10:14 - 0348311 _____ () C:\ProgramData\lxebscan.log
2011-09-07 15:02 - 2011-09-07 15:02 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2011-09-07 15:02 - 2011-09-07 15:02 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some files in TEMP:
====================
C:\Users\Nikos\AppData\Local\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-26 11:09

==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:25 PM

Posted 01 June 2015 - 08:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove the progras in bold using the Add/Remove Programs applet.
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
eye perform (HKLM\...\eye perform) (Version: 2015.05.30.032913 - eye perform) <==== ATTENTION
UpgradeMaster (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{4dd8d474}) (Version: - UpgradeMaster) <==== ATTENTION

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-2730824447-2197223683-4253413979-1000\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2730824447-2197223683-4253413979-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchtotal.info/?pid=22942&r=2015/05/29&hid=5371321858361815557&lg=EN&cc=GR&unqvl=88
HKU\S-1-5-21-2730824447-2197223683-4253413979-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchtotal.info/?pid=22942&r=2015/05/29&hid=5371321858361815557&lg=EN&cc=GR&unqvl=88
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=22942&r=2015/05/29&hid=5371321858361815557&lg=EN&cc=GR&unqvl=88
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=22942&r=2015/05/29&hid=5371321858361815557&lg=EN&cc=GR&unqvl=88
SearchScopes: HKU\S-1-5-21-2730824447-2197223683-4253413979-1000 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=22942&r=2015/05/29&hid=5371321858361815557&lg=EN&cc=GR&unqvl=88
SearchScopes: HKU\S-1-5-21-2730824447-2197223683-4253413979-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=22942&r=2015/05/29&hid=5371321858361815557&lg=EN&cc=GR&unqvl=88
BHO: PriceMinus -> {6D0039B9-A295-4CE1-8EEC-8EA37FD369C4} -> C:\Program Files (x86)\PriceMinus\mLvygECDQI1joL.x64.dll [2015-05-29] ()
BHO: bestadblocker -> {8139BF64-9435-4B2D-812E-5DE0F043F341} -> C:\Program Files (x86)\bestadblocker\LAlmrILJe9CHCO.x64.dll [2015-05-29] ()
BHO-x32: Razor Web -> {2e22e1c9-9ddb-40da-85c7-0753217fff76} -> C:\Program Files (x86)\Razor Web\Extensions\2e22e1c9-9ddb-40da-85c7-0753217fff76.dll No File
BHO-x32: PriceMinus -> {6D0039B9-A295-4CE1-8EEC-8EA37FD369C4} -> C:\Program Files (x86)\PriceMinus\mLvygECDQI1joL.dll [2015-05-29] ()
BHO-x32: bestadblocker -> {8139BF64-9435-4B2D-812E-5DE0F043F341} -> C:\Program Files (x86)\bestadblocker\LAlmrILJe9CHCO.dll [2015-05-29] ()
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchtotal.info/?pid=22942&r=2015/05/29&hid=5371321858361815557&lg=EN&cc=GR&unqvl=88&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Keyword.URL: hxxp://websearch.searchtotal.info/?pid=22942&r=2015/05/29&hid=5371321858361815557&lg=EN&cc=GR&unqvl=88&l=1&q=
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKU\S-1-5-21-2730824447-2197223683-4253413979-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Nikos\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
R2 4dd8d474; c:\Program Files (x86)\RelayDouble\RelayDouble.dll [1785856 2015-05-29] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
Task: {957661C9-FF80-4766-AD09-542D1AC5B57D} - \Express FilesUpdate No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:02DD996C
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2DE5673D
AlternateDataStreams: C:\ProgramData\TEMP:3ED5E595
AlternateDataStreams: C:\ProgramData\TEMP:4B6A9FDA
AlternateDataStreams: C:\ProgramData\TEMP:8F30A02C
AlternateDataStreams: C:\ProgramData\TEMP:9D0A16E4
AlternateDataStreams: C:\ProgramData\TEMP:CB959782
AlternateDataStreams: C:\ProgramData\TEMP:CDE1EE2A
AlternateDataStreams: C:\ProgramData\TEMP:DED17083
C:\Program Files (x86)\PriceMinus
c:\Program Files (x86)\RelayDouble

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 lizzardoni

lizzardoni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:25 AM

Posted 01 June 2015 - 09:26 AM

Hello Nasdaq.

 

Thank you for your answer.

 

I followed your steps and I uploaded the logs that you asked for.

 

I far as i can see there are still problems in my computer. I opened chrome and pop up windows appeared.

 

Till now I haven't seen any problem in Firefox.

 

Thank you again,

Lizi

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:25 PM

Posted 01 June 2015 - 12:31 PM

Your copy of Chrome has been compromised

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.


Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Keep me posted.

#5 lizzardoni

lizzardoni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:25 AM

Posted 02 June 2015 - 02:01 AM

Hello Nasdaq.

 

I complete uninstalled chrome and re installed it. As far as I can tell chrome browser has no problem now. What should I do now?

 

Thank you


Edited by lizzardoni, 02 June 2015 - 04:36 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:25 PM

Posted 02 June 2015 - 07:28 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 lizzardoni

lizzardoni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:25 AM

Posted 02 June 2015 - 08:12 AM

Thank you for your help. If I have any problems I will let you know.

 

Thanks again!!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:25 PM

Posted 08 June 2015 - 07:58 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users