Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/InstalleRex.T potentially unwanted application - InstallMate


  • This topic is locked This topic is locked
9 replies to this topic

#1 alea5

alea5

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 13 October 2015 - 09:13 AM

Hi,

I recently run Eset online scan on my computer and this is what it told me:

 

C:\Users\All Users\InstallMate\{6C210ED9-AA26-4361-A18A-E204B7C22C2F}\Custom.dll      Win32/InstalleRex.T potentially unwanted application

C:\masm32\JANO\crack.exe     a variant of Win32/Kryptik.BRWW trojan   cleaned by deleting - quarantined

C:\masm32\JANO\crack_sk.exe  a variant of Win32/Kryptik.BRWW trojan   cleaned by deleting - quarantined

C:\masm32\JANO\Delete_Denied_2000\de_den.exe   probably unknown NewHeur_PE virus  deleted - quarantined

C:\masm32\JANO\Delete_Denied_2000\de_den2.exe  probably unknown NewHeur_PE virus  deleted - quarantined

C:\masm32\JANO\Delete_Denied_2000\de_den3.exe  probably unknown NewHeur_PE virus  deleted - quarantined

C:\masm32\JANO\SEH\seh2.exe  a variant of Win32/Kryptik.BRWW trojan   cleaned by deleting - quarantined

C:\ProgramData\InstallMate\{6C210ED9-AA26-4361-A18A-E204B7C22C2F}\Custom.dll      Win32/InstalleRex.T potentially unwanted application cleaned by deleting - quarantined

 

the thing is - it got rid of 7 out of 8 things and what's bothering me is that C:\Users\All Users\InstallMate\{6C210ED9-AA26-4361-A18A-E204B7C22C2F}\Custom.dll      Win32/InstalleRex.T potentially unwanted application

 

How do I get rid of it? Can I just click on it and delete it? Will it even work? Any help would be appreciated.

 

Thanks.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,524 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 AM

Posted 14 October 2015 - 09:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

#3 alea5

alea5
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 15 October 2015 - 03:25 AM

Hello nasdaq, thanks a lot for your time.

 

I'm not sure what happened but it looks like that Custom.dll file has disappeared. Before I could go into that C:\ProgramData\InstallMate\{6C210ED9-AA26-4361-A18A-E204B7C22C2F} folder and it was here but it's not here anymore.

 

Anyway, I did what you told me.

 

(actually I didn't need to download Malwarebytes' Anti-Malware 'cause I already had it on computer)

Malwarebytes' Anti-Malware:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 14. 10. 2015

Scan Time: 19:13

Logfile: Malwarebytes_.txt

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.10.14.05

Rootkit Database: v2015.10.06.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Nika

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 349813

Time Elapsed: 40 min, 46 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

(end)

 

 AdwCleaner:

 

# AdwCleaner v5.013 - Logfile created 14/10/2015 at 20:48:43

# Updated 09/10/2015 by Xplode

# Database : 2015-10-13.2 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Nika - Nika-PC

# Running from : C:\Users\Nika\Desktop\adwcleaner_5.013.exe

# Option : Cleaning

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\ProgramData\SoftSafe

[-] Folder Deleted : C:\Users\Nika\AppData\Local\PackageAware

 

***** [ Files ] *****

 

[-] File Deleted : C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage

[-] File Deleted : C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal

[-] File Deleted : C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage

[-] File Deleted : C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal

[-] File Deleted : C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage

[-] File Deleted : C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage-journal

 

***** [ DLLs ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

[-] Key Deleted : HKCU\Software\Softonic

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}

[!] Key Not Deleted : [x64] HKCU\Software\Softonic

 

***** [ Web browsers ] *****

 

[-] [C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trojan-remover.en.softonic.com

 

*************************

 

:: Winsock settings cleared

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1919 bytes] ##########

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-10-2015

Ran by Nika (administrator) on Nika-PC (14-10-2015 21:04:52)

Running from C:\Users\Nika\Desktop

Loaded Profiles: Nika (Available Profiles: Nika)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)

Internet Explorer Version 9 (Default browser: "C:\Program Files (x86)\Opera\Opera.exe" "%1")

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Flarion Technologies, Inc.) C:\Program Files (x86)\T-Mobile Communication Center\drivers\8b589b184f396002f0582eeed9fdbfb9\FMMService.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe

(Paradoxx Software) C:\Program Files (x86)\T-Mobile Communication Center\FofdmDhcp_x64.exe

(Paradoxx Software) C:\Program Files (x86)\T-Mobile Communication Center\FOFDMUpgrade.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Dynex Technologies\Databases\MSSQL$DYNEXLOCAL\Binn\sqlservr.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe

(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Flux Software LLC) C:\Users\Nika\AppData\Local\FluxSoftware\Flux\flux.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-09] (Atheros Communications)

HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800896 2012-03-09] (Atheros Commnucations)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2822952 2012-02-24] (ELAN Microelectronics Corp.)

HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-08] (Acer Incorporated)

HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)

HKLM-x32\...\Run: [LManager] => [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

HKU\S-1-5-21-1381078608-2264551206-1989339977-1000\...\Run: [F.lux] => C:\Users\Nika\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)

HKU\S-1-5-21-1381078608-2264551206-1989339977-1000\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-1381078608-2264551206-1989339977-1000\...\Run: [hh] => "C:\Users\Nika\AppData\Roaming\Microsoft\Windows\hh.exe"

HKU\S-1-5-21-1381078608-2264551206-1989339977-1000\...\Run: [Google Update] => C:\Users\Nika\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)

HKU\S-1-5-21-1381078608-2264551206-1989339977-1000\...\Run: [Dropbox Update] => C:\Users\Nika\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-27] (Dropbox, Inc.)

HKU\S-1-5-21-1381078608-2264551206-1989339977-1000\...\MountPoints2: {8cd913f2-3872-11e2-99bc-446d57e0c276} - E:\AutoRun.exe

HKU\S-1-5-21-1381078608-2264551206-1989339977-1000\...\MountPoints2: {a1691199-3015-11e2-802f-206a8a860dbe} - F:\SETUP.EXE

HKU\S-1-5-21-1381078608-2264551206-1989339977-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Nika\AppData\Roaming\Microsoft\Windows\hh.exe

HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nika\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nika\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nika\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nika\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nika\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nika\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nika\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)

Startup: C:\Users\Nika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hh.lnk [2014-06-18]

ShortcutTarget: hh.lnk -> C:\Users\Nika\AppData\Roaming\Microsoft\Windows\hh.exe (No File)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Hosts: 74.208.10.249 gs.apple.com

Tcpip\Parameters: [DhcpNameServer] 213.151.222.34 192.168.0.1

Tcpip\..\Interfaces\{2BB2D381-53DC-448D-81EC-880361A66D97}: [DhcpNameServer] 10.0.2.2

Tcpip\..\Interfaces\{72693708-ED8D-4B24-97A5-64138B1E2ED4}: [DhcpNameServer] 213.151.222.34 192.168.0.1

Tcpip\..\Interfaces\{F8BBADF7-D0AA-4843-B40B-75585CAD153D}: [DhcpNameServer] 194.154.227.17 195.91.0.17

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

HKU\S-1-5-21-1381078608-2264551206-1989339977-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ais2.euba.sk/ais/start.do

HKU\S-1-5-21-1381078608-2264551206-1989339977-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-1381078608-2264551206-1989339977-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-06-27] (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-06-27] (Oracle Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-18] (Oracle Corporation)

BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-03-09] (Atheros Commnucations)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-18] (Oracle Corporation)

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll [2012-11-27] ()

FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-06-27] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-06-27] (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll [2012-11-27] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-18] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-06-18] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2012-12-19] (Nitro PDF)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)

FF Plugin HKU\S-1-5-21-1381078608-2264551206-1989339977-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Nika\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-1381078608-2264551206-1989339977-1000: @talk.google.com/O1DPlugin -> C:\Users\Nika\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-1381078608-2264551206-1989339977-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Nika\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF Plugin HKU\S-1-5-21-1381078608-2264551206-1989339977-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Nika\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Nika\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Nika\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

 

Chrome:

=======

CHR HomePage: Default -> hxxps://ais2.euba.sk/ais/start.do

CHR Session Restore: Default -> is enabled.

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File

CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()

CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL => No File

CHR Profile: C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Dokumenty Google) - C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-16]

CHR Extension: (Disk Google) - C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-16]

CHR Extension: (YouTube) - C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-16]

CHR Extension: (Google Search) - C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-16]

CHR Extension: (Postman - REST Client) - C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdmmgilgnpjigdojojpjoooidkmcomcm [2013-09-06]

CHR Extension: (Postman) - C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2015-06-28]

CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-07]

CHR Extension: (Postman Launcher) - C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default\Extensions\igofndmniooofoabmmpfonmdnhgchoka [2015-06-28]

CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]

CHR Extension: (Gmail) - C:\Users\Nika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-16]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [107648 2012-03-09] (Atheros Commnucations) [File not signed]

R2 FMMService; C:\Program Files (x86)\T-Mobile Communication Center\drivers\8b589b184f396002f0582eeed9fdbfb9\FMMService.exe [40960 2012-11-27] (Flarion Technologies, Inc.) [File not signed]

R2 FOFDM DHCP Timing; C:\Program Files (x86)\T-Mobile Communication Center\FofdmDhcp_x64.exe [391680 2011-02-16] (Paradoxx Software) [File not signed]

R2 FOFDMUpgrade; C:\Program Files (x86)\T-Mobile Communication Center\FOFDMUpgrade.exe [188416 2011-02-16] (Paradoxx Software) [File not signed]

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-16] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [162648 2012-03-16] (Intel Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 MSSQL$DYNEXLOCAL; C:\Program Files (x86)\Common Files\Dynex Technologies\Databases\MSSQL$DYNEXLOCAL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]

S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]

R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-12-19] (Nitro PDF Software)

R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-20] (Electronic Arts)

S2 SIMUL8Parallel; C:\Program Files (x86)\SIMUL8Student\SIMUL8_ParallelSVC.exe [497152 2013-11-11] (SIMUL8 Corporation)

S3 SQLAgent$DYNEXLOCAL; C:\Program Files (x86)\Common Files\Dynex Technologies\Databases\MSSQL$DYNEXLOCAL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [76960 2012-02-28] (Atheros) [File not signed]

S4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [X]

S3 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [X]

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-10-09] ()

R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)

S3 Leadtek; C:\Windows\System32\DRIVERS\Leadtek.sys [77360 2012-11-24] (Leadtek Research Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)

S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-14 21:04 - 2015-10-14 21:04 - 00028641 _____ C:\Users\Nika\Desktop\FRST.txt

2015-10-14 20:54 - 2015-10-14 20:54 - 00000162 ____H C:\Users\Nika\Desktop\~$dition.txt

2015-10-14 20:54 - 2015-10-14 20:54 - 00000000 ____D C:\Users\Nika\Desktop\FRST-OlderVersion

2015-10-14 20:25 - 2015-10-14 20:51 - 00000000 ____D C:\AdwCleaner

2015-10-14 20:23 - 2015-10-14 20:23 - 01682432 _____ C:\Users\Nika\Desktop\adwcleaner_5.013.exe

2015-10-14 20:15 - 2015-10-14 20:15 - 00001061 _____ C:\Malwarebytes_.txt

2015-10-14 20:13 - 2015-10-14 20:13 - 00001067 _____ C:\Malwarebytes_result.txt

2015-10-10 00:02 - 2015-10-10 00:03 - 00021864 _____ C:\Users\Nika\Desktop\Addition.txt

2015-10-09 23:59 - 2015-10-14 21:04 - 00000000 ____D C:\FRST

2015-10-09 23:59 - 2015-10-14 20:54 - 02196480 _____ (Farbar) C:\Users\Nika\Desktop\FRST64.exe

2015-10-09 21:51 - 2015-10-09 21:51 - 00000000 ____D C:\sh4ldr

2015-10-09 21:49 - 2015-10-09 21:49 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys

2015-10-09 21:49 - 2015-10-09 21:49 - 00000000 ____D C:\Program Files\Enigma Software Group

2015-10-09 18:03 - 2015-10-09 18:03 - 00001826 _____ C:\scan results 9.10.2015.txt

2015-10-09 14:58 - 2015-10-09 14:58 - 02870984 _____ (ESET) C:\Users\Nika\Desktop\esetsmartinstaller_enu.exe

2015-10-04 11:18 - 2015-10-04 11:18 - 00000000 ____D C:\Users\Nika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-14 21:02 - 2015-01-25 20:20 - 00000942 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1381078608-2264551206-1989339977-1000UA.job

2015-10-14 21:00 - 2013-06-16 21:29 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-10-14 21:00 - 2012-11-16 19:56 - 00000384 _____ C:\Windows\Tasks\Acer Registration - Reminder Recall task.job

2015-10-14 20:58 - 2009-07-14 06:45 - 00024192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-10-14 20:58 - 2009-07-14 06:45 - 00024192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-10-14 20:54 - 2009-07-14 07:13 - 00006384 _____ C:\Windows\system32\PerfStringBackup.INI

2015-10-14 20:50 - 2015-07-17 15:28 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c09476b7c238.job

2015-10-14 20:50 - 2013-06-16 21:29 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-10-14 20:50 - 2012-11-19 20:31 - 00002912 _____ C:\Windows\SysWOW64\PcCard0.log

2015-10-14 20:50 - 2012-11-19 20:31 - 00000592 _____ C:\Windows\SysWOW64\fmmservice.log

2015-10-14 20:50 - 2012-05-30 05:53 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

2015-10-14 20:50 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-10-14 20:50 - 2009-07-14 06:51 - 00136674 _____ C:\Windows\setupact.log

2015-10-14 20:49 - 2012-05-30 05:47 - 01615053 _____ C:\Windows\WindowsUpdate.log

2015-10-14 20:19 - 2015-06-27 20:07 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1381078608-2264551206-1989339977-1000UA.job

2015-10-14 19:19 - 2015-06-27 20:07 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1381078608-2264551206-1989339977-1000Core.job

2015-10-14 19:13 - 2014-07-08 08:46 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-10-14 18:08 - 2012-05-30 05:53 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

2015-10-14 15:02 - 2015-01-25 20:20 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1381078608-2264551206-1989339977-1000Core.job

2015-10-14 12:49 - 2013-09-06 20:18 - 00000000 ____D C:\Users\Nika\AppData\Local\TSVNCache

2015-10-09 21:51 - 2012-11-20 14:08 - 00005190 _____ C:\Windows\wdict32.INI

2015-10-09 18:16 - 2014-07-08 08:45 - 00001070 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-10-09 18:16 - 2014-07-08 08:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-10-09 18:16 - 2014-07-08 08:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-10-09 18:02 - 2013-02-16 20:56 - 00000000 ____D C:\Users\Nika\Documents\gretl

2015-10-09 14:06 - 2013-01-02 11:20 - 00008192 _____ C:\Users\Nika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-10-08 11:34 - 2012-11-16 21:43 - 00000000 ____D C:\Users\Nika\AppData\Roaming\vlc

2015-10-08 11:09 - 2013-01-06 22:01 - 00000000 ____D C:\Users\Nika\AppData\Roaming\dvdcss

2015-10-06 16:56 - 2014-01-05 11:11 - 00000000 ____D C:\fan

2015-10-04 11:18 - 2013-03-18 20:36 - 00000000 ____D C:\Users\Nika\AppData\Roaming\Dropbox

2015-10-01 17:55 - 2015-01-25 21:34 - 00003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422214447

2015-10-01 17:55 - 2012-11-16 13:52 - 00000000 ____D C:\Program Files (x86)\Opera

2015-10-01 16:20 - 2015-01-22 15:49 - 00000000 ____D C:\coze

2015-09-29 13:02 - 2013-06-16 21:38 - 00002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-09-26 17:01 - 2009-07-14 07:08 - 00032522 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-09-21 15:13 - 2012-11-17 16:03 - 00000000 ____D C:\skola - inzinier

2015-09-21 08:55 - 2015-07-18 19:43 - 00003680 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0c09476b7c238

2015-09-21 08:55 - 2013-06-16 21:29 - 00003932 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-09-17 14:57 - 2015-01-25 20:20 - 00003910 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1381078608-2264551206-1989339977-1000UA

2015-09-17 14:57 - 2015-01-25 20:20 - 00003514 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1381078608-2264551206-1989339977-1000Core

2015-09-17 10:21 - 2012-11-20 20:33 - 00000000 ____D C:\filmy

2015-09-14 09:39 - 2013-06-16 21:29 - 00000000 ____D C:\Users\Nika\AppData\Local\Google

 

==================== Files in the root of some directories =======

 

2013-12-27 12:12 - 2013-12-27 12:12 - 0000600 _____ () C:\Users\Nika\AppData\Roaming\winscp.rnd

2013-01-02 11:20 - 2015-10-09 14:06 - 0008192 _____ () C:\Users\Nika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-06-15 13:08 - 2015-06-15 13:08 - 0004267 _____ () C:\Users\Nika\AppData\Local\recently-used.xbel

2014-04-01 16:03 - 2014-04-01 16:03 - 0007605 _____ () C:\Users\Nika\AppData\Local\Resmon.ResmonCfg

2014-03-18 20:01 - 2014-03-18 20:01 - 0000057 _____ () C:\ProgramData\Ament.ini

2012-05-30 06:05 - 2012-05-30 06:08 - 0002454 _____ () C:\ProgramData\clear.fiSDK20.log

2013-01-04 17:08 - 2013-01-04 17:11 - 0001355 _____ () C:\ProgramData\hpzinstall.log

2012-05-30 06:07 - 2012-12-28 19:46 - 0000032 _____ () C:\ProgramData\PS.log

 

Some files in TEMP:

====================

C:\Users\Nika\AppData\Local\Temp\drm_dyndata_7400009.dll

C:\Users\Nika\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphjcnwd.dll

C:\Users\Nika\AppData\Local\Temp\EsgInstallerx64Stub.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-10-14 18:36

 

==================== End of FRST.txt ============================

Attached File  Addition.txt   21.05KB   2 downloads

 

am I safe?



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,524 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 AM

Posted 15 October 2015 - 09:54 AM



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [LManager] => [X]
Startup: C:\Users\Nika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hh.lnk [2014-06-18]
ShortcutTarget: hh.lnk -> C:\Users\Nika\AppData\Roaming\Microsoft\Windows\hh.exe (No File)
SearchScopes: HKU\S-1-5-21-1381078608-2264551206-1989339977-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL => No File
S4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [X]
S3 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
CustomCLSID: HKU\S-1-5-21-1381078608-2264551206-1989339977-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Nika\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1381078608-2264551206-1989339977-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Nika\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1381078608-2264551206-1989339977-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Nika\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1381078608-2264551206-1989339977-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Nika\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1381078608-2264551206-1989339977-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Nika\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
C:\Users\Nika\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Nika\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphjcnwd.dll
C:\Users\Nika\AppData\Local\Temp\EsgInstallerx64Stub.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#5 alea5

alea5
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 16 October 2015 - 06:44 AM

Here's Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:14-10-2015

Ran by Nika (2015-10-16 13:31:40) Run:1

Running from C:\Users\Nika\Desktop

Loaded Profiles: Nika (Available Profiles: Nika)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

start

 

CreateRestorePoint:

EmptyTemp:

CloseProcesses:

 

HKLM-x32\...\Run: [LManager] => [X]

Startup: C:\Users\Nika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hh.lnk [2014-06-18]

ShortcutTarget: hh.lnk -> C:\Users\Nika\AppData\Roaming\Microsoft\Windows\hh.exe (No File)

SearchScopes: HKU\S-1-5-21-1381078608-2264551206-1989339977-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File

CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => No File

CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL => No File

S4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [X]

S3 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [X]

S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

CustomCLSID: HKU\S-1-5-21-1381078608-2264551206-1989339977-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Nika\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1381078608-2264551206-1989339977-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Nika\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1381078608-2264551206-1989339977-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Nika\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1381078608-2264551206-1989339977-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Nika\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-1381078608-2264551206-1989339977-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Nika\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File

C:\Users\Nika\AppData\Local\Temp\drm_dyndata_7400009.dll

C:\Users\Nika\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphjcnwd.dll

C:\Users\Nika\AppData\Local\Temp\EsgInstallerx64Stub.exe

 

End

*****************

 

Restore point was successfully created.

Processes closed successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => value removed successfully

C:\Users\Nika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hh.lnk => moved successfully

C:\Users\Nika\AppData\Roaming\Microsoft\Windows\hh.exe => not found.

HKU\S-1-5-21-1381078608-2264551206-1989339977-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully

"HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully

HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully

C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => not found.

C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => not found.

C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => not found.

C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => not found.

c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL => not found.

wlcrasvc => service removed successfully

wlidsvc => service removed successfully

huawei_enumerator => service removed successfully

hwdatacard => service removed successfully

"HKU\S-1-5-21-1381078608-2264551206-1989339977-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully

"HKU\S-1-5-21-1381078608-2264551206-1989339977-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully

"HKU\S-1-5-21-1381078608-2264551206-1989339977-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully

"HKU\S-1-5-21-1381078608-2264551206-1989339977-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully

"HKU\S-1-5-21-1381078608-2264551206-1989339977-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully

C:\Users\Nika\AppData\Local\Temp\drm_dyndata_7400009.dll => moved successfully

C:\Users\Nika\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphjcnwd.dll => moved successfully

C:\Users\Nika\AppData\Local\Temp\EsgInstallerx64Stub.exe => moved successfully

EmptyTemp: => 23.9 GB temporary data Removed.

 

 

The system needed a reboot.

 

==== End of Fixlog 13:36:12 ====

 

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,524 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 AM

Posted 16 October 2015 - 06:55 AM

How is the computer running now?

#7 alea5

alea5
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 16 October 2015 - 07:07 AM

It looks OK so far... 

but I didn't notice something was wrong before either...  just that Eset scan log got me panicked. 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,524 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 AM

Posted 17 October 2015 - 07:13 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 alea5

alea5
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 18 October 2015 - 09:49 AM

Thanks, nasdaq.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,524 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 AM

Posted 18 October 2015 - 12:21 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users