Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32:Evo-gen [Susp]


  • This topic is locked This topic is locked
15 replies to this topic

#1 MajorBrainDamage

MajorBrainDamage

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 08 August 2014 - 05:10 AM

I have a laptop that I am trying to clean an infection from but am having very little luck.

 

I ran CCleanner to clean up all the temp rubbish.

I have scanned with Malwarebytes which does not detect the infection,

I have scanned with Emsisoft Anti-Malware which detected over 750 infected files and quarantined them.

Avast anti-virus is still detecting and blocking the same Win32:Evo-gen [Susp] entry over and over again.....

 

I am not really seeing any other impacts on this machine apart from the Avast dialogue box coming up every little while telling me that it has blocked another lot of infections.

 

 

--------------------------------------------------------------------------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17028
Run by Natasha at 19:03:59 on 2014-08-08
Microsoft Windows 8  6.2.9200.0.1252.64.1033.18.3525.2250 [GMT 10:00]
.
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Telecom Connection Manager\AssistantServices.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Launch Manager\LMMsg.exe
C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Telecom Connection Manager\UIExec.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.nz/
uDefault_Page_URL = www.google.com
mStart Page = www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [UIExec] "C:\Program Files (x86)\Telecom Connection Manager\UIExec.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 10.1.1.1
TCP: Interfaces\{870AD332-047D-47B6-A5CC-A9A046CF12C6} : DHCPNameServer = 10.1.1.1
TCP: Interfaces\{AF0323F5-11CB-4C9A-8870-04B7051F445B} : DHCPNameServer = 192.51.120.29
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
x64-mStart Page = www.google.com
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Page_URL = www.google.com
x64-mDefault_Search_URL = www.google.com
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Natasha\AppData\Roaming\Mozilla\Firefox\Profiles\mzupz6t7.default\
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2014-6-6 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2014-6-6 224896]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-7-30 26176]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2014-7-30 45208]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2014-7-30 23088]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswsnx.sys [2014-6-6 1041168]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswsp.sys [2014-6-6 427360]
R2 a2AntiMalware;Emsisoft Protection Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-7-30 4741384]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-13 241152]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\Drivers\aswHwid.sys [2014-6-6 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2014-6-6 79184]
R2 aswStm;aswStm;C:\Windows\System32\Drivers\aswstm.sys [2014-6-6 92008]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [2013-4-15 228480]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-30 50344]
R2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2013-2-19 2615368]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-6-8 2356912]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2013-4-18 100752]
R2 LMSvc;Launch Manager Service;C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [2013-3-15 431656]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-6-9 5052224]
R2 UI Assistant Service;UI Assistant Service;C:\Program Files (x86)\Telecom Connection Manager\AssistantServices.exe [2014-7-23 253264]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-7-30 71472]
R3 AthrSdSrv;AthrSdSrv;C:\Windows\System32\Drivers\athrsd.sys [2013-4-13 48760]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-4-13 94208]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-4-25 34384]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-7-30 57024]
R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2013-3-15 662088]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2013-4-18 364944]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2013-4-13 119528]
R3 LMDriver;Launch Manager Wireless Driver;C:\Windows\System32\Drivers\LMDriver.sys [2013-1-10 21360]
R3 RadioShim;Shim for HID-KMDF Interface layer;C:\Windows\System32\Drivers\RadioShim.sys [2013-1-10 15704]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2013-4-25 58536]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-4-25 89168]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2013-4-25 346192]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2013-4-25 115280]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-4-25 179432]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-4-25 77464]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2013-4-25 136784]
S3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-4-25 584272]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-11-17 469648]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\Drivers\massfilter.sys [2014-7-23 11776]
.
=============== Created Last 30 ================
.
2014-07-30 10:10:55 -------- d-----w- C:\ProgramData\Emsisoft
2014-07-30 08:20:58 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-30 07:07:22 -------- d-----w- C:\AdwCleaner
2014-07-30 06:10:40 0 ----a-w- C:\Windows\System32\atiuxpag.dll
2014-07-30 06:10:40 0 ----a-w- C:\Windows\System32\atiu9pag.dll
2014-07-30 06:10:40 0 ----a-w- C:\Windows\System32\atidxx32.dll
2014-07-30 06:10:40 0 ----a-w- C:\Windows\System32\aticfx32.dll
2014-07-30 06:02:54 175528 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2014-07-30 05:40:34 43152 ----a-w- C:\Windows\avastSS.scr
2014-07-30 02:08:42 -------- d-----w- C:\Dave - DO NOT TOUCH
2014-07-28 06:08:17 703968 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-28 06:08:17 105440 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-27 07:35:35 -------- d-----w- C:\Users\Natasha\AppData\Local\CrashDumps
2014-07-27 03:30:46 -------- d-----w- C:\ProgramData\Visan
2014-07-27 03:30:46 -------- d-----w- C:\ProgramData\HP Photo Creations
2014-07-27 03:30:46 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2014-07-27 03:30:34 -------- d-----w- C:\Users\Natasha\AppData\Roaming\HpUpdate
2014-07-27 03:30:04 -------- d-----w- C:\Program Files (x86)\HP
2014-07-27 03:30:02 -------- d-----w- C:\Program Files\HP
2014-07-27 03:28:04 -------- d-----w- C:\Users\Natasha\AppData\Local\HP
2014-07-26 04:57:03 3246592 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-07-26 04:57:03 235520 ----a-w- C:\Windows\System32\rdpudd.dll
2014-07-26 04:57:02 3262464 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-26 04:57:01 4038144 ----a-w- C:\Windows\System32\win32k.sys
2014-07-26 04:57:00 394624 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-07-26 04:57:00 1557504 ----a-w- C:\Windows\System32\osk.exe
2014-07-26 04:56:59 1616896 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-26 04:56:59 1440256 ----a-w- C:\Windows\SysWow64\osk.exe
2014-07-26 04:56:58 92672 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-07-26 04:56:50 588288 ----a-w- C:\Windows\System32\SHCore.dll
2014-07-26 04:56:50 452608 ----a-w- C:\Windows\SysWow64\SHCore.dll
2014-07-26 04:56:50 439808 ----a-w- C:\Windows\System32\lsm.dll
2014-07-26 04:56:50 1281536 ----a-w- C:\Windows\System32\lsasrv.dll
2014-07-26 04:54:13 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2014-07-26 04:54:12 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-26 04:54:12 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-26 04:54:11 627712 ----a-w- C:\Program Files\Windows Journal\MSPVWCTL.DLL
2014-07-26 04:54:11 1306624 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-26 04:54:11 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-26 04:54:11 1029120 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2014-07-26 04:54:10 881152 ----a-w- C:\Program Files\Windows Journal\InkSeg.dll
2014-07-26 04:54:10 336384 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll
2014-07-26 04:54:10 265216 ----a-w- C:\Windows\System32\InkEd.dll
2014-07-26 04:52:59 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-26 04:52:59 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-26 04:49:50 576512 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-07-26 04:49:49 596480 ----a-w- C:\Windows\System32\qedit.dll
2014-07-26 04:49:49 497152 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-07-26 04:48:46 2233176 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-07-26 04:48:45 1845760 ----a-w- C:\Windows\System32\msxml3.dll
2014-07-26 04:48:43 1419264 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-07-26 04:48:42 1301504 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-26 04:48:42 1023488 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-07-22 20:56:22 119680 ----a-w- C:\Windows\System32\drivers\ZTEusbser6k.sys
2014-07-22 20:56:22 119680 ----a-w- C:\Windows\System32\drivers\ZTEusbnmea.sys
2014-07-22 20:56:22 119680 ----a-w- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
2014-07-22 20:56:22 11776 ----a-w- C:\Windows\System32\drivers\massfilter.sys
2014-07-22 20:56:09 -------- d-----w- C:\Windows\SysWow64\SupportAppCB
2014-07-22 20:56:07 -------- d-----w- C:\Program Files (x86)\Telecom Connection Manager
.
==================== Find3M  ====================
.
2014-08-08 06:38:42 65536 ----a-w- C:\Windows\System32\spu_storage.bin
2014-07-30 05:40:38 92008 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-07-30 05:40:37 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-07-30 05:40:37 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-07-30 05:40:37 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-07-30 05:40:37 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-07-30 05:40:37 1041168 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-07-30 05:40:36 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-07-30 02:02:27 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-19 02:12:11 2239488 ----a-w- C:\Windows\System32\wininet.dll
2014-06-19 02:12:02 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-06-19 02:12:02 53760 ----a-w- C:\Windows\System32\UXInit.dll
2014-06-19 02:10:33 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-19 02:10:28 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 02:10:28 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-06-19 02:09:55 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-19 00:53:52 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-19 00:53:42 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2014-06-19 00:52:46 2863616 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-19 00:52:42 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-19 00:52:42 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-06-19 00:52:19 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:05:00 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2014-05-11 21:26:14 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-11 21:26:00 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-11 21:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 19:05:35.73 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 12 August 2014 - 01:29 PM

Hi there,

can you please post up the log files of Emsisoft and avast that show what exactly has been detected/blocked?
And in addition als run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 MajorBrainDamage

MajorBrainDamage
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 12 August 2014 - 11:53 PM

Hello aharonov,

 

First I would like to say thanks for getting back to be so promplty and second I thank you in advance for any time that you will spend helping me through this issue.

 

I have added 3 logs from Emsisoft and the logs from FRST.

I have not added any information from AVAST logs as there is nothing that I can find. I was going to extract a log but I dont seem to be able.

 

Regards,

Dave



#4 MajorBrainDamage

MajorBrainDamage
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 13 August 2014 - 12:00 AM

FIRST SCAN

Emsisoft Anti-Malware - Version 9.0
Last update: 30/07/2014 6:50:31 p.m.
User account: happyplace\Natasha

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    30/07/2014 6:57:14 p.m.
C:\Users\Natasha\AppData\Local\Microsoft\Windows\FileHistory\Data\22\C\Users\Natasha\Documents\AdwCleaner.exe     detected: Trojan.Generic.11592248 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\BIT1EF3.tmp     detected: Gen:Variant.Dropper.99 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\BIT4FD1.tmp     detected: Application.Win32.InstallAd (A)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\BIT5EC0.tmp     detected: Gen:Variant.Dropper.99 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz36E3.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3B13.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5839.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAB3.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBD4D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDA1D.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE0E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF50D.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\Documents\AdwCleaner.exe     detected: Trojan.Generic.11592248 ( B)

Scanned    232608
Found    13

Scan end:    30/07/2014 8:10:55 p.m.
Scan time:    1:13:41

C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAB3.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBD4D.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz36E3.tmp    Quarantined Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3B13.tmp    Quarantined Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5839.tmp    Quarantined Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDA1D.tmp    Quarantined Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE0E.tmp    Quarantined Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF50D.tmp    Quarantined Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\BIT4FD1.tmp    Quarantined Application.Win32.InstallAd (A)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\BIT1EF3.tmp    Quarantined Gen:Variant.Dropper.99 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\BIT5EC0.tmp    Quarantined Gen:Variant.Dropper.99 ( B)
C:\Users\Natasha\AppData\Local\Microsoft\Windows\FileHistory\Data\22\C\Users\Natasha\Documents\AdwCleaner.exe    Quarantined Trojan.Generic.11592248 ( B)
C:\Users\Natasha\Documents\AdwCleaner.exe    Quarantined Trojan.Generic.11592248 ( B)

Quarantined    13

==========================================================================================================================================================
 


SECOND SCAN

Emsisoft Anti-Malware - Version 9.0
Last update: 31/07/2014 6:45:24 a.m.
User account: happyplace\Natasha

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    31/07/2014 6:55:40 a.m.
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\BITADEF.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz10EF.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz11C5.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1906.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1E40.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1F32.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz259E.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2C4B.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2D07.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2F2A.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2F62.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3474.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4276.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz45F5.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz48E4.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4BEA.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4C03.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4E4B.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4E61.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz506.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5418.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz577A.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5A92.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz64B3.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6674.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6679.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6976.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6CF2.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6F27.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6FB.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz703B.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz71C.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz71CB.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7347.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7417.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7461.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7CAF.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8048.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8199.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8596.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz88FB.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8948.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8A34.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8CD9.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8DAD.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8F9.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz927F.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz95CB.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9FB9.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA2F0.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA3DF.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA4C7.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAAE2.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzACB1.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB321.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB4D0.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB7BD.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB7EF.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBB86.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC0C3.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC0F7.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC19B.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC23B.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC4E5.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC604.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCCA1.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCEF5.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD7FB.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD80.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD914.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDB96.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDCAE.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDD4B.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDF72.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDF92.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE0A.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE2F0.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE45F.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEA80.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF407.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF522.tmp     detected: Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFE41.tmp     detected: Gen:Variant.Adware.Dropper.105 (B)

Scanned    232819
Found    82

Scan end:    31/07/2014 8:14:06 a.m.
Scan time:    1:18:26

C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz11C5.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1E40.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2D07.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2F2A.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2F62.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4C03.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz506.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6674.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6976.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6CF2.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6FB.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz71C.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7417.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7CAF.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8048.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8199.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8596.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz88FB.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8948.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8A34.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8DAD.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8F9.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz927F.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9FB9.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA4C7.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAAE2.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB7EF.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC0C3.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC23B.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCCA1.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD80.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDB96.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE45F.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF522.tmp    Quarantined Gen:Variant.Adware.Kazy.396117 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz10EF.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1906.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1F32.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz259E.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2C4B.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3474.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4276.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz45F5.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz48E4.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4BEA.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4E4B.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4E61.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5418.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz577A.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5A92.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz64B3.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6679.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6F27.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz703B.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz71CB.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7347.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7461.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8CD9.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz95CB.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA2F0.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA3DF.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzACB1.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB321.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB4D0.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB7BD.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBB86.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC0F7.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC19B.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC4E5.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC604.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCEF5.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD7FB.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD914.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDCAE.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDD4B.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDF72.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDF92.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE0A.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE2F0.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEA80.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF407.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFE41.tmp    Quarantined Gen:Variant.Adware.Dropper.105 (B)

Quarantined    81



#5 MajorBrainDamage

MajorBrainDamage
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 13 August 2014 - 12:03 AM

THIRD SCAN

Emsisoft Anti-Malware - Version 9.0
Last update: 1/08/2014 7:12:50 p.m.
User account: happyplace\Natasha

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    7/08/2014 11:03:58 a.m.
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\BIT1CED.tmp     detected: Gen:Variant.Adware.Dropper.103 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\BITA0F0.tmp     detected: Gen:Variant.Adware.Dropper.103 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\BITADEF.tmp     detected: Gen:Variant.Adware.Dropper.103 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\BITD89B.tmp     detected: Gen:Variant.Adware.Dropper.103 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz101C.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1030.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1088.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1311.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz146A.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz147.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz14EE.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz15F0.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1618.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1669.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz16CB.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz177F.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz182C.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz194E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz19AE.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1A2F.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1A7C.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1AF7.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1B25.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1B5.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1B85.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1BF9.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1C22.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1C47.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1C73.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1CEC.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1D06.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1D3B.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1D51.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1D7F.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1DA6.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1DD4.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1DE3.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1E0B.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1E3.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1F63.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1FAE.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz20BB.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2102.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz216B.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz225.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2328.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2341.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2368.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz23B3.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz23D6.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz241B.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz241F.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2465.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz24F8.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz24FA.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2545.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz25B8.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2637.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2699.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz26A4.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz26A9.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz26E3.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2740.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2759.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz27D5.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2804.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2845.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2892.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz28D7.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2955.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2989.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2A5F.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2B03.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2BC3.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2C1D.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2C6D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2CA7.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2CF1.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2D9.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2D98.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2DB8.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2DBC.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2E5F.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2E6E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2E8E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2ECF.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2F27.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2FFB.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2FFF.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz30DC.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz30F2.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz311.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz315.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz31BB.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz31C5.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3284.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz32DC.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3400.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3480.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz34F9.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz351F.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3593.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz35F6.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3600.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3604.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3648.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz366.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz372E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz375F.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3765.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz380F.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz382C.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz387B.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3946.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3955.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3976.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz39E1.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3A3B.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3A97.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3AD4.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3B0A.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3B0D.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3B0E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3B24.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3B37.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3B83.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3BA7.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3BBC.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3BE5.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3BE9.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3C1.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3C6B.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3CDC.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3D06.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3D7.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3E0A.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3ED6.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3F1C.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3F26.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3F86.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3F9.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3F95.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3FB3.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz403E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz405D.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4161.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4162.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz416C.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4186.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz41C3.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz41C8.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz41E5.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz41FA.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz420C.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz432F.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz435F.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4392.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz43F2.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz43FB.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz442A.tmp     detected: Trojan.GenericKD.1720404 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4474.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4549.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz458E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz45B1.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz467D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz467E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz469D.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4722.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz474A.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz474D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4769.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4782.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz47B5.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz47C0.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz47C1.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz47D.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz484F.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz485B.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz48C0.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4951.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz496E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4970.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz49D9.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4A57.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4A58.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4AA9.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4BA9.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4C23.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4C59.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4C78.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4CA3.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4CD8.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4CDC.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4CF.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4CF2.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4D20.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4E37.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4E5E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4EF4.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4F53.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4F7E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz505.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5071.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz50E0.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz50FA.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz510B.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz514A.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz514D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz51B3.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz51C6.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5261.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5262.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5273.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5285.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5293.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz532E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz534C.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5462.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5487.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz54DD.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz54F6.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5584.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz55FB.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5629.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz562F.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5636.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz56C3.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz571D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5732.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz573D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5853.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz588B.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz58FB.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5911.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5A57.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5AE5.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5BC1.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5C2C.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5CC3.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5F28.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5F3E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5F89.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5F9E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5FE7.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5FF1.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6016.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz602A.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz608C.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6198.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz61B7.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz61E5.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz61FA.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6267.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz627F.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz62B0.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz64E7.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6521.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz65AF.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6617.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz663E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6667.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6690.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6695.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz66D2.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz672B.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6738.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz675A.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz67B6.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz67F7.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6924.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6991.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz69FB.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6A43.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6A45.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6A64.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6A8E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6AAE.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6AE2.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6B6C.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6BE2.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6BF.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6C54.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6C74.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6D39.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6D3E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6D60.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6DCA.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6DFB.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6E10.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6E30.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6E31.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6E6E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6F09.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz70B3.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz712A.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7165.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7190.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz719E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz719F.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7253.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7258.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7291.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz735D.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7368.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7374.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz73CE.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7439.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7496.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz74CF.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz74DE.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz759B.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz75AC.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz75E6.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz76D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz771E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz772D.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz775A.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz778F.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz77B1.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz77DA.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz77E5.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz781E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz783F.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz78AC.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz78C1.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz78C6.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7954.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7999.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz79F8.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7A2A.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7A8E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7BCA.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7C10.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7D15.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7D17.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7DB1.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7F72.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7FC0.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8004.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8075.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz80A0.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz80CF.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz80F9.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8126.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8166.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8179.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8191.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz81B1.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz81E7.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz820E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz822F.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8258.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8263.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz82CE.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8444.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz844D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8478.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8495.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz84D7.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz855E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz861D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz868D.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz86D3.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz876D.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz877.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz886B.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz88B8.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz88DB.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz893A.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8946.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz895F.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8996.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz89B5.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8A0.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8A55.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8A99.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8B11.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8B2.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8BCE.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8C0C.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8CE4.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8D6A.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8D9A.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8E0A.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8E1B.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8E4A.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8EB.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8EF9.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8F05.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8F32.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8F91.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz90F6.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9132.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz91B5.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz925.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9262.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz92EB.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz93B3.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz93EE.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9406.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9433.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz946A.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz94D8.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz94E9.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz952E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz953F.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz95D4.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz960C.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz97.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9743.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz976.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz978E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz97CB.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz97EE.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz97FD.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz982C.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz98A4.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz98B7.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz98FF.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz996E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz99D3.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz99DE.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9A07.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9A5.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9A7B.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9AA1.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9ACB.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9B08.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9B8B.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9BA7.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9BFC.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9C5.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9C8.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9D39.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9D76.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9DF0.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9E13.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9E14.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9E15.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9E61.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9EAE.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9EB3.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9F9.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9FCE.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9FE8.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA000.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA051.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA07C.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA117.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA151.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA1E3.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA226.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA232.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA24B.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA2B2.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA2D0.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA38E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA42A.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA45E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA50F.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA5C2.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA5D4.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA5E8.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA605.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA64B.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA670.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA6C1.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA70B.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA75.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA77.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA7E4.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA80A.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA822.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA89A.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA8A3.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA8CA.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA8F3.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA956.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA9BF.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA9C3.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAA69.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAB1B.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAB2B.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAC37.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAC6A.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzACA0.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzACBD.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzACC6.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzACEA.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAD73.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzADD2.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAEA0.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAF06.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAF16.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAF8.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAFCF.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB058.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB0E9.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB139.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB166.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB1C4.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB1E0.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB235.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB25E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB2AA.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB2C3.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB30A.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB38F.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB396.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB3E3.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB40A.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB5F4.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB708.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB726.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB779.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB7A.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB7F3.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB7F5.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB823.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB8F4.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB907.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB95B.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB95F.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBA3D.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBA3E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBAD0.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBAFA.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBB52.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBB73.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBB9E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBBE6.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBC4A.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBC8.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBD35.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBD3E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBD43.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBD48.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBD8B.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBDB7.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBDC8.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBDE6.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBE9C.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBF10.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBF18.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBF6B.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBF7D.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBF8.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBFE4.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBFE9.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC094.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC16.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC1B5.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC1C2.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC21A.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC228.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC299.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC372.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC380.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC40B.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC4C9.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC4FF.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC599.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC62D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC6BE.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC6D7.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC748.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC762.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC833.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC8A0.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC8CA.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC911.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC953.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC9AA.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC9AF.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC9E5.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCA47.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCA76.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCAA0.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCB11.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCB4C.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCC00.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCC13.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCCC7.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCD03.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCDC4.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCDF0.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCEB4.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCECA.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCED9.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCF2E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCF4F.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCFAD.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD000.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD025.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD0FA.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD132.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD1A8.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD267.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD2D1.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD304.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD336.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD339.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD3BF.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD3C0.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD500.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD50A.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD567.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD59F.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD5EE.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD607.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD627.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD63D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD6A0.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD6C1.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD6C2.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD77D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD838.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD89E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD8A8.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD8AE.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD8C2.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD8F5.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD911.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD9EA.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDA05.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDB87.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDBA7.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDBFD.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDC21.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDCBC.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDCD9.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDD3A.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDDF.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDDF6.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDE33.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDEE2.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDF7D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDFF3.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE00E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE023.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE11D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE126.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE16.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE166.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE168.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE18C.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE19D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE1DE.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE22E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE373.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE374.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE3A0.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE3A8.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE4C8.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE547.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE57E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE581.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE5D0.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE5E5.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE64F.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE6EB.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE7B5.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE7C8.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE88C.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE913.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE932.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE98C.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE9AA.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE9BC.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE9D7.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEA4.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEA45.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEA67.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEA71.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEA9F.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEAB6.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEB37.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEBD8.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEC29.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEC50.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEC63.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEC6B.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzED2F.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEE2.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEE77.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEEB7.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEEB9.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEEF4.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEF76.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEF97.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEFCF.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEFD6.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF01E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF0AB.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF0D6.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF0ED.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF119.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF120.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF172.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF174.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF25D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF260.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF285.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF29E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF2B3.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF32D.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF3BE.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF42E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF463.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF4A3.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF4E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF4F1.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF5AE.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF5BE.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF5C5.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF5E4.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF61E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF651.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF6D4.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF73C.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF767.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF7CC.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF84E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF850.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF998.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF9F6.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF9FF.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFA06.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFA38.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFA51.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFB33.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFB46.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFB73.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFBA0.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFC17.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFC55.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFC6E.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFC6F.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFC9F.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFCCC.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFCD7.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFD6A.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFDC3.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFE26.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFEC1.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFF1B.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFF6D.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFF6E.tmp     detected: Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFFA8.tmp     detected: Gen:Variant.Adware.Kazy.396117 ( B)

Scanned    233441
Found    749

Scan end:    7/08/2014 12:45:20 p.m.
Scan time:    1:41:22

C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz442A.tmp    Deleted Trojan.GenericKD.1720404 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz146A.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz147.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz14EE.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz16CB.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz177F.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1A2F.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1A7C.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1B25.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1B5.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1B85.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1CEC.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1D3B.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1DD4.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1E3.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1F63.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2102.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz216B.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2341.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2368.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz23B3.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz23D6.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz241B.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz241F.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2465.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz24F8.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2545.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz25B8.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz26A9.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz26E3.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2740.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2759.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz27D5.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2A5F.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2C1D.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2CA7.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2D98.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2E6E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2ECF.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2FFB.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz30F2.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz315.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz31C5.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz32DC.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3400.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz351F.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz35F6.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3648.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz366.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz372E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz375F.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz380F.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3946.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3976.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3A97.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3AD4.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3B0D.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3B83.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3BE9.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3C1.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3D06.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3E0A.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3ED6.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3F86.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3F95.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3FB3.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz403E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz405D.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz416C.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4186.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz41C3.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz41E5.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz420C.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz43F2.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz43FB.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4474.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4549.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz45B1.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz467E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz469D.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4722.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz474A.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4769.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz47B5.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz47C0.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz47D.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz485B.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz48C0.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz496E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4A58.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4BA9.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4C23.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4CA3.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4D20.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4F53.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4F7E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz51B3.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz51C6.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5262.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5273.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5293.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5462.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz55FB.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5629.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz562F.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5636.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5853.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz588B.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5911.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5A57.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5BC1.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5CC3.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5F89.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5F9E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5FF1.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6016.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz61E5.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6267.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz627F.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz62B0.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6521.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6667.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz66D2.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz672B.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz675A.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz67F7.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6991.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6A45.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6B6C.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6BE2.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6BF.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6C74.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6D60.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6DCA.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6DFB.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6E10.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6E30.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6E31.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz70B3.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz712A.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7190.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7258.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz735D.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7368.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7374.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7439.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7496.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz74CF.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz74DE.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz75E6.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz771E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz772D.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz77B1.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz77DA.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz783F.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz78C1.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7954.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7999.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7C10.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7D15.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7DB1.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7FC0.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8075.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz80A0.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8126.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8179.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8191.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz81E7.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8263.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz82CE.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8444.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8495.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz855E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz868D.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz876D.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz877.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz886B.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz88DB.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz895F.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8996.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz89B5.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8A0.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8A55.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8A99.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8B2.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8CE4.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8D9A.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8E0A.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8E1B.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8E4A.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8F05.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8F91.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz91B5.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz925.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz92EB.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9406.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz94E9.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz952E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz953F.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz95D4.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz97.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9743.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz978E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz97CB.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz97EE.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz97FD.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz982C.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz98A4.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz98B7.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz98FF.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz99D3.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz99DE.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9A5.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9A7B.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9B08.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9BFC.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9C8.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9D39.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9DF0.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9E15.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9E61.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9F9.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9FCE.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA000.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA051.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA07C.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA151.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA1E3.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA226.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA232.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA2B2.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA2D0.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA42A.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA45E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA5D4.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA5E8.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA6C1.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA70B.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA77.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA822.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA89A.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA8CA.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA8F3.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA9BF.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA9C3.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAB1B.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAC6A.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzACBD.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzACEA.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAD73.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAEA0.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAF06.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAF16.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAFCF.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB166.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB1C4.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB1E0.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB235.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB2C3.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB30A.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB38F.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB726.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB7A.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB7F5.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB823.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBA3D.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBAFA.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBB73.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBBE6.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBC4A.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBC8.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBD43.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBD48.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBDB7.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBDC8.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBE9C.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBF7D.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBF8.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBFE4.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBFE9.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC16.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC1B5.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC299.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC372.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC380.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC40B.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC599.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC6BE.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC748.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC762.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC9AA.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC9E5.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCB11.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCC00.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCD03.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCEB4.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCED9.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCF4F.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCFAD.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD0FA.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD1A8.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD304.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD339.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD500.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD567.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD5EE.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD607.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD6A0.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD838.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD89E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD8A8.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD9EA.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDA05.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDB87.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDBFD.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDC21.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDDF6.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDE33.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE00E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE023.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE166.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE18C.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE1DE.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE3A0.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE4C8.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE57E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE64F.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE913.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE932.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE98C.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE9AA.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE9D7.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEA4.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEA45.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEAB6.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEB37.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEC63.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEC6B.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEEB7.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEEB9.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEF76.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEF97.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEFCF.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF01E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF172.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF174.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF260.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF29E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF2B3.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF463.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF5C5.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF5E4.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF73C.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF84E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF9FF.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFA38.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFA51.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFB33.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFB46.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFBA0.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFCCC.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFCD7.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFD6A.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFE26.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFF1B.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFF6D.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFF6E.tmp    Deleted Gen:Variant.Adware.Dropper.105 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz101C.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1030.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1088.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1311.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz15F0.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1618.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1669.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz182C.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz194E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz19AE.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1AF7.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1BF9.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1C22.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1C47.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1C73.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1D06.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1D51.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1D7F.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1DA6.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1DE3.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1E0B.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz1FAE.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz20BB.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz225.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2328.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz24FA.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2637.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2699.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz26A4.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2804.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2845.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2892.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz28D7.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2955.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2989.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2B03.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2BC3.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2C6D.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2CF1.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2D9.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2DB8.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2DBC.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2E5F.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2E8E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2F27.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz2FFF.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz30DC.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz311.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz31BB.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3284.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3480.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz34F9.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3593.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3600.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3604.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3765.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz382C.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz387B.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3955.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz39E1.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3A3B.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3B0A.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3B0E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3B24.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3B37.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3BA7.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3BBC.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3BE5.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3C6B.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3CDC.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3D7.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3F1C.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3F26.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz3F9.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4161.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4162.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz41C8.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz41FA.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz432F.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz435F.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4392.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz458E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz467D.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz474D.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4782.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz47C1.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz484F.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4951.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4970.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz49D9.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4A57.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4AA9.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4C59.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4C78.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4CD8.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4CDC.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4CF.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4CF2.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4E37.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4E5E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz4EF4.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz505.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5071.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz50E0.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz50FA.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz510B.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz514A.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz514D.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5261.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5285.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz532E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz534C.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5487.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz54DD.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz54F6.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5584.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz56C3.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz571D.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5732.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz573D.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz58FB.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5AE5.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5C2C.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5F28.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5F3E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz5FE7.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz602A.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz608C.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6198.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz61B7.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz61FA.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz64E7.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz65AF.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6617.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz663E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6690.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6695.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6738.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz67B6.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6924.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz69FB.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6A43.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6A64.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6A8E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6AAE.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6AE2.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6C54.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6D39.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6D3E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6E6E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz6F09.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7165.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz719E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz719F.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7253.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7291.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz73CE.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz759B.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz75AC.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz76D.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz775A.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz778F.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz77E5.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz781E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz78AC.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz78C6.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz79F8.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7A2A.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7A8E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7BCA.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7D17.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz7F72.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8004.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz80CF.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz80F9.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8166.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz81B1.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz820E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz822F.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8258.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz844D.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8478.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz84D7.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz861D.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz86D3.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz88B8.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz893A.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8946.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8B11.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8BCE.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8C0C.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8D6A.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8EB.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8EF9.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz8F32.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz90F6.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9132.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9262.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz93B3.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz93EE.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9433.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz946A.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz94D8.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz960C.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz976.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz996E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9A07.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9AA1.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9ACB.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9B8B.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9BA7.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9C5.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9D76.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9E13.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9E14.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9EAE.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9EB3.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trz9FE8.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA117.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA24B.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA38E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA50F.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA5C2.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA605.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA64B.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA670.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA75.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA7E4.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA80A.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA8A3.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzA956.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAA69.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAB2B.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAC37.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzACA0.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzACC6.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzADD2.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzAF8.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB058.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB0E9.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB139.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB25E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB2AA.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB396.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB3E3.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB40A.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB5F4.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB708.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB779.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB7F3.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB8F4.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB907.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB95B.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzB95F.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBA3E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBAD0.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBB52.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBB9E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBD35.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBD3E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBD8B.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBDE6.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBF10.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBF18.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzBF6B.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC094.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC1C2.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC21A.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC228.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC4C9.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC4FF.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC62D.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC6D7.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC833.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC8A0.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC8CA.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC911.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC953.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzC9AF.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCA47.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCA76.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCAA0.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCB4C.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCC13.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCCC7.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCDC4.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCDF0.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCECA.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzCF2E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD000.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD025.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD132.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD267.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD2D1.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD336.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD3BF.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD3C0.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD50A.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD59F.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD627.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD63D.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD6C1.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD6C2.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD77D.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD8AE.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD8C2.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD8F5.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzD911.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDBA7.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDCBC.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDCD9.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDD3A.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDDF.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDEE2.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDF7D.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzDFF3.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE11D.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE126.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE16.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE168.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE19D.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE22E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE373.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE374.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE3A8.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE547.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE581.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE5D0.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE5E5.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE6EB.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE7B5.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE7C8.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE88C.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzE9BC.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEA67.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEA71.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEA9F.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEBD8.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEC29.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEC50.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzED2F.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEE2.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEE77.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEEF4.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzEFD6.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF0AB.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF0D6.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF0ED.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF119.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF120.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF25D.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF285.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF32D.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF3BE.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF42E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF4A3.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF4E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF4F1.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF5AE.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF5BE.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF61E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF651.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF6D4.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF767.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF7CC.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF850.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF998.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzF9F6.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFA06.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFB73.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFC17.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFC55.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFC6E.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFC6F.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFC9F.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFDC3.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFEC1.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\trzFFA8.tmp    Deleted Gen:Variant.Adware.Kazy.396117 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\BIT1CED.tmp    Deleted Gen:Variant.Adware.Dropper.103 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\BITA0F0.tmp    Deleted Gen:Variant.Adware.Dropper.103 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\BITADEF.tmp    Deleted Gen:Variant.Adware.Dropper.103 ( B)
C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\BITD89B.tmp    Deleted Gen:Variant.Adware.Dropper.103 ( B)

Deleted    749


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by Natasha (administrator) on HAPPYPLACE on 13-08-2014 14:24:09
Running from C:\Users\Natasha\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\Telecom Connection Manager\AssistantServices.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Telecom Connection Manager\UIExec.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(WildTangent, Inc.) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-30] (AVAST Software)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\Telecom Connection Manager\UIExec.exe [139088 2010-09-09] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4841824 2014-07-30] (Emsisoft GmbH)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-04-15] ( (Qualcomm Atheros Commnucations))
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {A159E6C4-47FE-41C9-9204-0CD378D4C9A1} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {A159E6C4-47FE-41C9-9204-0CD378D4C9A1} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {A159E6C4-47FE-41C9-9204-0CD378D4C9A1} URL =
SearchScopes: HKCU - {A159E6C4-47FE-41C9-9204-0CD378D4C9A1} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1

FireFox:
========
FF ProfilePath: C:\Users\Natasha\AppData\Roaming\Mozilla\Firefox\Profiles\mzupz6t7.default
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-06]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-30] (Emsisoft GmbH)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [228480 2013-04-15] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-30] (AVAST Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-17] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-10] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-25] (WildTangent)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-03-15] (Acer Incorporate)
R2 UI Assistant Service; C:\Program Files (x86)\Telecom Connection Manager\AssistantServices.exe [253264 2010-09-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-30] ()
R3 AthrSdSrv; C:\Windows\system32\DRIVERS\athrsd.sys [48760 2012-12-01] (Qualcomm Atheros, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-15] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 14:24 - 2014-08-13 14:24 - 00013259 _____ () C:\Users\Natasha\Downloads\FRST.txt
2014-08-13 14:23 - 2014-08-13 14:24 - 00000000 ____D () C:\FRST
2014-08-13 14:22 - 2014-08-13 14:23 - 02100224 _____ (Farbar) C:\Users\Natasha\Downloads\FRST64.exe
2014-08-13 14:10 - 2014-08-13 14:10 - 00366718 _____ () C:\Users\Natasha\Desktop\Bleeping computer info.txt
2014-08-08 20:25 - 2014-08-08 20:28 - 00002434 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-08-08 20:25 - 2014-08-08 20:25 - 00000000 ____D () C:\Users\Natasha\AppData\Roaming\WildTangent
2014-08-08 19:59 - 2014-08-08 20:00 - 00000796 _____ () C:\Windows\setupact.log
2014-08-08 19:59 - 2014-08-08 19:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 19:03 - 2014-08-08 19:09 - 00000000 ____D () C:\Users\Natasha\Desktop\dave
2014-08-08 19:01 - 2014-08-08 19:05 - 00019145 _____ () C:\Users\Natasha\Desktop\dds.txt
2014-08-08 19:01 - 2014-08-08 19:05 - 00004347 _____ () C:\Users\Natasha\Desktop\attach.txt
2014-08-08 18:53 - 2014-08-08 18:54 - 00688992 ____R (Swearware) C:\Users\Natasha\Downloads\dds.com
2014-08-07 15:00 - 2014-08-07 15:01 - 00001033 _____ () C:\Users\Natasha\Desktop\Emsisoft Reports.lnk
2014-07-31 08:23 - 2014-07-31 08:23 - 00001754 _____ () C:\sc-cleaner.txt
2014-07-31 07:29 - 2014-07-31 07:29 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Natasha\Downloads\sc-cleaner.exe
2014-07-30 20:10 - 2014-07-30 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-30 18:23 - 2014-07-30 18:23 - 00001095 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-07-30 18:23 - 2014-07-30 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-30 18:20 - 2014-08-13 14:10 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-07-30 17:57 - 2014-07-30 18:12 - 233663808 _____ (Emsisoft GmbH ) C:\Users\Natasha\Downloads\EmsisoftAntiMalwareSetup.exe
2014-07-30 17:50 - 2014-07-30 17:49 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Natasha\Downloads\iExplore.exe
2014-07-30 17:48 - 2014-07-30 17:44 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Natasha\Downloads\rkill.exe
2014-07-30 17:07 - 2014-07-30 17:12 - 00000000 ____D () C:\AdwCleaner
2014-07-30 16:18 - 2014-07-30 16:18 - 00302593 _____ () C:\Users\Natasha\AppData\Local\census.cache
2014-07-30 16:18 - 2014-07-30 16:18 - 00159883 _____ () C:\Users\Natasha\AppData\Local\ars.cache
2014-07-30 16:10 - 2014-07-30 16:10 - 00000000 _____ () C:\Windows\system32\atiuxpag.dll
2014-07-30 16:10 - 2014-07-30 16:10 - 00000000 _____ () C:\Windows\system32\atiu9pag.dll
2014-07-30 16:10 - 2014-07-30 16:10 - 00000000 _____ () C:\Windows\system32\atidxx32.dll
2014-07-30 16:10 - 2014-07-30 16:10 - 00000000 _____ () C:\Windows\system32\aticfx32.dll
2014-07-30 16:08 - 2014-07-30 16:08 - 00000010 _____ () C:\Users\Natasha\AppData\Local\sponge.last.runtime.cache
2014-07-30 16:02 - 2014-07-30 16:02 - 02473936 _____ (Trend Micro Inc.) C:\Users\Natasha\Downloads\HousecallLauncher64.exe
2014-07-30 16:02 - 2014-07-30 16:02 - 00000036 _____ () C:\Users\Natasha\AppData\Local\housecall.guid.cache
2014-07-30 16:02 - 2013-09-02 17:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-07-30 15:42 - 2014-07-30 17:13 - 00002258 _____ () C:\Windows\PFRO.log
2014-07-30 15:42 - 2014-07-30 15:42 - 00422944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-30 15:41 - 2014-07-30 15:41 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-30 15:40 - 2014-07-30 15:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-30 15:39 - 2014-08-13 14:17 - 00349628 _____ () C:\Windows\WindowsUpdate.log
2014-07-30 15:36 - 2014-07-30 15:36 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-30 15:36 - 2014-07-30 15:36 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-30 15:36 - 2014-07-30 15:36 - 00000000 ____D () C:\Users\Natasha\AppData\Roaming\Mozilla
2014-07-30 15:36 - 2014-07-30 15:36 - 00000000 ____D () C:\Users\Natasha\AppData\Local\Mozilla
2014-07-30 15:36 - 2014-07-30 15:36 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-30 15:36 - 2014-07-30 15:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 15:36 - 2014-07-30 15:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 12:08 - 2014-07-30 12:09 - 00000000 ____D () C:\Dave - DO NOT TOUCH
2014-07-30 11:55 - 2014-07-30 11:55 - 00001856 _____ () C:\Users\Natasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2014-07-28 16:08 - 2014-06-27 06:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-28 16:08 - 2014-06-27 06:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-27 17:35 - 2014-07-30 12:07 - 00000000 ____D () C:\Users\Natasha\AppData\Local\CrashDumps
2014-07-27 13:30 - 2014-08-07 11:06 - 00000000 ____D () C:\Users\Natasha\AppData\Roaming\HpUpdate
2014-07-27 13:30 - 2014-07-27 13:30 - 00003634 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series
2014-07-27 13:30 - 2014-07-27 13:30 - 00002276 _____ () C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
2014-07-27 13:30 - 2014-07-27 13:30 - 00001995 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-07-27 13:30 - 2014-07-27 13:30 - 00001198 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1050 J410 series.lnk
2014-07-27 13:30 - 2014-07-27 13:30 - 00000000 ____D () C:\ProgramData\Visan
2014-07-27 13:30 - 2014-07-27 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-07-27 13:30 - 2014-07-27 13:30 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-07-27 13:30 - 2014-07-27 13:30 - 00000000 ____D () C:\ProgramData\HP
2014-07-27 13:30 - 2014-07-27 13:30 - 00000000 ____D () C:\Program Files\HP
2014-07-27 13:30 - 2014-07-27 13:30 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-07-27 13:30 - 2014-07-27 13:30 - 00000000 ____D () C:\Program Files (x86)\HP
2014-07-27 13:29 - 2014-07-27 13:29 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-07-27 13:28 - 2014-07-27 13:32 - 00000000 ____D () C:\Users\Natasha\AppData\Local\HP
2014-07-26 14:57 - 2014-06-18 09:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-26 14:57 - 2014-06-11 14:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-26 14:57 - 2014-05-03 15:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-26 14:57 - 2014-05-03 13:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-07-26 14:56 - 2014-06-18 09:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-26 14:56 - 2014-05-30 09:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-26 14:56 - 2014-05-30 09:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-26 14:56 - 2014-05-30 09:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-26 14:56 - 2014-05-30 09:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-26 14:54 - 2014-06-19 10:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-26 14:54 - 2014-06-03 08:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-26 14:53 - 2014-06-19 12:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-26 14:53 - 2014-06-19 12:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-26 14:53 - 2014-06-19 12:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-26 14:53 - 2014-06-19 12:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-26 14:53 - 2014-06-19 12:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-26 14:53 - 2014-06-19 12:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-26 14:53 - 2014-06-19 12:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-26 14:53 - 2014-06-19 12:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-26 14:53 - 2014-06-19 12:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-26 14:53 - 2014-06-19 12:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-26 14:53 - 2014-06-19 12:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-26 14:53 - 2014-06-19 12:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-26 14:53 - 2014-06-19 12:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-26 14:53 - 2014-06-19 12:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-26 14:53 - 2014-06-19 12:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-26 14:53 - 2014-06-19 12:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-26 14:53 - 2014-06-19 12:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-26 14:53 - 2014-06-19 12:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-26 14:53 - 2014-06-19 12:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-26 14:53 - 2014-06-19 12:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-26 14:53 - 2014-06-19 12:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-26 14:53 - 2014-06-19 10:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-26 14:53 - 2014-06-19 10:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-26 14:53 - 2014-06-19 10:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-26 14:53 - 2014-06-19 10:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-26 14:53 - 2014-06-19 10:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-26 14:53 - 2014-06-19 10:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-26 14:53 - 2014-06-19 10:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-26 14:53 - 2014-06-19 10:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-26 14:53 - 2014-06-19 10:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-26 14:53 - 2014-06-19 10:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-26 14:53 - 2014-06-19 10:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-26 14:53 - 2014-06-19 10:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-26 14:53 - 2014-06-19 10:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-26 14:53 - 2014-06-19 10:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-26 14:53 - 2014-06-19 10:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-26 14:53 - 2014-06-19 10:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-26 14:53 - 2014-06-19 10:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-26 14:53 - 2014-06-19 10:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-26 14:53 - 2014-06-19 08:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-26 14:52 - 2014-06-19 10:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-26 14:52 - 2014-06-19 10:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-26 14:49 - 2014-06-07 00:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-26 14:49 - 2014-06-06 20:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-26 14:49 - 2014-05-30 08:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-26 14:48 - 2014-04-30 08:32 - 01301504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-26 14:48 - 2014-04-30 08:22 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-07-26 14:48 - 2014-04-03 21:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-26 14:48 - 2014-03-07 10:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-07-26 14:48 - 2014-03-07 10:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-23 06:56 - 2014-07-23 06:56 - 00001860 _____ () C:\Users\Public\Desktop\Telecom Connection Manager.lnk
2014-07-23 06:56 - 2014-07-23 06:56 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB
2014-07-23 06:56 - 2014-07-23 06:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telecom Connection Manager
2014-07-23 06:56 - 2014-07-23 06:56 - 00000000 ____D () C:\Program Files (x86)\Telecom Connection Manager
2014-07-23 06:56 - 2009-10-29 19:28 - 00119680 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbser6k.sys
2014-07-23 06:56 - 2009-10-29 19:28 - 00119680 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbnmea.sys
2014-07-23 06:56 - 2009-10-29 19:28 - 00119680 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbmdm6k.sys
2014-07-23 06:56 - 2009-10-29 19:28 - 00011776 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\massfilter.sys
2014-07-23 06:54 - 2014-07-23 06:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 14:24 - 2014-08-13 14:24 - 00013259 _____ () C:\Users\Natasha\Downloads\FRST.txt
2014-08-13 14:24 - 2014-08-13 14:23 - 00000000 ____D () C:\FRST
2014-08-13 14:23 - 2014-08-13 14:22 - 02100224 _____ (Farbar) C:\Users\Natasha\Downloads\FRST64.exe
2014-08-13 14:17 - 2014-07-30 15:39 - 00349628 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 14:17 - 2014-06-06 13:37 - 00000000 ____D () C:\Users\Natasha\AppData\Local\Deployment
2014-08-13 14:10 - 2014-08-13 14:10 - 00366718 _____ () C:\Users\Natasha\Desktop\Bleeping computer info.txt
2014-08-13 14:10 - 2014-07-30 18:20 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-08-13 14:02 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-08 21:07 - 2013-04-25 10:55 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-08-08 20:28 - 2014-08-08 20:25 - 00002434 ____N () C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
2014-08-08 20:28 - 2013-04-13 17:10 - 00002450 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk
2014-08-08 20:28 - 2013-04-13 17:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-08 20:26 - 2013-04-13 17:10 - 00000000 ____D () C:\ProgramData\WildTangent
2014-08-08 20:26 - 2013-04-13 17:10 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-08-08 20:25 - 2014-08-08 20:25 - 00000000 ____D () C:\Users\Natasha\AppData\Roaming\WildTangent
2014-08-08 20:01 - 2012-07-26 17:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 20:00 - 2014-08-08 19:59 - 00000796 _____ () C:\Windows\setupact.log
2014-08-08 19:59 - 2014-08-08 19:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 19:09 - 2014-08-08 19:03 - 00000000 ____D () C:\Users\Natasha\Desktop\dave
2014-08-08 19:05 - 2014-08-08 19:01 - 00019145 _____ () C:\Users\Natasha\Desktop\dds.txt
2014-08-08 19:05 - 2014-08-08 19:01 - 00004347 _____ () C:\Users\Natasha\Desktop\attach.txt
2014-08-08 18:54 - 2014-08-08 18:53 - 00688992 ____R (Swearware) C:\Users\Natasha\Downloads\dds.com
2014-08-08 16:22 - 2014-06-06 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-08 16:20 - 2014-06-06 13:28 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-08 16:16 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-08 16:04 - 2014-06-09 13:38 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-08 15:57 - 2014-06-06 13:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-08 15:55 - 2012-07-26 17:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 15:01 - 2014-08-07 15:00 - 00001033 _____ () C:\Users\Natasha\Desktop\Emsisoft Reports.lnk
2014-08-07 11:06 - 2014-07-27 13:30 - 00000000 ____D () C:\Users\Natasha\AppData\Roaming\HpUpdate
2014-07-31 08:23 - 2014-07-31 08:23 - 00001754 _____ () C:\sc-cleaner.txt
2014-07-31 07:29 - 2014-07-31 07:29 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Natasha\Downloads\sc-cleaner.exe
2014-07-30 20:28 - 2014-06-06 13:42 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2542304171-4110391405-203212581-1001
2014-07-30 20:10 - 2014-07-30 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-30 18:23 - 2014-07-30 18:23 - 00001095 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-07-30 18:23 - 2014-07-30 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-30 18:12 - 2014-07-30 17:57 - 233663808 _____ (Emsisoft GmbH ) C:\Users\Natasha\Downloads\EmsisoftAntiMalwareSetup.exe
2014-07-30 17:49 - 2014-07-30 17:50 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Natasha\Downloads\iExplore.exe
2014-07-30 17:44 - 2014-07-30 17:48 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Natasha\Downloads\rkill.exe
2014-07-30 17:13 - 2014-07-30 15:42 - 00002258 _____ () C:\Windows\PFRO.log
2014-07-30 17:13 - 2012-07-26 15:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-30 17:12 - 2014-07-30 17:07 - 00000000 ____D () C:\AdwCleaner
2014-07-30 17:12 - 2014-06-06 12:35 - 00000957 _____ () C:\Users\Natasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-30 16:18 - 2014-07-30 16:18 - 00302593 _____ () C:\Users\Natasha\AppData\Local\census.cache
2014-07-30 16:18 - 2014-07-30 16:18 - 00159883 _____ () C:\Users\Natasha\AppData\Local\ars.cache
2014-07-30 16:10 - 2014-07-30 16:10 - 00000000 _____ () C:\Windows\system32\atiuxpag.dll
2014-07-30 16:10 - 2014-07-30 16:10 - 00000000 _____ () C:\Windows\system32\atiu9pag.dll
2014-07-30 16:10 - 2014-07-30 16:10 - 00000000 _____ () C:\Windows\system32\atidxx32.dll
2014-07-30 16:10 - 2014-07-30 16:10 - 00000000 _____ () C:\Windows\system32\aticfx32.dll
2014-07-30 16:08 - 2014-07-30 16:08 - 00000010 _____ () C:\Users\Natasha\AppData\Local\sponge.last.runtime.cache
2014-07-30 16:02 - 2014-07-30 16:02 - 02473936 _____ (Trend Micro Inc.) C:\Users\Natasha\Downloads\HousecallLauncher64.exe
2014-07-30 16:02 - 2014-07-30 16:02 - 00000036 _____ () C:\Users\Natasha\AppData\Local\housecall.guid.cache
2014-07-30 15:42 - 2014-07-30 15:42 - 00422944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-30 15:41 - 2014-07-30 15:41 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-30 15:40 - 2014-07-30 15:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-30 15:40 - 2014-06-06 13:53 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-30 15:40 - 2014-06-06 13:53 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-30 15:40 - 2014-06-06 13:53 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-30 15:40 - 2014-06-06 13:53 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-30 15:40 - 2014-06-06 13:53 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-30 15:40 - 2014-06-06 13:53 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-30 15:40 - 2014-06-06 13:53 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-30 15:40 - 2014-06-06 13:53 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-30 15:40 - 2014-06-06 13:52 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-30 15:36 - 2014-07-30 15:36 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-30 15:36 - 2014-07-30 15:36 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-30 15:36 - 2014-07-30 15:36 - 00000000 ____D () C:\Users\Natasha\AppData\Roaming\Mozilla
2014-07-30 15:36 - 2014-07-30 15:36 - 00000000 ____D () C:\Users\Natasha\AppData\Local\Mozilla
2014-07-30 15:36 - 2014-07-30 15:36 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-30 15:36 - 2014-07-30 15:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 15:36 - 2014-07-30 15:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 12:09 - 2014-07-30 12:08 - 00000000 ____D () C:\Dave - DO NOT TOUCH
2014-07-30 12:07 - 2014-07-27 17:35 - 00000000 ____D () C:\Users\Natasha\AppData\Local\CrashDumps
2014-07-30 12:07 - 2013-04-13 15:49 - 00000000 ____D () C:\Windows\Panther
2014-07-30 12:02 - 2014-06-06 14:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-30 12:01 - 2014-06-06 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-30 12:01 - 2014-06-06 14:03 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-30 11:55 - 2014-07-30 11:55 - 00001856 _____ () C:\Users\Natasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2014-07-28 16:34 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\rescache
2014-07-28 16:05 - 2014-06-06 15:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-28 16:05 - 2012-07-26 18:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-28 16:05 - 2012-07-26 18:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-28 16:05 - 2012-07-26 17:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-28 16:02 - 2012-07-26 15:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-28 16:01 - 2012-07-26 17:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-27 14:53 - 2014-06-06 14:58 - 00000000 ____D () C:\Users\Natasha\AppData\Local\clear.fi
2014-07-27 14:46 - 2014-06-06 12:34 - 00000000 ____D () C:\Users\Natasha\AppData\Local\Packages
2014-07-27 13:32 - 2014-07-27 13:28 - 00000000 ____D () C:\Users\Natasha\AppData\Local\HP
2014-07-27 13:30 - 2014-07-27 13:30 - 00003634 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series
2014-07-27 13:30 - 2014-07-27 13:30 - 00002276 _____ () C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk
2014-07-27 13:30 - 2014-07-27 13:30 - 00001995 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-07-27 13:30 - 2014-07-27 13:30 - 00001198 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1050 J410 series.lnk
2014-07-27 13:30 - 2014-07-27 13:30 - 00000000 ____D () C:\ProgramData\Visan
2014-07-27 13:30 - 2014-07-27 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-07-27 13:30 - 2014-07-27 13:30 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-07-27 13:30 - 2014-07-27 13:30 - 00000000 ____D () C:\ProgramData\HP
2014-07-27 13:30 - 2014-07-27 13:30 - 00000000 ____D () C:\Program Files\HP
2014-07-27 13:30 - 2014-07-27 13:30 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-07-27 13:30 - 2014-07-27 13:30 - 00000000 ____D () C:\Program Files (x86)\HP
2014-07-27 13:29 - 2014-07-27 13:29 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-07-26 14:34 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-23 06:56 - 2014-07-23 06:56 - 00001860 _____ () C:\Users\Public\Desktop\Telecom Connection Manager.lnk
2014-07-23 06:56 - 2014-07-23 06:56 - 00000000 ____D () C:\Windows\SysWOW64\SupportAppCB
2014-07-23 06:56 - 2014-07-23 06:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telecom Connection Manager
2014-07-23 06:56 - 2014-07-23 06:56 - 00000000 ____D () C:\Program Files (x86)\Telecom Connection Manager
2014-07-23 06:56 - 2013-04-25 10:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-23 06:54 - 2014-07-23 06:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

Some content of TEMP:
====================
C:\Users\Natasha\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Natasha\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 12:47

==================== End Of Log ============================



#6 MajorBrainDamage

MajorBrainDamage
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 13 August 2014 - 12:05 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014
Ran by Natasha at 2014-08-13 14:26:20
Running from C:\Users\Natasha\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30313 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{29200C76-2ADF-0C62-BE0D-2AC087740379}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0313.0012.41666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0313.13.41666 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
ETDWare PS/2-X64 11.6.22.201_WHQL (HKLM\...\Elantech) (Version: 11.6.22.201 - ELAN Microelectronic Corp.)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 8.1.0.17 - WildTangent, Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4631.1004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-GB)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
QCA CardReader Driver Installer (HKLM-x32\...\{4E0BC999-655B-421D-87F3-640C6F2BFC11}) (Version: 1.0.1.34 - Qualcomm Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.49 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Telecom Connection Manager (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 0.2 - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-07-2014 20:15:37 Windows Update
27-07-2014 03:00:22 Windows Update
30-07-2014 05:38:46 avast! antivirus system restore point
07-08-2014 03:45:45 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 15:26 - 2012-07-26 15:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A0CB9A9-FA76-49B0-992B-FF220D64457A} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-03-15] (Acer Incorporate)
Task: {1194CFF9-E41B-45B5-AFC3-2FC0F6F6BEBC} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {4749CC26-68AC-4F40-BA00-646E6ADA7F03} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {5E2CC54B-C82D-4625-A37A-3C990C10E233} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-30] (AVAST Software)
Task: {63E8958B-0016-4F5F-BCA2-36022CC9A470} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {64B06996-A259-4B92-A552-D35B3D0B0F60} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {8A877576-CF11-40C3-9A99-7FF7F91BFAA6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-08] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BAD80A28-B500-4584-B0E1-DA846F569AA0} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {BB9F5B39-1AF7-4550-B423-501BB22FC86D} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-14] ()
Task: {C534AE67-BD0C-46A8-AFF8-3EAFFD1B2BA3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-08] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D66D3492-C717-43CF-AB8A-5BB1F521D6AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {DA8FF99F-7771-4BA0-A129-F439F8DB6804} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-26] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

==================== Loaded Modules (whitelisted) =============

2014-07-23 06:56 - 2010-09-09 15:40 - 00253264 _____ () C:\Program Files (x86)\Telecom Connection Manager\AssistantServices.exe
2014-08-08 16:11 - 2014-08-08 16:11 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-04-25 11:40 - 2013-02-20 22:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-04-15 11:23 - 2013-04-15 11:23 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-04-15 11:20 - 2013-04-15 11:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-04-15 11:25 - 2013-04-15 11:25 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-07-23 06:56 - 2010-09-09 15:40 - 00139088 _____ () C:\Program Files (x86)\Telecom Connection Manager\UIExec.exe
2014-06-08 10:45 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-30 18:21 - 2014-06-18 15:50 - 00703800 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2014-07-30 15:40 - 2014-07-30 15:40 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-01 19:03 - 2014-08-01 19:03 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080100\algo.dll
2014-08-08 15:57 - 2014-08-08 15:57 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080701\algo.dll
2014-07-30 15:40 - 2014-07-30 15:40 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-30 16:10 - 2014-07-30 16:10 - 00000000 _____ () C:\Windows\SYSTEM32\atiu9pag.dll
2014-07-30 15:36 - 2014-07-17 15:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-30 16:10 - 2014-07-30 16:10 - 00000000 _____ () C:\Windows\SYSTEM32\aticfx32.dll
2014-07-30 16:10 - 2014-07-30 16:10 - 00000000 _____ () C:\Windows\SYSTEM32\atiuxpag.dll
2014-07-30 16:10 - 2014-07-30 16:10 - 00000000 _____ () C:\Windows\SYSTEM32\atidxx32.dll
2014-08-08 16:06 - 2014-08-08 16:06 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-06-06 13:38 - 2014-06-06 13:38 - 00038112 _____ () C:\Users\Natasha\AppData\Local\assembly\dl3\QXJMJ7KW.W52\8L5O62N9.TO2\cfe79656\00e4f9f5_68dfcd01\WordAddIn.DLL
2014-06-06 13:29 - 2014-06-06 13:29 - 00196224 _____ () C:\Program Files\Microsoft Office 15\root\office15\IEAWSDC.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Bluetooth USB Adapter
Description: Bluetooth USB Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2014 08:27:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: happyplace)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/08/2014 08:27:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11d0

Start Time: 01cfb2f3089c2d45

Termination Time: 4294967295

Application Path: C:\Windows\system32\wwahost.exe

Report Id: 50d1b5ff-1ee6-11e4-be7e-206a8a967675

Faulting package full name: Microsoft.BingWeather_1.7.0.26_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (08/08/2014 08:25:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: happyplace)
Description: App Microsoft.BingWeather_8wekyb3d8bbwe!App did not launch within its allotted time.

Error: (08/01/2014 07:49:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x513ffaa6
Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x513ffaa6
Exception code: 0xc0000005
Fault offset: 0x000000000002ea19
Faulting process id: 0x2ec
Faulting application start time: 0xatieclxx.exe0
Faulting application path: atieclxx.exe1
Faulting module path: atieclxx.exe2
Report Id: atieclxx.exe3
Faulting package full name: atieclxx.exe4
Faulting package-relative application ID: atieclxx.exe5

Error: (07/30/2014 04:26:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x513ffaa6
Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x513ffaa6
Exception code: 0xc0000005
Fault offset: 0x000000000002ea19
Faulting process id: 0x12a4
Faulting application start time: 0xatieclxx.exe0
Faulting application path: atieclxx.exe1
Faulting module path: atieclxx.exe2
Report Id: atieclxx.exe3
Faulting package full name: atieclxx.exe4
Faulting package-relative application ID: atieclxx.exe5

Error: (07/30/2014 03:38:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service IePlugin Services since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (07/30/2014 03:31:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: mbamcore.dll, version: 1.0.11.0, time stamp: 0x536d8027
Exception code: 0xc0000005
Fault offset: 0x00007369
Faulting process id: 0x1610
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (07/30/2014 11:00:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regsvr32.exe, version: 6.2.9200.16384, time stamp: 0x5010a4f2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007f9561803a4
Faulting process id: 0x1a60
Faulting application start time: 0xregsvr32.exe0
Faulting application path: regsvr32.exe1
Faulting module path: regsvr32.exe2
Report Id: regsvr32.exe3
Faulting package full name: regsvr32.exe4
Faulting package-relative application ID: regsvr32.exe5

Error: (07/30/2014 10:53:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regsvr32.exe, version: 6.2.9200.16384, time stamp: 0x5010a4f2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007f9561803a4
Faulting process id: 0x2254
Faulting application start time: 0xregsvr32.exe0
Faulting application path: regsvr32.exe1
Faulting module path: regsvr32.exe2
Report Id: regsvr32.exe3
Faulting package full name: regsvr32.exe4
Faulting package-relative application ID: regsvr32.exe5

Error: (07/29/2014 10:36:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x513ffaa6
Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x513ffaa6
Exception code: 0xc0000005
Fault offset: 0x000000000002ea19
Faulting process id: 0x1f50
Faulting application start time: 0xatieclxx.exe0
Faulting application path: atieclxx.exe1
Faulting module path: atieclxx.exe2
Report Id: atieclxx.exe3
Faulting package full name: atieclxx.exe4
Faulting package-relative application ID: atieclxx.exe5


System errors:
=============
Error: (08/08/2014 03:54:54 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (08/08/2014 03:55:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:04:46 p.m. on ‎7/‎08/‎2014 was unexpected.

Error: (07/30/2014 05:13:15 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (07/30/2014 03:42:11 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (07/30/2014 03:40:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! EmHWID service failed to start due to the following error:
%%127

Error: (07/30/2014 11:00:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (07/30/2014 10:54:27 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (07/30/2014 10:54:03 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (07/30/2014 10:53:58 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (07/30/2014 10:52:57 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.


Microsoft Office Sessions:
=========================
Error: (08/08/2014 08:27:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: happyplace)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927142

Error: (08/08/2014 08:27:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.2.9200.1642011d001cfb2f3089c2d454294967295C:\Windows\system32\wwahost.exe50d1b5ff-1ee6-11e4-be7e-206a8a967675Microsoft.BingWeather_1.7.0.26_x64__8wekyb3d8bbweApp

Error: (08/08/2014 08:25:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: happyplace)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App

Error: (08/01/2014 07:49:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.1143513ffaa6atieclxx.exe6.14.11.1143513ffaa6c0000005000000000002ea192ec01cfad6dedcea138C:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe2c562b29-1961-11e4-be7d-206a8a967675

Error: (07/30/2014 04:26:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.1143513ffaa6atieclxx.exe6.14.11.1143513ffaa6c0000005000000000002ea1912a401cfabbf377e82beC:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe7643efc6-17b2-11e4-be7c-206a8a967675

Error: (07/30/2014 03:38:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service IePlugin Services since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (07/30/2014 03:31:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532mbamcore.dll1.0.11.0536d8027c000000500007369161001cfab9a353bda58C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamcore.dllc8ba5101-17aa-11e4-be7b-206a8a967675

Error: (07/30/2014 11:00:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: regsvr32.exe6.2.9200.163845010a4f2unknown0.0.0.000000000c0000005000007f9561803a41a6001cfab919d3ed4a4C:\Windows\system32\regsvr32.exeunknowndb5494bb-1784-11e4-be7b-206a8a967675

Error: (07/30/2014 10:53:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: regsvr32.exe6.2.9200.163845010a4f2unknown0.0.0.000000000c0000005000007f9561803a4225401cfab90ad554533C:\Windows\system32\regsvr32.exeunknowneba3a348-1783-11e4-be7b-206a8a967675

Error: (07/29/2014 10:36:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: atieclxx.exe6.14.11.1143513ffaa6atieclxx.exe6.14.11.1143513ffaa6c0000005000000000002ea191f5001cfaac51a325ab2C:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe58799f8c-16b8-11e4-be7b-206a8a967675


==================== Memory info ===========================

Processor: AMD E1-2500 APU with Radeon™ HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 3525 MB
Available physical RAM: 2054.1 MB
Total Pagefile: 4165 MB
Available Pagefile: 2101.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:450.91 GB) (Free:410.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: F31BA487)

Partition: GPT Partition Type.

==================== End Of Log ============================



#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 13 August 2014 - 06:56 AM

Hello Dave,

this looks worse than it actually is.
Please do the following to start with:


Please download this attached Attached File  fixlist.txt   107bytes   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#8 MajorBrainDamage

MajorBrainDamage
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 14 August 2014 - 02:57 AM

Thanks for that, it is good to hear that it looks worse than it actually is :)

 

Log as requested.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2014
Ran by Natasha at 2014-08-14 17:49:32 Run:1
Running from C:\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CMD: bitsadmin /list /verbose
CMD: bitsadmin /reset /allusers
CMD: bitsadmin /list /verbose
EmptyTemp:

*****************


=========  bitsadmin /list /verbose =========


BITSADMIN version 3.0 [ 7.6.9200 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

GUID: {5B9B32FB-C742-4539-A6CB-ABFE7ED0F8F4} DISPLAY: '1844807883-1731262199'
TYPE: DOWNLOAD STATE: TRANSFERRED OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 1 / 1 BYTES: 637112 / 637112
CREATION TIME: 30/07/2014 11:38:17 a.m. MODIFICATION TIME: 30/07/2014 11:48:20 a.m.
COMPLETION TIME: 30/07/2014 11:48:20 a.m. ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 1
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    637112 / 637112 WORKING http://i1.superstoragemy.com/addons/590_wpc.exe -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\590_wpc.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {CD276A57-F3B7-4D17-84ED-CBFF555A07EA} DISPLAY: '1844807883-4187867897'
TYPE: DOWNLOAD STATE: TRANSFERRED OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 1 / 1 BYTES: 637112 / 637112
CREATION TIME: 30/07/2014 11:41:17 a.m. MODIFICATION TIME: 30/07/2014 12:11:22 p.m.
COMPLETION TIME: 30/07/2014 12:11:22 p.m. ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 3
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    637112 / 637112 WORKING http://i2.superstoragemy.com/addons/590_wpc.exe -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\590_wpc.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {6CEBFEF2-2A77-48E8-8BCA-36A3EBAAB7F4} DISPLAY: '1897044947-898016434'
TYPE: DOWNLOAD STATE: TRANSFERRED OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 1 / 1 BYTES: 1722581 / 1722581
CREATION TIME: 30/07/2014 11:29:02 a.m. MODIFICATION TIME: 30/07/2014 12:19:10 p.m.
COMPLETION TIME: 30/07/2014 12:19:10 p.m. ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 5
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    1722581 / 1722581 WORKING http://i1.superstoragemy.com/addons/ezdownloader.exe -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\EzDownloader_setup.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {33041BC0-B49E-4C9C-9A6B-791818EBE445} DISPLAY: '1187728731-2881086105'
TYPE: DOWNLOAD STATE: TRANSFERRED OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 1 / 1 BYTES: 4380168 / 4380168
CREATION TIME: 30/07/2014 11:25:46 a.m. MODIFICATION TIME: 30/07/2014 1:06:01 p.m.
COMPLETION TIME: 30/07/2014 1:06:01 p.m. ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 10
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    4380168 / 4380168 WORKING http://dl.softservers.net/111000524/OptimizerPro.exe -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\OpProSetup.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {12A0CDD1-3055-4A5C-B74F-F16D20042D3B} DISPLAY: '3715046532-2391233092'
TYPE: DOWNLOAD STATE: TRANSFERRED OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 1 / 1 BYTES: 4983808 / 4983808
CREATION TIME: 30/07/2014 11:07:14 a.m. MODIFICATION TIME: 30/07/2014 1:47:32 p.m.
COMPLETION TIME: 30/07/2014 1:47:32 p.m. ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 16
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    4983808 / 4983808 WORKING http://i1.superstoragemy.com/addons/dfndr/180/tpq.exe -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\putfu.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {87C24EF0-8773-45A8-9DD1-F7C0833551EB} DISPLAY: '1897044947-2058795630'
TYPE: DOWNLOAD STATE: TRANSFERRED OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 1 / 1 BYTES: 1722581 / 1722581
CREATION TIME: 30/07/2014 11:32:02 a.m. MODIFICATION TIME: 30/07/2014 2:17:22 p.m.
COMPLETION TIME: 30/07/2014 2:17:22 p.m. ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 19
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    1722581 / 1722581 WORKING http://i2.superstoragemy.com/addons/ezdownloader.exe -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\EzDownloader_setup.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {584C3A9C-AF23-4021-89EF-CFC7F6D0FFB1} DISPLAY: '3715046532-591126630'
TYPE: DOWNLOAD STATE: TRANSFERRED OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 1 / 1 BYTES: 4983808 / 4983808
CREATION TIME: 30/07/2014 11:10:14 a.m. MODIFICATION TIME: 30/07/2014 3:21:15 p.m.
COMPLETION TIME: 30/07/2014 3:21:15 p.m. ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 27
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    4983808 / 4983808 WORKING http://i2.superstoragemy.com/addons/dfndr/180/tpq.exe -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\putfu.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {AD93A4A2-28FD-4063-A701-14BB45077C14} DISPLAY: '1844807883-1731262199'
TYPE: DOWNLOAD STATE: TRANSFERRED OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 1 / 1 BYTES: 637112 / 637112
CREATION TIME: 30/07/2014 11:44:18 a.m. MODIFICATION TIME: 30/07/2014 4:15:36 p.m.
COMPLETION TIME: 30/07/2014 4:15:36 p.m. ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 29
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    637112 / 637112 WORKING http://i1.superstoragemy.com/addons/590_wpc.exe -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\590_wpc.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {E8DDA914-1471-40D2-8B86-8E96CB9884BB} DISPLAY: '1897044947-898016434'
TYPE: DOWNLOAD STATE: TRANSFERRED OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 1 / 1 BYTES: 1722581 / 1722581
CREATION TIME: 30/07/2014 11:35:03 a.m. MODIFICATION TIME: 30/07/2014 5:19:08 p.m.
COMPLETION TIME: 30/07/2014 5:19:08 p.m. ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 39
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    1722581 / 1722581 WORKING http://i1.superstoragemy.com/addons/ezdownloader.exe -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\EzDownloader_setup.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {446C0CC5-EFB5-4C89-8CEF-ADED85DADDAB} DISPLAY: '1872940339-2094926196'
TYPE: DOWNLOAD STATE: TRANSFERRED OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 1 / 1 BYTES: 1082880 / 1082880
CREATION TIME: 30/07/2014 11:22:31 a.m. MODIFICATION TIME: 31/07/2014 2:16:27 p.m.
COMPLETION TIME: 31/07/2014 2:16:27 p.m. ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 155
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    1082880 / 1082880 WORKING http://i1.superstoragemy.com/addons/agup.exe -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\usetup.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {BD6B2FA2-5C03-4D46-B668-FDA7B6BAF163} DISPLAY: '1018753992-618002755'
TYPE: DOWNLOAD STATE: TRANSFERRED OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 1 / 1 BYTES: 1015784 / 1015784
CREATION TIME: 30/07/2014 10:43:29 a.m. MODIFICATION TIME: 1/08/2014 2:15:31 a.m.
COMPLETION TIME: 1/08/2014 2:15:31 a.m. ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 314
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    1015784 / 1015784 WORKING http://getlivvek.info/?e=pcho&cht=2&dcu=1&cpatch=2&dcs=1&pf=1&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=2459&dd=4&country=NZ&ind=1731735736194987546&exid=1406680614836868244&ssd=11162680926366168624&hid=6552836843469580944&osid=602&channel=0&sfx=1&jc=1&category_name=PriceChop2&install_date=20130730 -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\setupespl.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {78A4D945-713A-4AFB-8947-7A8ED9EC3D3B} DISPLAY: '2169052944-365712703'
TYPE: DOWNLOAD STATE: TRANSFERRED OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 1 / 1 BYTES: 1943208 / 1943208
CREATION TIME: 30/07/2014 10:50:05 a.m. MODIFICATION TIME: 1/08/2014 2:15:53 a.m.
COMPLETION TIME: 1/08/2014 2:15:53 a.m. ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 313
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    1943208 / 1943208 WORKING http://getlivvek.info/?e=pcho&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=2459&dd=3&country=NZ&ind=1731735736194987546&exid=1406680614836868244&ssd=11162680926366168624&hid=6552836843469580944&osid=602&channel=0&sfx=1&jc=1&utid=3&category_name=PriceChopIE&install_date=20130730 -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\extIE_setup.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {6ED10DB1-75CC-4C08-BBBE-84E9D5CED425} DISPLAY: '2416173019-3855209841'
TYPE: DOWNLOAD STATE: TRANSFERRED OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 1 / 1 BYTES: 1977384 / 1977384
CREATION TIME: 30/07/2014 10:56:49 a.m. MODIFICATION TIME: 1/08/2014 2:15:52 a.m.
COMPLETION TIME: 1/08/2014 2:15:52 a.m. ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 307
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    1977384 / 1977384 WORKING http://getlivvek.info/?e=ytr&dd=19&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=2459&country=NZ&prv=Adblocker&ind=1731735736194987546&exid=1406680614836868244&ssd=11162680926366168624&hid=6552836843469580944&osid=602&channel=0&sfx=1&jc=1&utid=3&category_name=YoutubeAdblocker&install_date=20130730 -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\setupytb.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {76340BC2-9100-414E-B150-998E8D89CFB2} DISPLAY: '2270203774-1924990080'
TYPE: DOWNLOAD STATE: TRANSFERRED OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 1 / 1 BYTES: 981672 / 981672
CREATION TIME: 30/07/2014 11:03:40 a.m. MODIFICATION TIME: 1/08/2014 2:15:54 a.m.
COMPLETION TIME: 1/08/2014 2:15:54 a.m. ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 312
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    981672 / 981672 WORKING http://getlivvek.info/?e=bsp&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=2459&country=NZ&dd=5&cid=520&vn=178&ind=1731735736194987546&exid=1406680614836868244&ssd=11162680926366168624&hid=6552836843469580944&osid=602&channel=0&sfx=1&jc=1&category_name=&install_date=20130730 -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\setupbc.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {CD352467-AE5A-4FB8-9717-05E87DC600B6} DISPLAY: '2124959213-3089395018'
TYPE: DOWNLOAD STATE: ERROR OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 0 / 1 BYTES: 0 / UNKNOWN
CREATION TIME: 30/07/2014 10:45:57 a.m. MODIFICATION TIME: 7/08/2014 11:00:27 a.m.
COMPLETION TIME: UNKNOWN ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 294
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
ERROR FILE:    http://musicget.name/?e=pcho&cht=2&dcu=1&cpatch=2&dcs=1&pf=1&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=2459&dd=4&country=NZ&ind=1731735736194987546&exid=1406680614836868244&ssd=10098407721904134520&hid=6552836843469580944&osid=602&channel=0&sfx=1&jc=1&category_name=PriceChop2&install_date=20130730 -> C:\Users\Natasha\AppData\Local\Temp\4951682e\temp\setupespl.exe
ERROR CODE:    0x80072f78
ERROR CONTEXT: 0x00000005
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\4951682e\temp
JOB FILES:
    0 / UNKNOWN WORKING http://musicget.name/?e=pcho&cht=2&dcu=1&cpatch=2&dcs=1&pf=1&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=2459&dd=4&country=NZ&ind=1731735736194987546&exid=1406680614836868244&ssd=10098407721904134520&hid=6552836843469580944&osid=602&channel=0&sfx=1&jc=1&category_name=PriceChop2&install_date=20130730 -> C:\Users\Natasha\AppData\Local\Temp\4951682e\temp\setupespl.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {2081F410-C628-475A-9248-FFE2C00684B1} DISPLAY: '2270203774-2608971236'
TYPE: DOWNLOAD STATE: ERROR OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 0 / 1 BYTES: 0 / UNKNOWN
CREATION TIME: 30/07/2014 11:00:39 a.m. MODIFICATION TIME: 7/08/2014 11:00:28 a.m.
COMPLETION TIME: UNKNOWN ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 291
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
ERROR FILE:    http://musicget.name/?e=bsp&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=2459&country=NZ&dd=5&cid=520&vn=178&ind=1731735736194987546&exid=1406680614836868244&ssd=11162680926366168624&hid=6552836843469580944&osid=602&channel=0&sfx=1&jc=1&category_name=&install_date=20130730 -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\setupbc.exe
ERROR CODE:    0x80072f78
ERROR CONTEXT: 0x00000005
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    0 / UNKNOWN WORKING http://musicget.name/?e=bsp&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=2459&country=NZ&dd=5&cid=520&vn=178&ind=1731735736194987546&exid=1406680614836868244&ssd=11162680926366168624&hid=6552836843469580944&osid=602&channel=0&sfx=1&jc=1&category_name=&install_date=20130730 -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\setupbc.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {AF2517A1-9946-46BB-AF63-F9C16A67CE52} DISPLAY: '2169052944-561745175'
TYPE: DOWNLOAD STATE: ERROR OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 0 / 1 BYTES: 0 / UNKNOWN
CREATION TIME: 30/07/2014 10:47:05 a.m. MODIFICATION TIME: 7/08/2014 11:00:27 a.m.
COMPLETION TIME: UNKNOWN ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 294
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
ERROR FILE:    http://musicget.name/?e=pcho&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=2459&dd=3&country=NZ&ind=1731735736194987546&exid=1406680614836868244&ssd=11162680926366168624&hid=6552836843469580944&osid=602&channel=0&sfx=1&jc=1&utid=3&category_name=PriceChopIE&install_date=20130730 -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\extIE_setup.exe
ERROR CODE:    0x80072f78
ERROR CONTEXT: 0x00000005
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    0 / UNKNOWN WORKING http://musicget.name/?e=pcho&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=2459&dd=3&country=NZ&ind=1731735736194987546&exid=1406680614836868244&ssd=11162680926366168624&hid=6552836843469580944&osid=602&channel=0&sfx=1&jc=1&utid=3&category_name=PriceChopIE&install_date=20130730 -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\extIE_setup.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {4FE3EF32-F502-453A-B8DD-4B7C2643F352} DISPLAY: '2416173019-2073409462'
TYPE: DOWNLOAD STATE: ERROR OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 0 / 1 BYTES: 0 / UNKNOWN
CREATION TIME: 30/07/2014 10:53:49 a.m. MODIFICATION TIME: 7/08/2014 11:00:28 a.m.
COMPLETION TIME: UNKNOWN ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 292
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
ERROR FILE:    http://musicget.name/?e=ytr&dd=19&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=2459&country=NZ&prv=Adblocker&ind=1731735736194987546&exid=1406680614836868244&ssd=11162680926366168624&hid=6552836843469580944&osid=602&channel=0&sfx=1&jc=1&utid=3&category_name=YoutubeAdblocker&install_date=20130730 -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\setupytb.exe
ERROR CODE:    0x80072f78
ERROR CONTEXT: 0x00000005
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    0 / UNKNOWN WORKING http://musicget.name/?e=ytr&dd=19&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=2459&country=NZ&prv=Adblocker&ind=1731735736194987546&exid=1406680614836868244&ssd=11162680926366168624&hid=6552836843469580944&osid=602&channel=0&sfx=1&jc=1&utid=3&category_name=YoutubeAdblocker&install_date=20130730 -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\setupytb.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {86457B6F-82FD-44BF-AE7A-9042C5E7BD08} DISPLAY: '1018753992-256064866'
TYPE: DOWNLOAD STATE: ERROR OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 0 / 1 BYTES: 0 / UNKNOWN
CREATION TIME: 30/07/2014 10:40:28 a.m. MODIFICATION TIME: 7/08/2014 11:00:26 a.m.
COMPLETION TIME: UNKNOWN ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 290
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
ERROR FILE:    http://musicget.name/?e=pcho&cht=2&dcu=1&cpatch=2&dcs=1&pf=1&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=2459&dd=4&country=NZ&ind=1731735736194987546&exid=1406680614836868244&ssd=11162680926366168624&hid=6552836843469580944&osid=602&channel=0&sfx=1&jc=1&category_name=PriceChop2&install_date=20130730 -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\setupespl.exe
ERROR CODE:    0x80072f78
ERROR CONTEXT: 0x00000005
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    0 / UNKNOWN WORKING http://musicget.name/?e=pcho&cht=2&dcu=1&cpatch=2&dcs=1&pf=1&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=2459&dd=4&country=NZ&ind=1731735736194987546&exid=1406680614836868244&ssd=11162680926366168624&hid=6552836843469580944&osid=602&channel=0&sfx=1&jc=1&category_name=PriceChop2&install_date=20130730 -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\setupespl.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {42FE294D-3863-4B63-A289-988DC9900917} DISPLAY: '1872940339-2094926196'
TYPE: DOWNLOAD STATE: TRANSFERRED OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 1 / 1 BYTES: 1082880 / 1082880
CREATION TIME: 30/07/2014 11:16:30 a.m. MODIFICATION TIME: 8/08/2014 6:36:15 p.m.
COMPLETION TIME: 8/08/2014 6:36:15 p.m. ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 461
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    1082880 / 1082880 WORKING http://i1.superstoragemy.com/addons/agup.exe -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\usetup.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


GUID: {B7096014-A210-4569-A9ED-CA8CA228DAC1} DISPLAY: '1872940339-3136335259'
TYPE: DOWNLOAD STATE: TRANSFERRED OWNER: happyplace\Natasha
PRIORITY: FOREGROUND FILES: 1 / 1 BYTES: 1082880 / 1082880
CREATION TIME: 30/07/2014 11:19:30 a.m. MODIFICATION TIME: 8/08/2014 6:36:15 p.m.
COMPLETION TIME: 8/08/2014 6:36:15 p.m. ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 604800 ERROR COUNT: 459
PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL
DESCRIPTION: C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp
JOB FILES:
    1082880 / 1082880 WORKING http://i2.superstoragemy.com/addons/agup.exe -> C:\Users\Natasha\AppData\Local\Temp\0e5b78cc\temp\usetup.exe
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: HIGH
owner elevated ?           true

Peercaching flags
     Enable download from peers      :false
     Enable serving to peers         :false

CUSTOM HEADERS: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7
Pragma: no-cache
Expect: 100-continue


Listed 21 job(s).

========= End of CMD: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.6.9200 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {C1614381-2ED8-4D51-BCAD-4979217B0C62}.
Unable to cancel {3C0746DE-350D-46B1-BEDD-C8A24AAC686A}.
{5B9B32FB-C742-4539-A6CB-ABFE7ED0F8F4} canceled.
{CD276A57-F3B7-4D17-84ED-CBFF555A07EA} canceled.
{6CEBFEF2-2A77-48E8-8BCA-36A3EBAAB7F4} canceled.
{33041BC0-B49E-4C9C-9A6B-791818EBE445} canceled.
{12A0CDD1-3055-4A5C-B74F-F16D20042D3B} canceled.
{87C24EF0-8773-45A8-9DD1-F7C0833551EB} canceled.
{584C3A9C-AF23-4021-89EF-CFC7F6D0FFB1} canceled.
{AD93A4A2-28FD-4063-A701-14BB45077C14} canceled.
{E8DDA914-1471-40D2-8B86-8E96CB9884BB} canceled.
{446C0CC5-EFB5-4C89-8CEF-ADED85DADDAB} canceled.
{BD6B2FA2-5C03-4D46-B668-FDA7B6BAF163} canceled.
{78A4D945-713A-4AFB-8947-7A8ED9EC3D3B} canceled.
{6ED10DB1-75CC-4C08-BBBE-84E9D5CED425} canceled.
{76340BC2-9100-414E-B150-998E8D89CFB2} canceled.
{CD352467-AE5A-4FB8-9717-05E87DC600B6} canceled.
{2081F410-C628-475A-9248-FFE2C00684B1} canceled.
{AF2517A1-9946-46BB-AF63-F9C16A67CE52} canceled.
{4FE3EF32-F502-453A-B8DD-4B7C2643F352} canceled.
{86457B6F-82FD-44BF-AE7A-9042C5E7BD08} canceled.
{42FE294D-3863-4B63-A289-988DC9900917} canceled.
{B7096014-A210-4569-A9ED-CA8CA228DAC1} canceled.
Unable to cancel {E37BE7D0-6191-467B-87AC-30A76D68C7B0}.
Unable to cancel {EF3C4F0F-7DF6-4686-9517-57928329C761}.
Unable to cancel {3B834811-FF09-4986-9A2F-4F260F52A16C}.
Unable to cancel {A021D779-1508-4D77-9F00-20361E4B91F0}.
Unable to cancel {5D7024BA-4FC6-467C-B220-701C8F4BE4BA}.
Unable to cancel {7854B9A7-4930-4AAD-85E7-96969C792AF1}.
Unable to cancel {64462A29-30B8-4E44-8A9A-5B92FA755E78}.
Unable to cancel {E929049B-6E6E-4C1F-91CD-08A78204A545}.
Unable to cancel {8608AD6E-72D5-4011-85CB-26CDD77A6330}.
Unable to cancel {66866EEB-A466-4E31-BE71-6A5214275965}.
21 out of 33 jobs canceled.

========= End of CMD: =========


=========  bitsadmin /list /verbose =========


BITSADMIN version 3.0 [ 7.6.9200 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Listed 0 job(s).

========= End of CMD: =========

EmptyTemp: => Removed 218 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 14 August 2014 - 07:22 AM

Do you still get the blocks or detections by avast and Emsisoft?


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#10 MajorBrainDamage

MajorBrainDamage
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 19 August 2014 - 05:49 AM

Hello ahronov,

 

Sorry for the lateness of my reply, I have been away for a few days and only just returned.

The machine is currently doing the scan you have requested and I will post the results as soon as it has finished.

 

I have not noticed any further popups from Avast and I have not done a further Emsisoft scan. Would you like me to do one and post the log?

 

Cheers

Dave



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 19 August 2014 - 06:43 AM

Hello Dave,

yes, when ESET has finished you can also run scans with Avast and Emsisoft to make sure that neither of them finds a threat anymore.

#12 MajorBrainDamage

MajorBrainDamage
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 19 August 2014 - 01:19 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7e6cc222ca799e438f1a92e6bab3956d
# engine=19727
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-19 01:07:18
# local_time=2014-08-20 01:07:18 (+1200, New Zealand Standard Time)
# country="New Zealand"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 923104 5595264 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 6309295 53618426 0 0
# compatibility_mode_1='Emsisoft Anti-Malware'
# compatibility_mode=16642 16777213 100 100 0 208885926 0 0
# scanned=182693
# found=2
# cleaned=0
# scan_time=8179
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir"
 



#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 19 August 2014 - 02:58 PM

Very good. These are just two harmless files that already have been quarantined by AdwCleaner.
Do Avast or Emsisoft still detect any threats? If so can you please post the log?

#14 MajorBrainDamage

MajorBrainDamage
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 20 August 2014 - 02:09 AM

Both Avast and Emsisoft have not returned any items...



#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 20 August 2014 - 05:38 AM

Great. Then we're done.
I'd strongly recommend to keep only one antivirus software with realtime protection and uninstall the other product.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users