Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple malware infection after installing Java 8U40


  • This topic is locked This topic is locked
18 replies to this topic

#1 marikep

marikep

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 05 November 2015 - 09:15 AM

Hi,

 

I had to install Java 8 update 40 for the SARS program EASYFILE to work.  After installing this Java, one of the program that was downloaded was something called Jogotempo.  Before I installed Kaspersky (it is actually a new computer), a lot of advertisements popped up when I go on the internet, now, Kaspersky pops up with messages that it is disinfecting files.

 

I think the problem is with the Java 8 update 40 download, but I cannot uninstall the Java as I need this version to run EASYFILE.

 

I can upload a Kaspersky report as well (if that will help).  I unfortunately cannot tell you what the file names are that Kaspersky is blocking/disinfecting/deleting, as I am just pressing the delete button every time.

 

I will appreciate some help to remove the spamware/malware/viruses/whatever is wrong.

 

Thank you for your help

Marike

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-11-2015
Ran by Fin- Accounts (administrator) on FIN-ACCOUNTS-PC (05-11-2015 15:58:50)
Running from C:\Users\Fin- Accounts\Downloads
Loaded Profiles: Fin- Accounts (Available Profiles: Fin- Accounts)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\ASNB4LDRSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FingerPrint\511\AsusFPService_x64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
() C:\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88\hnspBAC8.tmp
() C:\Program Files (x86)\RayDld\ihpmServer.exe
() C:\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88\jnsk8381.tmp
() C:\Users\Fin- Accounts\AppData\Roaming\NetService\netservice.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
(DTools LIMITED) C:\ProgramData\XWMiniProX\WMiniPro.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(STMicroelectronics) C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files (x86)\baidu\pps.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Pervasive Software Inc.) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sage South Africa (Pty) Ltd) C:\Program Files (x86)\Sage Connected Services\SageCSClient.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\klwtblfs.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-18] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [915160 2014-05-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [ASUS HDD Protection Tray Application] => C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe [54272 2014-02-13] (STMicroelectronics)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2014-03-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1169880 2014-09-03] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-27] (Intel Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [406328 2014-05-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [209720 2014-05-08] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [Payroll Notification Service] => C:\Program Files (x86)\Sage Connected Services\SageCSClient.exe [944728 2015-08-25] (Sage South Africa (Pty) Ltd)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133760 2014-01-02] (Qualcomm®Atheros®)
HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\...\Run: [apphide] => C:\Program Files (x86)\baidu\pps.exe [77824 2015-10-21] ()
HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\...\Run: [Payroll Notification Service] => C:\Program Files (x86)\Sage Connected Services\SageCSClient.exe [944728 2015-08-25] (Sage South Africa (Pty) Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start Pervasive PSQL Workgroup Engine.lnk [2015-10-29]
ShortcutTarget: Start Pervasive PSQL Workgroup Engine.lnk -> C:\Windows\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.2.1.1
Tcpip\..\Interfaces\{BF922D5B-F1F6-415F-8A59-66A6BC3E7613}: [DhcpNameServer] 10.2.1.1
Tcpip\..\Interfaces\{F627B56C-247A-4E8A-A7AA-BF6F5EEAA1F2}: [DhcpNameServer] 192.15.128.24

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130910167943260956&GUID=396EFCC4-0F9C-48EC-8975-C45372BC6872
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130910167943285956&GUID=396EFCC4-0F9C-48EC-8975-C45372BC6872
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1446542904&z=251be2344b26ef3261693e1gcz0z7q6wdzdoateeaz&from=amt&uid=hgstxhts545050a7e680_rb050am500nwxp00nwxpx&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1446542904&z=251be2344b26ef3261693e1gcz0z7q6wdzdoateeaz&from=amt&uid=hgstxhts545050a7e680_rb050am500nwxp00nwxpx&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1446542904&z=251be2344b26ef3261693e1gcz0z7q6wdzdoateeaz&from=amt&uid=hgstxhts545050a7e680_rb050am500nwxp00nwxpx
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1446542904&z=251be2344b26ef3261693e1gcz0z7q6wdzdoateeaz&from=amt&uid=hgstxhts545050a7e680_rb050am500nwxp00nwxpx
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1446542904&z=251be2344b26ef3261693e1gcz0z7q6wdzdoateeaz&from=amt&uid=hgstxhts545050a7e680_rb050am500nwxp00nwxpx&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1446542904&z=251be2344b26ef3261693e1gcz0z7q6wdzdoateeaz&from=amt&uid=hgstxhts545050a7e680_rb050am500nwxp00nwxpx&q={searchTerms}
HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1446542904&z=251be2344b26ef3261693e1gcz0z7q6wdzdoateeaz&from=amt&uid=hgstxhts545050a7e680_rb050am500nwxp00nwxpx
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1152905624-1930229052-3158680621-1000 -> DefaultScope {509B360C-3E1C-45F0-9BBB-7006221BF1AC} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1152905624-1930229052-3158680621-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1152905624-1930229052-3158680621-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1152905624-1930229052-3158680621-1000 -> {509B360C-3E1C-45F0-9BBB-7006221BF1AC} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-11-04] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-11-03] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-11-03] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-11-04] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-11-03] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-11-03] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1446545133&z=bfde88bfe9c0889f8f6fb4eg5z5zcq6wbzez3b9q8t&from=face&uid=HGSTXHTS545050A7E680_RB050AM500NWXP00NWXPX

FireFox:
========
FF ProfilePath: C:\Users\Fin- Accounts\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default
FF NewTab: hxxp://www.istartsurf.com/newtab/?type=nt&ts=1446545133&z=bfde88bfe9c0889f8f6fb4eg5z5zcq6wbzez3b9q8t&from=face&uid=HGSTXHTS545050A7E680_RB050AM500NWXP00NWXPX
FF DefaultSearchEngine: oursurfing
FF Homepage: about:home
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-11-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-11-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-11-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-11-03] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-11-04] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-11-04] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-11-04] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1152905624-1930229052-3158680621-1000: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF SearchPlugin: C:\Users\Fin- Accounts\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default\searchplugins\oursurfing.xml [2015-11-03]
FF Extension: Default SearchProtected  - C:\Users\Fin- Accounts\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default\Extensions\defsearchp@gmail.com [2015-11-03] [not signed]
FF Extension: deskCut - C:\Users\Fin- Accounts\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default\Extensions\deskCutv2@gmail.com [2015-11-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Fin- Accounts\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default\extensions\deskCutv2@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Fin- Accounts\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default\extensions\defsearchp@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-11-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-11-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-11-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-11-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-11-04] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=1446545133&z=bfde88bfe9c0889f8f6fb4eg5z5zcq6wbzez3b9q8t&from=face&uid=HGSTXHTS545050A7E680_RB050AM500NWXP00NWXPX
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1446545133&z=bfde88bfe9c0889f8f6fb4eg5z5zcq6wbzez3b9q8t&from=face&uid=HGSTXHTS545050A7E680_RB050AM500NWXP00NWXPX"
CHR Profile: C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-29]
CHR Extension: (Google Docs) - C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-29]
CHR Extension: (Google Drive) - C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-29]
CHR Extension: (Google Search) - C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-29]
CHR Extension: (AdBlock) - C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-03]
CHR Extension: (EasyCalendar) - C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [2015-11-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-29]
CHR Extension: (Gmail) - C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-29]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASNB4LDRSvc; C:\Program Files (x86)\ASUS\Wireless Console 3\ASNB4LDRSvc.exe [33912 2014-03-11] (ASUS)
R2 AsusFPService; C:\Program Files (x86)\ASUS\FingerPrint\511\AsusFPService_x64.exe [840704 2014-03-25] (ASUSTek Computer Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2014-01-02] (Windows ® Win 7 DDK provider) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-18] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-18] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-18] (Intel Corporation)
R2 fofolygu; C:\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88\hnspBAC8.tmp [602112 2015-11-03] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-18] (Intel Corporation)
R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [270568 2015-10-12] ()
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
S3 intelsba; C:\Program Files\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2014-03-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 kyricobe; C:\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88\jnsk8381.tmp [225280 2015-11-03] () [File not signed]
R2 NetTcpHandler; C:\Users\Fin- Accounts\AppData\Roaming\NetService\netservice.exe [173088 2015-07-09] ()
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [173728 2015-11-04] (TODO: <公司名>)
R2 vcsFPService; C:\Windows\system32\vcsFPService.exe [2248192 2012-09-11] (Validity Sensors, Inc.) [File not signed]
R2 vcsFPService; C:\Windows\SysWOW64\vcsFPService.exe [1933312 2012-09-11] (Validity Sensors, Inc.) [File not signed]
R2 WdsManPro; C:\ProgramData\XWMiniProX\WMiniPro.exe [301704 2015-11-04] (DTools LIMITED)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-28] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-02] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmPeStor; C:\Windows\System32\drivers\AmPeStor.sys [150296 2014-04-29] (Alcor Micro, Corp.)
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [73512 2014-07-30] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-01-02] (Qualcomm Atheros)
R3 DptfDevDram; C:\Windows\System32\DRIVERS\DptfDevDram.sys [145640 2013-10-18] (Intel Corporation)
R3 DptfDevPch; C:\Windows\System32\DRIVERS\DptfDevPch.sys [116752 2013-10-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\System32\DRIVERS\DptfDevProc.sys [289744 2013-10-18] (Intel Corporation)
R3 DptfManager; C:\Windows\System32\DRIVERS\DptfManager.sys [494296 2013-10-18] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-06] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-11-04] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-11-04] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-11-29] (Qualcomm Atheros Co., Ltd.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [73928 2014-02-13] (STMicroelectronics)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-05 15:58 - 2015-11-05 15:59 - 00029124 _____ C:\Users\Fin- Accounts\Downloads\FRST.txt
2015-11-05 15:31 - 2015-11-05 15:58 - 00000000 ____D C:\FRST
2015-11-05 15:29 - 2015-11-05 15:29 - 02198016 _____ (Farbar) C:\Users\Fin- Accounts\Downloads\FRST64.exe
2015-11-05 13:01 - 2015-11-05 13:02 - 00000000 ____D C:\Users\Fin- Accounts\Documents\Clients
2015-11-05 12:06 - 2015-11-05 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-11-05 12:06 - 2015-11-05 12:06 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2015-11-05 11:56 - 2015-11-05 11:58 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\Fin- Accounts\Downloads\cbSetup.exe
2015-11-05 10:01 - 2015-11-05 10:01 - 00010064 ____N C:\Users\Fin- Accounts\Desktop\kaspersky report 20151103.txt
2015-11-05 08:37 - 2015-11-05 08:37 - 00000000 ___RD C:\Users\Fin- Accounts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-11-04 12:45 - 2015-11-04 12:45 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\Ess Tools
2015-11-04 12:44 - 2015-11-04 12:44 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-04 12:30 - 2015-11-04 12:30 - 00002677 _____ C:\Users\Public\Desktop\Accounting Partner V14.lnk
2015-11-04 12:30 - 2015-11-04 12:30 - 00000000 ____D C:\Program Files (x86)\Softline Pastel
2015-11-04 12:26 - 2015-11-04 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage Connected Services
2015-11-04 12:26 - 2015-11-04 12:26 - 00000000 ____D C:\Program Files (x86)\Sage Connected Services
2015-11-04 12:11 - 2015-11-04 12:14 - 92713080 ____N (Sage Pastel Accounting) C:\Users\Fin- Accounts\Downloads\PartnerV1411 [1.1.9].exe
2015-11-04 12:06 - 2015-11-04 12:06 - 00000000 ____D C:\Program Files (x86)\Sage Pastel
2015-11-04 10:45 - 2015-11-04 12:42 - 00002336 ____N C:\Users\Fin- Accounts\Desktop\Safe Money.lnk
2015-11-04 10:43 - 2015-11-04 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-11-04 10:43 - 2015-11-04 10:42 - 00001190 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-11-04 10:42 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-11-04 10:40 - 2015-11-05 14:57 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-04 10:40 - 2015-11-04 11:26 - 00793800 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-11-04 10:40 - 2015-11-04 11:26 - 00141320 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-11-04 10:40 - 2015-11-04 10:40 - 00000000 ____D C:\Windows\ELAMBKUP
2015-11-04 10:40 - 2015-11-04 10:40 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-11-04 10:40 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-11-04 09:26 - 2015-11-05 08:35 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\23845D4A-1446629175-434D-812D-B1BB2F3EED88
2015-11-04 09:25 - 2015-11-05 08:40 - 00000000 ____D C:\Program Files (x86)\Feed Notifier
2015-11-04 09:25 - 2015-11-04 09:26 - 00000000 ____D C:\ProgramData\XWMiniProX
2015-11-04 08:57 - 2015-11-04 08:57 - 00002017 ____N C:\Users\Fin- Accounts\Desktop\ControlCenter4.lnk
2015-11-03 12:32 - 2015-11-03 12:35 - 00001287 ____N C:\Users\Fin- Accounts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-03 12:23 - 2015-11-03 12:23 - 00000560 __RSH C:\ProgramData\ntuser.pol
2015-11-03 12:13 - 2015-11-03 12:13 - 00006778 ___RH C:\farstone_pe.letter
2015-11-03 12:07 - 2015-11-04 09:25 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-03 12:07 - 2015-11-04 09:25 - 00000000 ____D C:\Program Files (x86)\SFK
2015-11-03 12:07 - 2015-11-03 12:08 - 00000000 ____D C:\ProgramData\gWMiniProg
2015-11-03 12:07 - 2015-11-03 12:07 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Roaming\istartsurf
2015-11-03 12:05 - 2015-11-03 12:05 - 00000000 ____D C:\Program Files (x86)\MyBrowser
2015-11-03 11:38 - 2015-11-05 11:38 - 00001048 _____ C:\Windows\Tasks\tpcOKgFosvm9L9zF2nwNsO.job
2015-11-03 11:38 - 2015-11-05 11:38 - 00001036 _____ C:\Windows\Tasks\Wqk9orMnD1TBq5UG.job
2015-11-03 11:38 - 2015-11-03 11:38 - 00004104 _____ C:\Windows\System32\Tasks\tpcOKgFosvm9L9zF2nwNsO
2015-11-03 11:38 - 2015-11-03 11:38 - 00004092 _____ C:\Windows\System32\Tasks\Wqk9orMnD1TBq5UG
2015-11-03 11:37 - 2015-11-03 12:13 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-11-03 11:36 - 2015-11-03 11:52 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Roaming\Opera Software
2015-11-03 11:36 - 2015-11-03 11:52 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\Opera Software
2015-11-03 11:33 - 2015-11-04 12:37 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-11-03 11:33 - 2015-11-03 11:35 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\BrowserHelper
2015-11-03 11:33 - 2015-11-03 11:33 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\globalUpdate
2015-11-03 11:32 - 2015-11-05 08:50 - 00000000 ____D C:\Program Files\Common Files\ShopperPro
2015-11-03 11:32 - 2015-11-03 11:33 - 00000000 ____D C:\Program Files (x86)\ShopperPro
2015-11-03 11:32 - 2015-11-03 11:32 - 00004280 _____ C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333039383136393038332d324a574123346c2a556c2a5a
2015-11-03 11:32 - 2015-11-03 11:32 - 00003598 _____ C:\Windows\System32\Tasks\ShopperProJSUpd
2015-11-03 11:32 - 2015-11-03 11:32 - 00000000 ____D C:\Users\Public\Documents\ShopperPro
2015-11-03 11:32 - 2015-11-03 11:32 - 00000000 ____D C:\ProgramData\ShopperPro
2015-11-03 11:31 - 2015-11-05 14:02 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\23845D4A-1446550306-434D-812D-B1BB2F3EED88
2015-11-03 11:31 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-11-03 11:30 - 2015-11-05 12:01 - 00000000 ____D C:\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88
2015-11-03 11:30 - 2015-11-03 11:30 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-11-03 11:30 - 2015-11-03 11:30 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\CrashRpt
2015-11-03 11:29 - 2015-11-03 11:29 - 00000000 ____D C:\Program Files (x86)\RayDld
2015-11-03 11:29 - 2015-11-03 11:28 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-11-03 11:28 - 2015-11-03 11:28 - 00000000 ____D C:\Program Files\Java
2015-11-03 11:27 - 2015-11-05 08:45 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Roaming\RunDir
2015-11-03 11:27 - 2015-11-03 12:31 - 00000000 ____D C:\Users\Fin- Accounts\AppData\LocalLow\Unity
2015-11-03 11:27 - 2015-11-03 12:31 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\Unity
2015-11-03 11:27 - 2015-11-03 11:27 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Roaming\NetService
2015-11-03 11:27 - 2015-11-03 11:27 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\SysassistByHotWheel
2015-11-03 11:26 - 2015-11-03 20:53 - 00000000 ____D C:\ProgramData\IQIYI Video
2015-11-03 11:26 - 2015-11-03 11:26 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Roaming\IQIYI Video
2015-11-03 11:25 - 2015-11-03 11:27 - 43159464 ____N (Oracle Corporation) C:\Users\Fin- Accounts\Downloads\jre-8u45-windows-x64.exe
2015-11-03 11:19 - 2015-11-04 11:32 - 00000000 ____D C:\Program Files (x86)\baidu
2015-11-03 11:12 - 2015-11-03 11:12 - 00000000 ____D C:\Windows\system32\appmgmt
2015-11-03 11:02 - 2015-07-16 21:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-11-03 11:02 - 2015-07-16 21:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-11-03 11:02 - 2015-07-16 21:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-11-03 11:02 - 2015-07-16 21:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-11-03 11:02 - 2015-07-16 21:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-11-03 11:02 - 2015-07-16 21:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-11-03 11:02 - 2015-07-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-11-03 11:02 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-11-03 11:02 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-11-03 11:02 - 2015-06-03 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-11-03 11:02 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-11-03 11:02 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-11-03 11:02 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-11-03 11:02 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-11-03 11:02 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-11-03 11:02 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-11-03 11:02 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-11-03 11:02 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-11-03 11:02 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-11-03 11:02 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-11-03 11:02 - 2014-07-09 00:38 - 00419992 _____ C:\Windows\system32\locale.nls
2015-11-03 11:02 - 2014-07-09 00:30 - 00419992 _____ C:\Windows\SysWOW64\locale.nls
2015-11-03 11:01 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-11-03 10:52 - 2015-11-03 10:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-03 10:06 - 2015-11-03 10:06 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Roaming\Sun
2015-11-03 10:06 - 2015-11-03 10:06 - 00000000 ____D C:\Users\Fin- Accounts\.oracle_jre_usage
2015-11-03 09:58 - 2015-11-03 09:58 - 00000000 ____D C:\Users\Fin- Accounts\AppData\LocalLow\Oracle
2015-11-03 09:53 - 2015-11-03 09:53 - 00000000 ____D C:\Users\Fin- Accounts\Downloads\EasyFile20151102_09h00_Backup
2015-11-03 09:53 - 2015-11-02 09:00 - 12511645 ____N C:\Users\Fin- Accounts\Downloads\EasyFile20151102_09h00_Backup.zip
2015-11-02 14:18 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-11-02 14:18 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-11-02 14:18 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-11-02 14:18 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-11-02 14:18 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-11-02 14:18 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-11-02 14:18 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-11-02 14:18 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-11-02 14:18 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-11-02 14:18 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-11-02 14:16 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-11-02 14:16 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-11-02 14:16 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-11-02 14:16 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-11-02 14:14 - 2015-11-02 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-11-02 14:13 - 2015-11-02 14:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-11-02 14:13 - 2015-11-02 14:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-11-02 14:11 - 2015-08-05 19:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-11-02 14:11 - 2015-08-05 19:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-11-02 14:05 - 2015-09-14 21:45 - 03210240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-02 12:29 - 2015-11-02 12:33 - 00000000 ____D C:\Windows\system32\MRT
2015-11-02 12:29 - 2015-10-02 12:09 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-30 22:26 - 2015-10-30 22:26 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-10-30 22:26 - 2015-10-30 22:26 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-10-30 16:19 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-10-30 16:19 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-10-30 16:19 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-10-30 16:19 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-10-30 16:19 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-10-30 16:19 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-10-30 16:18 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-10-30 16:18 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-10-30 15:45 - 2015-10-30 15:45 - 00000000 ____D C:\Users\Fin- Accounts\Desktop\easyfilebackup 20151030
2015-10-30 15:42 - 2015-10-30 15:42 - 00000975 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e@syFile-employer.lnk
2015-10-30 15:42 - 2015-10-30 15:42 - 00000963 _____ C:\Users\Public\Desktop\e@syFile-employer.lnk
2015-10-30 15:42 - 2015-10-30 15:42 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Roaming\easyFileEmployer.0612E4541602589CA8807A3EA214FDF182FEF49D.1
2015-10-30 15:42 - 2015-10-30 15:42 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Roaming\easyFileEmployer
2015-10-30 15:42 - 2015-10-30 15:42 - 00000000 ____D C:\Program Files (x86)\e@syFile-employer
2015-10-30 15:41 - 2015-11-03 10:53 - 00000000 ____D C:\ProgramData\Oracle
2015-10-30 15:41 - 2015-10-30 15:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-10-30 15:41 - 2015-10-30 15:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-10-30 15:41 - 2015-10-30 15:41 - 00000000 ____D C:\ProgramData\Sun
2015-10-30 15:39 - 2015-11-03 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-30 15:39 - 2015-11-03 11:12 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-30 15:38 - 2015-10-30 15:38 - 00000000 ____D C:\Users\Fin- Accounts\AppData\LocalLow\Sun
2015-10-30 15:32 - 2015-10-30 15:37 - 93995626 ____N C:\Users\Fin- Accounts\Downloads\Setup_EMP_663_WIN.zip
2015-10-30 13:44 - 2015-10-30 13:44 - 00034304 ____N C:\Users\Fin- Accounts\Desktop\Copy of Findata Group Life schedule - October 2015.xls
2015-10-30 12:34 - 2015-11-05 12:35 - 00056436 ____N C:\Users\Fin- Accounts\Desktop\Attendance Register Marike.xlsx
2015-10-30 12:34 - 2015-11-04 10:15 - 00014941 ____N C:\Users\Fin- Accounts\Desktop\Skyscape outstanding payments.xlsx
2015-10-30 11:24 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-10-30 11:24 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-10-30 11:23 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-10-30 11:23 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-10-30 11:23 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-10-30 11:23 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-10-30 11:23 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-10-30 11:23 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-10-30 11:23 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-10-30 11:23 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-10-30 11:23 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-10-30 11:23 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-10-30 11:23 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-10-30 11:23 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-10-30 11:23 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-10-30 11:23 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-10-30 11:21 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-10-30 11:21 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-10-30 11:21 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-10-30 11:21 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-10-30 11:21 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-10-30 11:21 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-10-30 11:21 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-10-30 11:21 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-10-30 11:21 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-10-30 11:21 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-10-30 11:21 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-10-30 11:21 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-10-30 11:21 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-10-30 11:21 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-10-30 11:21 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-10-30 11:21 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-10-30 11:21 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-10-30 11:21 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-10-30 11:20 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-10-30 11:20 - 2014-10-14 04:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-10-30 11:19 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-10-30 11:19 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-10-30 11:19 - 2015-07-22 19:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-10-30 11:19 - 2015-07-22 19:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-10-30 11:19 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-10-30 11:19 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-10-30 11:18 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-10-30 11:18 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-10-30 11:14 - 2015-09-29 05:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-30 11:14 - 2015-09-29 05:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-30 11:14 - 2015-09-29 05:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-30 11:14 - 2015-09-29 05:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-30 11:14 - 2015-09-29 05:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-30 11:14 - 2015-09-29 05:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-30 11:14 - 2015-09-29 05:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-30 11:14 - 2015-09-29 05:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-30 11:14 - 2015-09-29 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-30 11:14 - 2015-09-29 05:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-30 11:14 - 2015-09-29 05:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-30 11:14 - 2015-09-29 05:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-30 11:14 - 2015-09-29 05:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-30 11:14 - 2015-09-29 05:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-30 11:14 - 2015-09-29 05:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-30 11:14 - 2015-09-29 05:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-30 11:14 - 2015-09-29 05:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-30 11:14 - 2015-09-29 05:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-30 11:14 - 2015-09-29 05:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-30 11:14 - 2015-09-29 05:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-30 11:14 - 2015-09-29 05:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-30 11:14 - 2015-09-29 05:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-30 11:14 - 2015-09-29 05:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-30 11:14 - 2015-09-29 05:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-30 11:14 - 2015-09-29 05:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-30 11:14 - 2015-09-29 05:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-30 11:14 - 2015-09-29 05:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-30 11:14 - 2015-09-29 05:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-30 11:14 - 2015-09-29 04:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-30 11:14 - 2015-09-29 04:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-30 11:14 - 2015-09-29 04:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-30 11:14 - 2015-09-29 04:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-30 11:14 - 2015-09-29 04:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-30 11:14 - 2015-09-29 04:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-30 11:14 - 2015-09-29 04:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-30 11:14 - 2015-09-29 04:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-30 11:14 - 2015-09-29 04:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-30 11:14 - 2015-09-29 04:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-30 11:14 - 2015-09-29 04:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-30 11:14 - 2015-09-29 04:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-30 11:14 - 2015-09-29 04:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-30 11:14 - 2015-09-29 04:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-30 11:14 - 2015-09-29 04:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 03:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-30 11:14 - 2015-09-29 03:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-30 11:14 - 2015-09-29 03:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-30 11:14 - 2015-09-29 03:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-30 11:14 - 2015-09-29 03:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-30 11:14 - 2015-09-29 03:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 03:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 03:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-30 11:14 - 2015-09-29 03:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-30 11:14 - 2015-09-15 20:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-30 11:14 - 2015-09-15 20:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-30 11:14 - 2015-09-15 20:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-30 11:14 - 2015-09-15 20:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-30 11:14 - 2015-09-15 20:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-30 11:14 - 2015-09-15 20:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-30 11:14 - 2015-09-15 20:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-30 11:14 - 2015-09-15 20:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-30 11:14 - 2015-09-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-30 11:14 - 2015-09-15 19:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-30 11:14 - 2015-09-15 19:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-30 11:14 - 2015-09-15 19:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-30 11:14 - 2015-09-15 19:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-30 11:14 - 2015-06-03 22:17 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-10-30 11:14 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-10-30 11:14 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-10-30 11:14 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-10-30 11:14 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-10-30 11:14 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-10-30 11:14 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-10-30 11:14 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-10-30 11:14 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-10-30 11:13 - 2015-10-01 20:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-30 11:13 - 2015-10-01 20:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-30 11:13 - 2015-10-01 20:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-30 11:13 - 2015-10-01 20:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-30 11:13 - 2015-10-01 20:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-30 11:13 - 2015-10-01 20:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-30 11:13 - 2015-10-01 20:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-30 11:13 - 2015-10-01 19:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-30 11:13 - 2015-10-01 19:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-30 11:13 - 2015-06-03 22:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-10-30 11:13 - 2015-06-03 22:16 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-30 11:13 - 2015-06-03 22:16 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-10-30 11:13 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-10-30 11:13 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-10-30 11:12 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-10-30 11:12 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-10-30 11:12 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-10-30 11:12 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-10-30 11:12 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-10-30 11:12 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-10-30 11:12 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-10-30 11:12 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-10-30 11:12 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-10-30 11:12 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-10-30 11:12 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-10-30 11:12 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-10-30 11:11 - 2014-11-26 05:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-10-30 11:11 - 2014-11-26 05:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-10-30 11:10 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-10-30 11:10 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-10-30 11:10 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-10-30 11:10 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-10-30 11:10 - 2014-11-11 05:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-10-30 11:10 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-10-30 11:09 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-10-30 11:09 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-10-30 11:09 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-10-30 11:09 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-10-30 11:09 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-10-30 10:54 - 2015-09-02 05:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-10-30 10:54 - 2015-09-02 05:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-10-30 10:54 - 2015-09-02 05:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-10-30 10:54 - 2015-09-02 05:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-10-30 10:54 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-10-30 10:54 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-10-30 10:54 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-10-30 10:54 - 2015-09-02 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-10-30 10:54 - 2015-09-02 03:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-10-30 10:54 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-10-30 10:27 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-10-30 10:27 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-10-30 09:43 - 2015-10-30 09:43 - 00000000 ____N C:\Users\Fin- Accounts\Sti_Trace.log
2015-10-29 12:18 - 2015-10-29 12:18 - 00000000 ____D C:\Users\Fin- Accounts\Tracing
2015-10-29 12:17 - 2015-11-05 15:56 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Roaming\Skype
2015-10-29 12:17 - 2015-10-29 12:17 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-29 12:17 - 2015-10-29 12:17 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\Skype
2015-10-29 12:17 - 2015-10-29 12:17 - 00000000 ____D C:\ProgramData\Skype
2015-10-29 12:17 - 2015-10-29 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-29 11:37 - 2015-10-30 15:24 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\CutePDF Writer
2015-10-29 11:36 - 2015-10-29 11:36 - 00003328 _____ C:\Windows\System32\Tasks\{A6A7A6C3-CF63-4927-8DCD-67A1B5BFB29B}
2015-10-29 11:36 - 2015-10-29 11:36 - 00000000 ____D C:\Program Files (x86)\GPLGS
2015-10-29 11:33 - 2015-10-29 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2015-10-29 11:33 - 2015-10-29 11:33 - 00000000 ____D C:\Program Files (x86)\Acro Software
2015-10-29 11:33 - 2013-10-23 15:24 - 00087600 _____ C:\Windows\system32\cpwmon64.dll
2015-10-29 11:32 - 2015-10-29 11:32 - 02446176 _____ (Acro Software Inc. ) C:\Users\Fin- Accounts\Downloads\CuteWriter.exe
2015-10-29 11:25 - 2015-10-29 11:25 - 00000000 ___RD C:\Users\Fin- Accounts\AppData\Roaming\Brother
2015-10-29 11:25 - 2015-10-29 11:25 - 00000000 ____D C:\Users\Fin- Accounts\AppData\LocalLow\Brother
2015-10-29 11:22 - 2015-10-29 11:22 - 00000000 ____D C:\Users\Fin- Accounts\AppData\LocalLow\Adobe
2015-10-29 11:22 - 2015-10-29 11:22 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\CEF
2015-10-29 11:20 - 2015-10-29 11:23 - 46817920 ____N (Skype Technologies S.A.) C:\Users\Fin- Accounts\Downloads\SkypeSetupFull.exe
2015-10-29 11:12 - 2015-10-29 11:47 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\Mozilla
2015-10-29 11:12 - 2015-10-29 11:12 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Roaming\Mozilla
2015-10-29 11:01 - 2015-10-29 11:03 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\Google
2015-10-29 11:01 - 2015-10-29 11:01 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\Deployment
2015-10-29 11:01 - 2015-10-29 11:01 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\Apps\2.0
2015-10-29 10:46 - 2015-10-30 12:22 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-29 10:45 - 2015-11-02 11:19 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-29 10:45 - 2015-10-30 15:42 - 00000000 ____D C:\ProgramData\Adobe
2015-10-29 10:45 - 2015-10-30 15:41 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-29 10:41 - 2015-11-05 15:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-29 10:41 - 2015-11-03 10:57 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-29 10:41 - 2015-11-03 10:57 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-29 10:41 - 2015-11-03 10:57 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-29 10:41 - 2015-10-29 10:41 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-10-29 10:41 - 2015-10-29 10:41 - 00000000 ____D C:\Windows\system32\Macromed
2015-10-29 10:40 - 2015-11-03 10:57 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\Adobe
2015-10-29 10:34 - 2015-10-29 10:34 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\Sage_South_Africa
2015-10-29 10:00 - 2015-06-23 12:30 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-10-29 09:57 - 2015-10-29 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pervasive
2015-10-29 09:57 - 2015-10-29 09:57 - 00000000 ____D C:\Program Files (x86)\Pervasive Software
2015-10-29 09:56 - 2015-11-04 12:43 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\CrashDumps
2015-10-29 09:38 - 2015-10-29 10:33 - 00000000 ____D C:\Payroll - Copy
2015-10-29 09:36 - 2015-10-29 10:33 - 00000000 ____D C:\Payroll
2015-10-29 09:33 - 2015-11-05 09:41 - 00000000 ____D C:\Pastel14
2015-10-29 09:33 - 2015-11-04 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage Pastel
2015-10-29 09:30 - 2015-10-29 10:32 - 00000000 ____D C:\Pastel12.old2
2015-10-29 09:30 - 2015-10-29 10:18 - 00000519 _____ C:\Windows\ODBCINST.INI
2015-10-29 09:29 - 2015-10-29 09:29 - 00000000 ____D C:\ProgramData\Pervasive Software
2015-10-29 09:28 - 2015-11-04 12:26 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\Sage Connected Services
2015-10-29 09:28 - 2015-11-04 12:25 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2015-10-29 09:28 - 2015-11-04 12:25 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-10-29 09:28 - 2015-10-29 09:28 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2015-10-29 09:28 - 2015-10-29 09:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2015-10-29 09:27 - 2015-11-04 12:26 - 00000000 ____D C:\ProgramData\Sage Installations
2015-10-29 09:27 - 2015-11-04 10:17 - 00001945 _____ C:\Windows\epplauncher.mif
2015-10-29 09:26 - 2015-10-29 09:26 - 14243008 ____N (Microsoft Corporation) C:\Users\Fin- Accounts\Downloads\mseinstall.exe
2015-10-29 09:24 - 2015-10-29 10:30 - 00000000 ____D C:\Pastel12.old
2015-10-29 09:24 - 2015-10-29 09:24 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Roaming\ControlCenter4
2015-10-29 09:24 - 2015-10-29 09:24 - 00000000 ____D C:\Users\ADMINI~1
2015-10-29 09:18 - 2015-10-29 10:28 - 00000000 ____D C:\Pastel12
2015-10-29 09:18 - 2015-10-29 09:19 - 00000348 _____ C:\Windows\BRRBCOM.INI
2015-10-29 09:18 - 2013-12-20 07:53 - 00136456 _____ (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE
2015-10-29 09:18 - 2013-12-20 07:53 - 00000050 _____ C:\Windows\system32\BRADC12A.DAT
2015-10-29 09:17 - 2015-10-29 09:17 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Roaming\Macromedia
2015-10-29 09:14 - 2015-10-29 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-10-29 09:13 - 2015-10-29 09:13 - 00000093 _____ C:\Windows\brpcfx.ini
2015-10-29 09:13 - 2015-10-29 09:13 - 00000024 _____ C:\Windows\Brpfx04a.ini
2015-10-29 09:12 - 2015-10-29 09:18 - 00000000 ____D C:\Program Files (x86)\Browny02
2015-10-29 09:12 - 2015-10-29 09:18 - 00000000 ____D C:\Program Files (x86)\Brother
2015-10-29 09:12 - 2015-10-29 09:12 - 00000066 _____ C:\Windows\Brfaxrx.ini
2015-10-29 09:12 - 2015-10-29 09:12 - 00000000 ____D C:\Users\Public\Documents\BrFaxRx
2015-10-29 09:12 - 2015-10-29 09:12 - 00000000 ____D C:\ProgramData\PCFaxTx
2015-10-29 09:12 - 2015-10-29 09:12 - 00000000 ____D C:\ProgramData\ControlCenter4
2015-10-29 09:12 - 2015-10-29 09:12 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2015-10-29 09:12 - 2015-10-29 09:12 - 00000000 ____D C:\Brother
2015-10-29 09:12 - 2012-07-26 05:07 - 00054272 _____ (Brother Industries,Ltd) C:\Windows\system32\Brnsplg.dll
2015-10-29 09:12 - 2012-07-25 09:44 - 00084480 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrNetSti.dll
2015-10-29 09:12 - 2012-07-25 08:43 - 01441280 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrWi211c.dll
2015-10-29 09:12 - 2012-07-11 18:05 - 00221184 _____ (Brother Industries, Ltd.) C:\Windows\system32\BRCOMB1A.DLL
2015-10-29 09:12 - 2012-07-09 17:19 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll
2015-10-29 09:12 - 2012-06-05 08:59 - 00025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
2015-10-29 09:12 - 2012-03-19 13:09 - 00245760 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll
2015-10-29 09:12 - 2012-03-19 06:09 - 00316928 _____ (brother) C:\Windows\system32\NSSRH64.dll
2015-10-29 09:12 - 2011-11-25 13:09 - 00312832 ____N (Brother Industries, Ltd.) C:\Windows\system32\BrFaxTxAppRun64.dll
2015-10-29 09:12 - 2011-04-28 05:58 - 00278528 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrJDec.dll
2015-10-29 09:12 - 2011-02-04 07:00 - 00058880 _____ (Brother Industries,Ltd.) C:\Windows\system32\BrWiaNCp.dll
2015-10-29 09:12 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll
2015-10-29 09:12 - 2010-02-05 04:42 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2015-10-29 09:12 - 2007-12-13 22:16 - 00005120 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll
2015-10-29 09:12 - 2005-04-22 06:36 - 00143360 _____ C:\Windows\system32\BrSNMP64.dll
2015-10-29 09:12 - 2005-01-17 09:10 - 00045056 _____ C:\Windows\SysWOW64\BRTCPCON.DLL
2015-10-29 09:12 - 2004-08-09 09:00 - 00000114 _____ C:\Windows\SysWOW64\BRLMW03A.INI
2015-10-29 09:12 - 2004-08-09 08:42 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
2015-10-29 09:12 - 1999-10-26 18:00 - 00000050 _____ C:\Windows\system32\BRADM11A.DAT
2015-10-29 09:11 - 2015-10-29 09:13 - 00000000 ____D C:\ProgramData\Brother
2015-10-29 09:11 - 2015-10-29 09:11 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Roaming\InstallShield
2015-10-29 09:10 - 2015-10-29 09:10 - 00000000 ____D C:\Users\Fin- Accounts\Downloads\install
2015-10-29 09:10 - 2015-06-29 10:29 - 121638360 ____N (A.I.SOFT,INC.) C:\Users\Fin- Accounts\Downloads\MFC-8950DW-inst-B1-eu.EXE
2015-10-29 09:07 - 2015-10-29 10:26 - 00000000 ____D C:\Pastel11
2015-10-29 09:07 - 2015-10-29 10:22 - 00000000 ____D C:\EXCELLEN
2015-10-29 09:07 - 2014-08-25 15:36 - 00000000 ____D C:\Payroll.old
2015-10-29 09:01 - 2015-10-29 09:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-10-29 09:00 - 2015-10-30 22:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2015-10-29 08:59 - 2015-10-29 08:59 - 00000000 ____D C:\Windows\PCHEALTH
2015-10-29 08:59 - 2015-10-29 08:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2015-10-29 08:57 - 2015-10-29 08:57 - 00000000 ____D C:\Program Files\Microsoft Office
2015-10-29 08:57 - 2015-10-29 08:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-10-29 08:56 - 2015-11-02 12:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-29 08:56 - 2015-10-29 08:56 - 00000000 __RHD C:\MSOCache
2015-10-29 08:56 - 2015-10-29 08:56 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\Microsoft Help
2015-10-29 08:56 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-29 08:56 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-29 08:56 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-29 08:56 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-29 08:56 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-29 08:56 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-29 08:56 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-29 08:56 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-29 08:56 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-29 08:56 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-29 08:56 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-29 08:56 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-29 08:56 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-29 08:56 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-29 08:54 - 2015-10-30 09:42 - 00000000 ____D C:\Users\Fin- Accounts\Documents\Bluetooth Folder
2015-10-29 08:54 - 2015-10-29 08:54 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Roaming\Atheros
2015-10-29 08:54 - 2015-10-29 08:54 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\Conexant
2015-10-29 08:54 - 2015-10-29 08:54 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\BMExplorer
2015-10-29 08:53 - 2015-11-04 08:54 - 00110032 _____ C:\Users\Fin- Accounts\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-29 08:53 - 2015-11-03 10:06 - 00000000 ____D C:\Users\Fin- Accounts
2015-10-29 08:53 - 2015-10-30 15:42 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Roaming\Adobe
2015-10-29 08:53 - 2015-10-29 08:53 - 00000196 _____ C:\Windows\FixPatch.log
2015-10-29 08:53 - 2015-10-29 08:53 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-10-29 08:53 - 2015-10-29 08:53 - 00000020 ___SH C:\Users\Fin- Accounts\ntuser.ini
2015-10-29 08:53 - 2015-10-29 08:53 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\VirtualStore
2015-10-29 08:53 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\Fin- Accounts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-29 08:53 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\Fin- Accounts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-05 15:38 - 2015-08-21 10:43 - 00077037 _____ C:\Windows\SysWOW64\Gms.log
2015-11-05 15:33 - 2009-07-14 06:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-05 15:33 - 2009-07-14 06:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-05 15:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-11-05 13:15 - 2015-08-21 10:41 - 01145203 _____ C:\Windows\WindowsUpdate.log
2015-11-05 12:12 - 2011-02-19 14:11 - 00403946 _____ C:\Windows\system32\prfh0804.dat
2015-11-05 12:12 - 2011-02-19 14:11 - 00130460 _____ C:\Windows\system32\prfc0804.dat
2015-11-05 12:12 - 2011-02-19 14:04 - 00421018 _____ C:\Windows\system32\prfh0404.dat
2015-11-05 12:12 - 2011-02-19 14:04 - 00125958 _____ C:\Windows\system32\prfc0404.dat
2015-11-05 12:12 - 2011-02-19 13:55 - 00765452 _____ C:\Windows\system32\perfh00A.dat
2015-11-05 12:12 - 2011-02-19 13:55 - 00169342 _____ C:\Windows\system32\perfc00A.dat
2015-11-05 12:12 - 2011-02-19 13:45 - 00676678 _____ C:\Windows\system32\perfh01F.dat
2015-11-05 12:12 - 2011-02-19 13:45 - 00150868 _____ C:\Windows\system32\perfc01F.dat
2015-11-05 12:12 - 2011-02-19 13:40 - 00765712 _____ C:\Windows\system32\perfh00C.dat
2015-11-05 12:12 - 2011-02-19 13:40 - 00499010 _____ C:\Windows\system32\perfh001.dat
2015-11-05 12:12 - 2011-02-19 13:40 - 00160448 _____ C:\Windows\system32\perfc00C.dat
2015-11-05 12:12 - 2011-02-19 13:40 - 00105640 _____ C:\Windows\system32\perfc001.dat
2015-11-05 12:12 - 2011-02-19 13:34 - 00733876 _____ C:\Windows\system32\prfh0416.dat
2015-11-05 12:12 - 2011-02-19 13:34 - 00158524 _____ C:\Windows\system32\prfc0416.dat
2015-11-05 12:12 - 2009-07-14 07:13 - 05773322 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-05 12:02 - 2015-08-21 11:05 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2015-11-05 12:02 - 2015-08-21 11:05 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2015-11-05 08:35 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-05 08:35 - 2009-07-14 06:51 - 00057339 _____ C:\Windows\setupact.log
2015-11-04 14:30 - 2015-08-21 10:48 - 00291604 ____N C:\Users\Public\CAFADEBUG.log
2015-11-04 10:47 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-11-04 10:01 - 2014-03-28 05:40 - 00195846 _____ C:\Windows\PFRO.log
2015-11-04 08:50 - 2009-07-14 06:45 - 00406672 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-03 12:35 - 2015-08-21 11:02 - 00000000 __SHD C:\farston
2015-11-03 12:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2015-11-03 12:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-11-03 12:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2015-11-03 12:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2015-11-03 12:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2015-11-03 12:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-11-03 12:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\th-TH
2015-11-03 12:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\ar-SA
2015-11-03 12:23 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-11-03 12:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-11-03 10:21 - 2014-03-28 06:07 - 05746248 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-02 14:27 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-02 14:21 - 2011-02-19 14:04 - 00000000 ____D C:\Windows\system32\Drivers\zh-HK
2015-11-02 14:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-02 12:56 - 2011-02-19 13:45 - 00000000 ____D C:\Windows\system32\Drivers\tr-TR
2015-11-02 12:56 - 2011-02-19 13:40 - 00000000 ____D C:\Windows\system32\Drivers\ar-SA
2015-11-02 12:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-11-02 12:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2015-11-02 12:26 - 2014-03-28 06:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-02 12:20 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2015-11-02 09:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2015-11-02 09:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-11-02 09:57 - 2009-07-14 09:47 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-02 09:57 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-11-02 08:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-10-30 08:49 - 2015-08-21 11:17 - 00000000 ____D C:\Windows\System32\Tasks\Intel® Small Business Advantage
2015-10-29 09:18 - 2015-08-21 10:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-29 09:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-10-29 08:59 - 2009-07-14 09:46 - 00000000 ____D C:\Windows\ShellNew
2015-10-29 08:58 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-10-29 08:55 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\restore
2015-10-29 08:54 - 2015-08-21 10:56 - 00000000 ____D C:\ProgramData\Atheros
2015-10-29 08:53 - 2014-03-28 06:08 - 04271694 _____ C:\Windows\AsDebug.log
2015-10-29 08:53 - 2011-02-18 23:05 - 00917868 _____ C:\Windows\AsCDProc.log
2015-10-29 08:53 - 2009-07-29 08:00 - 00000000 ____D C:\Windows\Log

==================== Files in the root of some directories =======

2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Fin- Accounts\AppData\Roaming\tpcOKgFosvm9L9zF2nwNsO
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\Fin- Accounts\AppData\Roaming\tpcOKgFosvm9L9zF2nwNsO.exe
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Fin- Accounts\AppData\Roaming\Wqk9orMnD1TBq5UG
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Fin- Accounts\AppData\Roaming\Wqk9orMnD1TBq5UG.exe
2014-03-28 06:08 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-03-28 06:08 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-03-28 06:08 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2009-07-29 08:01 - 2009-07-28 20:31 - 0000223 _____ () C:\ProgramData\SetWallpaper.cmd
2009-07-29 08:01 - 2009-07-23 03:04 - 0024576 _____ () C:\ProgramData\SetWallpaper.exe
2015-11-03 12:07 - 2015-11-04 09:25 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\SetWallpaper.cmd
C:\ProgramData\SetWallpaper.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Some files in TEMP:
====================
C:\Users\Fin- Accounts\AppData\Local\Temp\5322.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\9200.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\AdobeAIRInstaller.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\autorun.dll
C:\Users\Fin- Accounts\AppData\Local\Temp\easyFile-employer.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\IQIYIsetup_spl004@kb037.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\jre-7u67-windows-i586.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\ose00000.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\qqpcmgr_v10.7.16066.216_71821_Silence.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\sdm0ejor.cld.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\tu17p84.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\V8._85746_20150906131148.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\_isB625.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-05 10:21

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 05 November 2015 - 10:16 PM

Hello marikep and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
   
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 

Are you still with us?
 
Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 marikep

marikep
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 06 November 2015 - 03:18 AM

Hi,

 

Yes, I am still with you.  Thank you for helping me, I really appreciate it.

 

Kind regards

Marike



#4 olgun52

olgun52

  • Malware Response Team
  • 3,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 06 November 2015 - 09:53 AM

Hi marikep,
 

Please do the following,

Attention: should be do  in order

 

Uninstall some programs:
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • Compatible Web Directory
  • baidu
  • ShopperPro
  • globalUpdate
  • MyBrowser
  • istartsurf.com
  • qone8
  • oursurfing.com
  • YTDownloader
  • C:\Program Files (x86)\YTDownloader
  • C:\Program Files (x86)\MyBrowser
  • C:\Program Files (x86)\globalUpdate
  • C:\Program Files (x86)\ShopperPro
  • C:\Program Files (x86)\baidu

 

After completing uninstalls, please manually reboot your machine!

:step1:    If you get the message like: An error occurred while trying to uninstall, just press Yes.
:step2:    If you are unable to uninstall all programs, please inform me, but continue with other steps.

 

 İMPORTANT: Pc restart.

 

 

Step 1:
FRST Script:
Please download this attached Attached File  Fixlist.txt   11.18KB   3 downloads   and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

icon_zps423a0d9f.jpgPlease download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 5:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 marikep

marikep
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 06 November 2015 - 02:47 PM

Hi Yilmaz,

 

Thank you for your response.

 

With regards to the list of programs that needed to be uninstalled:

 

The list of programs to uninstall:

  • Compatible Web Directory  -  got an error message, but it I could delete this
  • baidu  -  did not find this on the list, so could not delete it
  • ShopperPro  -  did not find this on the list, so could not delete it
  • globalUpdate  -  did not find this on the list, so could not delete it
  • MyBrowser  -  did not find this on the list, so could not delete it
  • istartsurf.com  -  did not find this on the list, so could not delete it
  • qone8  -  did not find this on the list, so could not delete it
  • oursurfing.com  -  did not find this on the list, so could not delete it
  • YTDownloader  -  did not find this on the list, so could not delete it
  • C:\Program Files (x86)\YTDownloader  -  did not find this on the list, so could not delete it
  • C:\Program Files (x86)\MyBrowser - deleted
  • C:\Program Files (x86)\globalUpdate - deleted
  • C:\Program Files (x86)\ShopperPro - deleted
  • C:\Program Files (x86)\baidu - cannot delete

 

Step 1:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by Fin- Accounts (2015-11-06 20:29:01) Run:1
Running from C:\Users\Fin- Accounts\Downloads
Loaded Profiles: Fin- Accounts (Available Profiles: Fin- Accounts)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88\hnspBAC8.tmp
C:\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88\jnsk8381.tmp
R2 fofolygu; C:\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88\hnspBAC8.tmp [602112 2015-11-03] () [File not signed]
R2 kyricobe; C:\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88\jnsk8381.tmp [225280 2015-11-03] () [File not signed]
C:\Users\Fin- Accounts\AppData\Local\23845D4A-1446629175-434D-812D-B1BB2F3EED88
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-03 11:38 - 2015-11-05 11:38 - 00001048 _____ C:\Windows\Tasks\tpcOKgFosvm9L9zF2nwNsO.job
2015-11-03 11:38 - 2015-11-05 11:38 - 00001036 _____ C:\Windows\Tasks\Wqk9orMnD1TBq5UG.job
2015-11-03 11:38 - 2015-11-03 11:38 - 00004104 _____ C:\Windows\System32\Tasks\tpcOKgFosvm9L9zF2nwNsO
2015-11-03 11:38 - 2015-11-03 11:38 - 00004092 _____ C:\Windows\System32\Tasks\Wqk9orMnD1TBq5UG
2015-11-03 11:37 - 2015-11-03 12:13 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130910167943260956&GUID=396EFCC4-0F9C-48EC-8975-C45372BC6872
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130910167943285956&GUID=396EFCC4-0F9C-48EC-8975-C45372BC6872
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1446542904&z=251be2344b26ef3261693e1gcz0z7q6wdzdoateeaz&from=amt&uid=hgstxhts545050a7e680_rb050am500nwxp00nwxpx&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1446542904&z=251be2344b26ef3261693e1gcz0z7q6wdzdoateeaz&from=amt&uid=hgstxhts545050a7e680_rb050am500nwxp00nwxpx&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1446542904&z=251be2344b26ef3261693e1gcz0z7q6wdzdoateeaz&from=amt&uid=hgstxhts545050a7e680_rb050am500nwxp00nwxpx
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1446542904&z=251be2344b26ef3261693e1gcz0z7q6wdzdoateeaz&from=amt&uid=hgstxhts545050a7e680_rb050am500nwxp00nwxpx
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1446542904&z=251be2344b26ef3261693e1gcz0z7q6wdzdoateeaz&from=amt&uid=hgstxhts545050a7e680_rb050am500nwxp00nwxpx&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1446542904&z=251be2344b26ef3261693e1gcz0z7q6wdzdoateeaz&from=amt&uid=hgstxhts545050a7e680_rb050am500nwxp00nwxpx&q={searchTerms}
HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1446542904&z=251be2344b26ef3261693e1gcz0z7q6wdzdoateeaz&from=amt&uid=hgstxhts545050a7e680_rb050am500nwxp00nwxpx
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1152905624-1930229052-3158680621-1000 -> DefaultScope {509B360C-3E1C-45F0-9BBB-7006221BF1AC} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1152905624-1930229052-3158680621-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1152905624-1930229052-3158680621-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1152905624-1930229052-3158680621-1000 -> {509B360C-3E1C-45F0-9BBB-7006221BF1AC} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1446545133&z=bfde88bfe9c0889f8f6fb4eg5z5zcq6wbzez3b9q8t&from=face&uid=HGSTXHTS545050A7E680_RB050AM500NWXP00NWXPX
FF ProfilePath: C:\Users\Fin- Accounts\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default
FF NewTab: hxxp://www.istartsurf.com/newtab/?type=nt&ts=1446545133&z=bfde88bfe9c0889f8f6fb4eg5z5zcq6wbzez3b9q8t&from=face&uid=HGSTXHTS545050A7E680_RB050AM500NWXP00NWXPX
FF DefaultSearchEngine: oursurfing
FF Homepage: about:home
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin HKU\S-1-5-21-1152905624-1930229052-3158680621-1000: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF SearchPlugin: C:\Users\Fin- Accounts\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default\searchplugins\oursurfing.xml [2015-11-03]
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=1446545133&z=bfde88bfe9c0889f8f6fb4eg5z5zcq6wbzez3b9q8t&from=face&uid=HGSTXHTS545050A7E680_RB050AM500NWXP00NWXPX
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1446545133&z=bfde88bfe9c0889f8f6fb4eg5z5zcq6wbzez3b9q8t&from=face&uid=HGSTXHTS545050A7E680_RB050AM500NWXP00NWXPX"
CHR Profile: C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
C:\Users\Fin- Accounts\AppData\Roaming\istartsurf
C:\Program Files (x86)\MyBrowser
C:\Program Files (x86)\globalUpdate
2015-11-03 11:33 - 2015-11-03 11:33 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\globalUpdate
2015-11-03 11:32 - 2015-11-05 08:50 - 00000000 ____D C:\Program Files\Common Files\ShopperPro
2015-11-03 11:32 - 2015-11-03 11:33 - 00000000 ____D C:\Program Files (x86)\ShopperPro
2015-11-03 11:32 - 2015-11-03 11:32 - 00004280 _____ C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333039383136393038332d324a574123346c2a556c2a5a
2015-11-03 11:32 - 2015-11-03 11:32 - 00003598 _____ C:\Windows\System32\Tasks\ShopperProJSUpd
2015-11-03 11:32 - 2015-11-03 11:32 - 00000000 ____D C:\Users\Public\Documents\ShopperPro
2015-11-03 11:32 - 2015-11-03 11:32 - 00000000 ____D C:\ProgramData\ShopperPro
2015-11-03 11:31 - 2015-11-05 14:02 - 00000000 ____D C:\Users\Fin- Accounts\AppData\Local\23845D4A-1446550306-434D-812D-B1BB2F3EED88
2015-11-03 11:31 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-11-03 11:30 - 2015-11-05 12:01 - 00000000 ____D C:\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88
C:\Users\Fin- Accounts\AppData\Roaming\RunDir
C:\Users\Fin- Accounts\AppData\Roaming\IQIYI Video
C:\Program Files (x86)\baidu
C:\Users\Fin- Accounts\AppData\Roaming\easyFileEmployer
C:\Program Files (x86)\baidu\pps.exe
HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\...\Run: [apphide] => C:\Program Files (x86)\baidu\pps.exe [77824 2015-10-21] ()
C:\Users\Fin- Accounts\AppData\Roaming\Skype
C:\Users\Fin- Accounts\AppData\Roaming\Brother
C:\Users\Fin- Accounts\AppData\Roaming\Macromedia
C:\Users\Fin- Accounts\AppData\Roaming\InstallShield
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Fin- Accounts\AppData\Roaming\tpcOKgFosvm9L9zF2nwNsO
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\Fin- Accounts\AppData\Roaming\tpcOKgFosvm9L9zF2nwNsO.exe
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Fin- Accounts\AppData\Roaming\Wqk9orMnD1TBq5UG
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Fin- Accounts\AppData\Roaming\Wqk9orMnD1TBq5UG.exe
{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Fin- Accounts\AppData\Local\Temp\5322.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\9200.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\AdobeAIRInstaller.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\autorun.dll
C:\Users\Fin- Accounts\AppData\Local\Temp\easyFile-employer.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\IQIYIsetup_spl004@kb037.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\jre-7u67-windows-i586.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\ose00000.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\qqpcmgr_v10.7.16066.216_71821_Silence.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\sdm0ejor.cld.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\tu17p84.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\V8._85746_20150906131148.exe
C:\Users\Fin- Accounts\AppData\Local\Temp\_isB625.exe
Compatible Web Directory (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Compatible Web Directory) <==== ATTENTION
Task: {1293C8EC-B92C-431B-9094-634CAF95DE4B} - System32\Tasks\tpcOKgFosvm9L9zF2nwNsO => C:\Users\Fin- Accounts\AppData\Roaming\tpcOKgFosvm9L9zF2nwNsO.exe [2015-04-20] () <==== ATTENTION
Task: {1B97478B-D477-40F4-8348-183326EE7D2C} - System32\Tasks\Wqk9orMnD1TBq5UG => C:\Users\Fin- Accounts\AppData\Roaming\Wqk9orMnD1TBq5UG.exe [2015-04-20] () <==== ATTENTION
Task: {702C47AD-C01A-43C8-B8D5-0B571C48A091} - System32\Tasks\SPBIW_UpdateTask_Time_333039383136393038332d324a574123346c2a556c2a5a => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {D66BB27A-0EE7-4215-9484-FBFE56081263} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\tpcOKgFosvm9L9zF2nwNsO.job => C:\Users\Fin- Accounts\AppData\Roaming\tpcOKgFosvm9L9zF2nwNsO.exe <==== ATTENTION
Task: C:\Windows\Tasks\Wqk9orMnD1TBq5UG.job => C:\Users\Fin- Accounts\AppData\Roaming\Wqk9orMnD1TBq5UG.exe <==== ATTENTION
2015-11-03 11:30 - 2015-11-03 11:31 - 00602112 _____ () C:\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88\hnspBAC8.tmp
2015-11-03 11:30 - 2015-11-03 11:30 - 00225280 _____ () C:\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88\jnsk8381.tmp
C:\Program Files (x86)\baidu\pps.exe
cmd: netsh winsock reset
EmptyTemp:
Hosts:
Reboot:
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88\hnspBAC8.tmp => moved successfully
C:\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88\jnsk8381.tmp => moved successfully
fofolygu => service removed successfully
kyricobe => service removed successfully
C:\Users\Fin- Accounts\AppData\Local\23845D4A-1446629175-434D-812D-B1BB2F3EED88 => moved successfully
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully
C:\Windows\Tasks\tpcOKgFosvm9L9zF2nwNsO.job => moved successfully
C:\Windows\Tasks\Wqk9orMnD1TBq5UG.job => moved successfully
C:\Windows\System32\Tasks\tpcOKgFosvm9L9zF2nwNsO => moved successfully
C:\Windows\System32\Tasks\Wqk9orMnD1TBq5UG => moved successfully
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value removed successfully
HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
"HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{509B360C-3E1C-45F0-9BBB-7006221BF1AC}" => key removed successfully
HKCR\CLSID\{509B360C-3E1C-45F0-9BBB-7006221BF1AC} => key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
FF ProfilePath: C:\Users\Fin- Accounts\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default => FRST is scripted not to move this directory.
Firefox "newtab" removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox "homepage" removed successfully
"HKLM\Software\MozillaPlugins\@iqiyi.com/npWebPlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@iqiyi.com/npWebPlayer" => key removed successfully
"HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\Software\MozillaPlugins\@iqiyi.com/npWebPlayer" => key removed successfully
C:\IQIYI Video\LStyle\npWebPlayer.dll => not found.
C:\Users\Fin- Accounts\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default\searchplugins\oursurfing.xml => moved successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
CHR Profile: C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default => Error: No automatic fix found for this entry.
C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => key removed successfully
C:\Users\Fin- Accounts\AppData\Roaming\istartsurf => moved successfully
"C:\Program Files (x86)\MyBrowser" => not found.
"C:\Program Files (x86)\globalUpdate" => not found.
C:\Users\Fin- Accounts\AppData\Local\globalUpdate => moved successfully
C:\Program Files\Common Files\ShopperPro => moved successfully
"C:\Program Files (x86)\ShopperPro" => not found.
C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333039383136393038332d324a574123346c2a556c2a5a => moved successfully
C:\Windows\System32\Tasks\ShopperProJSUpd => moved successfully
C:\Users\Public\Documents\ShopperPro => moved successfully
C:\ProgramData\ShopperPro => moved successfully
C:\Users\Fin- Accounts\AppData\Local\23845D4A-1446550306-434D-812D-B1BB2F3EED88 => moved successfully
C:\Windows\system32\Drivers\etc\hp.bak => moved successfully
C:\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88 => moved successfully
C:\Users\Fin- Accounts\AppData\Roaming\RunDir => moved successfully
C:\Users\Fin- Accounts\AppData\Roaming\IQIYI Video => moved successfully
C:\Program Files (x86)\baidu => moved successfully
C:\Users\Fin- Accounts\AppData\Roaming\easyFileEmployer => moved successfully
"C:\Program Files (x86)\baidu\pps.exe" => not found.
HKU\S-1-5-21-1152905624-1930229052-3158680621-1000\Software\Microsoft\Windows\CurrentVersion\Run\\apphide => value removed successfully
C:\Users\Fin- Accounts\AppData\Roaming\Skype => moved successfully
C:\Users\Fin- Accounts\AppData\Roaming\Brother => moved successfully
C:\Users\Fin- Accounts\AppData\Roaming\Macromedia => moved successfully
C:\Users\Fin- Accounts\AppData\Roaming\InstallShield => moved successfully
C:\Users\Fin- Accounts\AppData\Roaming\tpcOKgFosvm9L9zF2nwNsO => moved successfully
C:\Users\Fin- Accounts\AppData\Roaming\tpcOKgFosvm9L9zF2nwNsO.exe => moved successfully
C:\Users\Fin- Accounts\AppData\Roaming\Wqk9orMnD1TBq5UG => moved successfully
C:\Users\Fin- Accounts\AppData\Roaming\Wqk9orMnD1TBq5UG.exe => moved successfully
{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => Error: No automatic fix found for this entry.
C:\Users\Fin- Accounts\AppData\Local\Temp\5322.exe => moved successfully
C:\Users\Fin- Accounts\AppData\Local\Temp\9200.exe => moved successfully
C:\Users\Fin- Accounts\AppData\Local\Temp\AdobeAIRInstaller.exe => moved successfully
C:\Users\Fin- Accounts\AppData\Local\Temp\autorun.dll => moved successfully
C:\Users\Fin- Accounts\AppData\Local\Temp\easyFile-employer.exe => moved successfully
C:\Users\Fin- Accounts\AppData\Local\Temp\IQIYIsetup_spl004@kb037.exe => moved successfully
C:\Users\Fin- Accounts\AppData\Local\Temp\jre-7u67-windows-i586.exe => moved successfully
C:\Users\Fin- Accounts\AppData\Local\Temp\Opera_NI_stable.exe => moved successfully
C:\Users\Fin- Accounts\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\Fin- Accounts\AppData\Local\Temp\qqpcmgr_v10.7.16066.216_71821_Silence.exe => moved successfully
C:\Users\Fin- Accounts\AppData\Local\Temp\sdm0ejor.cld.exe => moved successfully
C:\Users\Fin- Accounts\AppData\Local\Temp\tu17p84.exe => moved successfully
C:\Users\Fin- Accounts\AppData\Local\Temp\V8._85746_20150906131148.exe => moved successfully
C:\Users\Fin- Accounts\AppData\Local\Temp\_isB625.exe => moved successfully
Compatible Web Directory (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Compatible Web Directory) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1293C8EC-B92C-431B-9094-634CAF95DE4B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1293C8EC-B92C-431B-9094-634CAF95DE4B}" => key removed successfully
C:\Windows\System32\Tasks\tpcOKgFosvm9L9zF2nwNsO => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\tpcOKgFosvm9L9zF2nwNsO" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1B97478B-D477-40F4-8348-183326EE7D2C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B97478B-D477-40F4-8348-183326EE7D2C}" => key removed successfully
C:\Windows\System32\Tasks\Wqk9orMnD1TBq5UG => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wqk9orMnD1TBq5UG" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{702C47AD-C01A-43C8-B8D5-0B571C48A091}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{702C47AD-C01A-43C8-B8D5-0B571C48A091}" => key removed successfully
C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333039383136393038332d324a574123346c2a556c2a5a => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_333039383136393038332d324a574123346c2a556c2a5a" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D66BB27A-0EE7-4215-9484-FBFE56081263}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D66BB27A-0EE7-4215-9484-FBFE56081263}" => key removed successfully
C:\Windows\System32\Tasks\ShopperProJSUpd => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd" => key removed successfully
C:\Windows\Tasks\tpcOKgFosvm9L9zF2nwNsO.job => not found.
C:\Windows\Tasks\Wqk9orMnD1TBq5UG.job => not found.
"C:\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88\hnspBAC8.tmp" => not found.
"C:\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88\jnsk8381.tmp" => not found.
"C:\Program Files (x86)\baidu\pps.exe" => not found.

=========  netsh winsock reset =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 4.3 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 20:32:56 ====

 

 

 

Step 2:

 

# AdwCleaner v5.018 - Logfile created 06/11/2015 at 20:41:57
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Fin- Accounts - FIN-ACCOUNTS-PC
# Running from : C:\Users\Fin- Accounts\Desktop\adwcleaner_5.018.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : WdsManPro
Service Found : ihpmServer
Service Found : NETTCPHANDLER

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\SFK
Folder Found : C:\Program Files (x86)\RayDld
Folder Found : C:\Program Files (x86)\Feed Notifier
Folder Found : C:\ProgramData\IQIYI Video
Folder Found : C:\Users\Fin- Accounts\AppData\Local\BrowserHelper
Folder Found : C:\Users\Fin- Accounts\AppData\Local\SysassistByHotWheel
Folder Found : C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk
Folder Found : C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk
Folder Found : C:\Users\Fin- Accounts\AppData\Roaming\RunDir
Folder Found : C:\Users\Fin- Accounts\AppData\Roaming\NetService
Folder Found : C:\Users\Fin- Accounts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Found : C:\Users\Fin- Accounts\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default\Extensions\deskCutv2@gmail.com
Folder Found : C:\Users\Fin- Accounts\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default\Extensions\defsearchp@gmail.com

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Mozilla\Extends
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Key Found : HKLM\SOFTWARE\CLASSES\GEEPLAYER.DIR
Key Found : HKLM\SOFTWARE\CLASSES\APPLICATIONS\GEEPLAYER.EXE
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro
Key Found : HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\GeePlayer.exe
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NetTcpHandler
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
Key Found : HKCU\Software\Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF-NOT}
Key Found : HKCU\Software\Classes\CLSID\{61CED8F3-2CB2-4C3C-9484-7530E1127A58}
Key Found : HKCU\Software\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E6F928E4-B672-4F3A-8CA2-53C4259235DE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5CD76C57-6893-478A-B776-47E7C82504BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Crossbrowse
Key Found : HKCU\Software\YorkNewCin
Key Found : HKCU\Software\HighDefAction
Key Found : HKCU\Software\ArenaHD
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\istartsurfSoftware
Key Found : HKLM\SOFTWARE\Crossbrowse
Key Found : HKLM\SOFTWARE\YorkNewCin
Key Found : HKLM\SOFTWARE\HighDefAction
Key Found : HKLM\SOFTWARE\oursurfingSoftware
Key Found : HKLM\SOFTWARE\ArenaHD
Key Found : HKLM\SOFTWARE\FFPluginHp
Key Found : HKLM\SOFTWARE\WdsManPro
Key Found : HKLM\SOFTWARE\RayDld
Key Found : HKLM\SOFTWARE\ihpmserver
Key Found : HKLM\SOFTWARE\im-dosearch
Key Found : HKLM\SOFTWARE\seekmx
Key Found : HKLM\SOFTWARE\NetTcpHandler
Key Found : HKLM\SOFTWARE\NtSvcHandler
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
Key Found : [x64] HKLM\SOFTWARE\ShopperPro
Key Found : [x64] HKLM\SOFTWARE\YorkNewCin
Key Found : [x64] HKLM\SOFTWARE\HighDefAction
Key Found : [x64] HKLM\SOFTWARE\ArenaHD
Key Found : [x64] HKLM\SOFTWARE\im-dosearch
Key Found : [x64] HKLM\SOFTWARE\seekmx
Key Found : [x64] HKLM\SOFTWARE\SAKURA
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE

***** [ Web browsers ] *****

[C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Found : hxxp://www.istartsurf.com/webfavicon.ico
[C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jcgcoifbkbphhjnekfkmohklfaimhikk
[C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jcgcoifbkbphhjnekfkmohklfaimhikk

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7360 bytes] ##########

 

 

 

Step 3:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Professional x64
Ran by Fin- Accounts on 2015/11/06 at 20:52:08.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] C:\Users\Fin- Accounts\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Fin- Accounts\Appdata\Local\installer

 

~~~ Chrome

[C:\Users\Fin- Accounts\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Fin- Accounts\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Fin- Accounts\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Fin- Accounts\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015/11/06 at 20:56:23.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Step 4:

 

~ ZHPCleaner v2015.11.6.374 by Nicolas Coolman (2015/11/06)
~ Run by Fin- Accounts (Administrator)  (06/11/2015 21:06:29)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Fin- Accounts\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Fin- Accounts\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)

---\\  Services (0)
~ No malicious or unnecessary items found.

---\\  Browser internet (7)
DELETED: [dk5ak4zj.default] - user_pref("browser.search.searchengine.alias", "istartsurf");  =>PUP.Optional.SearchEngine
DELETED: [dk5ak4zj.default] - user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");  =>PUP.Optional.SearchEngine
DELETED: [dk5ak4zj.default] - user_pref("browser.search.searchengine.iconURL", "http://www.istartsurf.com/favicon.ico");  =>PUP.Optional.SearchEngine
DELETED: [dk5ak4zj.default] - user_pref("browser.search.searchengine.name", "istartsurf");  =>PUP.Optional.SearchEngine
DELETED: [dk5ak4zj.default] - user_pref("browser.search.searchengine.ptid", "face");  =>PUP.Optional.SearchEngine
DELETED: [dk5ak4zj.default] - user_pref("browser.search.searchengine.uid", "HGSTXHTS545050A7E680_RB050AM500NWXP00NWXPX");  =>PUP.Optional.SearchEngine
DELETED: [dk5ak4zj.default] - user_pref("browser.search.searchengine.url", "http://www.istartsurf.com/web/?type=ds&ts=1446545133&z[...]  =>PUP.Optional.SearchEngine

---\\  Hosts file (1)
~ The hosts file is legitimate (1)

---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\  Explorer ( File, Folder) (2)
MOVED file: C:\ProgramData\XWMiniProX\WMiniPro.exe [DTools LIMITED - DTools]  =>PUP.Optional.WpManager
MOVED file: C:\ProgramData\gWMiniProg\WMiniPro.exe [DTools LIMITED - DTools]  =>PUP.Optional.WpManager

---\\  Registry ( Key, Value, Data) (15)
DELETED key*: HKCU\Software\CinemaP-1.9cV02.11-nv-ie []  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\iWebar-nv-ie []  =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Object Browser-nv-ie []  =>PUP.Optional.CrossRider
DELETED key: HKEY_USERS\S-1-5-21-1152905624-1930229052-3158680621-1000\Software\CinemaP-1.9cV02.11-nv-ie []  =>PUP.Optional.CrossRider
DELETED key: HKEY_USERS\S-1-5-21-1152905624-1930229052-3158680621-1000\Software\iWebar-nv-ie []  =>PUP.Optional.CrossRider
DELETED key: HKEY_USERS\S-1-5-21-1152905624-1930229052-3158680621-1000\Software\Object Browser-nv-ie []  =>PUP.Optional.ObjectBrowser
DELETED key*: HKCU\Software\MyBrowser []  =>PUP.Optional.MyBrowser
DELETED key*: HKLM\Software\MyBrowser []  =>PUP.Optional.MyBrowser
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{FE03D6AD-D636-425D-8302-CB9CC3AF0123} [C:\Users\Fin- Accounts\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe]  =>.Superfluous.IQIYIVideo
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{6220AF69-E2D0-4CF3-9D65-5FCA57993F71} [C:\IQIYI Video\GeePlayer\GeePlayer.exe]  =>.Superfluous.IQIYIVideo
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{9F0035C0-1B49-459B-9D65-9C6F195E0477} [C:\Users\Fin- Accounts\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe]  =>.Superfluous.IQIYIVideo
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{1ED103FB-5603-4B4E-A2BC-D37E031B8A33} [C:\IQIYI Video\LStyle\QyClient.exe]  =>.Superfluous.IQIYIVideo
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{B1DF4C57-0763-4C68-8BB3-26652AF0EEA2} [C:\IQIYI Video\LStyle\QyWebPlayer.exe]  =>.Superfluous.IQIYIVideo
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{1C16E88D-AF04-4775-9FFB-9A25331DA7EF} [C:\IQIYI Video\Common\QyKernel.exe]  =>.Superfluous.IQIYIVideo
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{EE170AFC-F1E9-412B-8966-D65C0F678A70} [C:\IQIYI Video\LStyle\QyPlayer.exe]  =>.Superfluous.IQIYIVideo

---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)

---\\ Statistics
~ Items scanned : 489
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 24

~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-06112015-21_06_49.txt
ZHPCleaner-[S]-06112015-21_05_52.txt

 

Step 5:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015/11/06
Scan Time: 09:12 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.06.05
Rootkit Database: v2015.11.04.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Fin- Accounts

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347530
Time Elapsed: 19 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 8
PUP.Optional.WinManger, HKLM\SOFTWARE\CLASSES\APPID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}, Quarantined, [bb12de9c38539a9c08ad49e8d72b4db3],
PUP.Optional.WinManger, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}, Quarantined, [bb12de9c38539a9c08ad49e8d72b4db3],
PUP.Optional.WinManger, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}, Quarantined, [bb12de9c38539a9c08ad49e8d72b4db3],
PUP.Optional.Cinema, HKU\S-1-5-18\SOFTWARE\CinemaP-1.9cV02.11-nv, Quarantined, [09c405758209d95d1973d18b9e6517e9],
PUP.Optional.Cinema, HKU\S-1-5-18\SOFTWARE\CinemaP-1.9cV02.11-nv-ie, Quarantined, [7a5384f66d1e9d9919739cc03ec5e21e],
PUP.Optional.CinemaPlus, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV23.10-nv, Quarantined, [c8051367a5e610268887c499b84b36ca],
PUP.Optional.ObjectBrowser, HKU\S-1-5-18\SOFTWARE\Object Browser-nv, Quarantined, [e2eb7109771447efa49ec0bd19ea9769],
PUP.Optional.ObjectBrowser, HKU\S-1-5-18\SOFTWARE\Object Browser-nv-ie, Quarantined, [4885d5a5fe8d51e54af8235aa55e629e],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.WindowsProtectManager, C:\ProgramData\gWMiniProg, Quarantined, [fcd104762c5f3df95eb6562620e2e818],
PUP.Optional.WindowsProtectManager, C:\ProgramData\gWMiniProg\mitest, Quarantined, [fcd104762c5f3df95eb6562620e2e818],
PUP.Optional.WindowsProtectManager, C:\ProgramData\XWMiniProX, Quarantined, [3895c2b8513a171f6ba92f4d29d9639d],
PUP.Optional.WindowsProtectManager, C:\ProgramData\XWMiniProX\mitest, Quarantined, [3895c2b8513a171f6ba92f4d29d9639d],

Files: 5
PUP.Optional.WindowsProtectManager, C:\Users\Fin- Accounts\AppData\Roaming\ZHP\Quarantine\WMiniPro.exe, Quarantined, [8f3e9edcc9c24cea9dfc66278180ac54],
PUP.Optional.WindowsProtectManager, C:\ProgramData\gWMiniProg\mitestconf, Quarantined, [fcd104762c5f3df95eb6562620e2e818],
PUP.Optional.WindowsProtectManager, C:\ProgramData\XWMiniProX\mitestconf, Quarantined, [3895c2b8513a171f6ba92f4d29d9639d],
PUP.Optional.DefaultProtectedSearch, C:\Users\Fin- Accounts\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default\prefs.js, Good: (), Bad: (defsearchp@gmail.com), Replaced,[8f3eb1c9cebdea4cd38bed869c68cf31]
PUP.Optional.DeskCut, C:\Users\Fin- Accounts\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default\prefs.js, Good: (), Bad: (deskCutv2@gmail.com), Replaced,[ebe23a40aae1d3639ec1007362a2aa56]

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

 

 

Thank you

Marike



#6 olgun52

olgun52

  • Malware Response Team
  • 3,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 06 November 2015 - 03:08 PM

Thank you Marike,

 

Now again Adwcleaner open and Press Delete button.

-----------------------------------------------------------------------

 

Please be sure to run our tools with administrator rights.
 
ComboFix run:
 
* IMPORTANT : 1   Place ComboFix.exe on your Desktop
* IMPORTANT : 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.
 
Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 marikep

marikep
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 07 November 2015 - 12:16 AM

Hi,

 

When I run CDW Cleaner,  the only options I have is Scan, Cleaning, Logfile and Uninstall.  You said that I need to press Delete, which one will it be?  If I press Uninstall, it wants to uninstall CDW Cleaner.

 

Thanks

Marike



#8 olgun52

olgun52

  • Malware Response Team
  • 3,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 07 November 2015 - 04:52 PM

If you press the Delete button, no problem. But I do not see the deletion report. Then you can delete.

 

Please now run ComboFix.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 marikep

marikep
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 08 November 2015 - 12:34 AM

Hi,

 

I selected the Cleaning option on ADW:

 

# AdwCleaner v5.018 - Logfile created 07/11/2015 at 07:10:23
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Fin- Accounts - FIN-ACCOUNTS-PC
# Running from : C:\Users\Fin- Accounts\Desktop\adwcleaner_5.018.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [803 bytes] ##########

 

 

 

Combofix:

 

ComboFix 15-11-05.01 - Fin- Accounts 2015/11/08   7:03.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.27.1033.18.3961.2337 [GMT 2:00]
Running from: c:\users\Fin- Accounts\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
FW: Kaspersky Internet Security *Disabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
SP: Kaspersky Internet Security *Disabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetStretch.exe
c:\programdata\SetStretch.VBS
c:\programdata\SetWallpaper.exe
.
.
(((((((((((((((((((((((((   Files Created from 2015-10-08 to 2015-11-08  )))))))))))))))))))))))))))))))
.
.
2015-11-08 05:14 . 2015-11-08 05:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-06 19:10 . 2015-11-06 19:46 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-06 19:10 . 2015-10-05 07:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-11-06 19:10 . 2015-10-05 07:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-06 19:10 . 2015-10-05 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-11-06 19:09 . 2015-11-06 19:10 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-11-06 19:09 . 2015-11-06 19:09 -------- d-----w- c:\programdata\Malwarebytes
2015-11-06 18:41 . 2015-11-08 04:50 -------- d-----w- C:\AdwCleaner
2015-11-06 07:35 . 2015-10-20 01:33 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B710B04E-5FE0-4D93-929F-2795B410BFAF}\mpengine.dll
2015-11-05 13:31 . 2015-11-06 18:35 -------- d-----w- C:\FRST
2015-11-05 10:06 . 2015-11-05 10:06 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2015-11-04 10:44 . 2015-11-04 10:44 -------- d-----w- c:\program files\Common Files\AV
2015-11-04 10:30 . 2015-11-04 10:30 -------- d-----w- c:\program files (x86)\Common Files\Tidestone
2015-11-04 10:30 . 2015-11-04 10:30 -------- d-----w- c:\program files (x86)\Common Files\Data Dynamics
2015-11-04 10:30 . 2015-11-04 10:30 -------- d-----w- c:\program files (x86)\Common Files\Sage Pastel
2015-11-04 10:30 . 2015-11-04 10:30 -------- d-----w- c:\program files (x86)\Softline Pastel
2015-11-04 10:26 . 2015-11-04 10:26 -------- d-----w- c:\program files (x86)\Sage Connected Services
2015-11-04 10:06 . 2015-11-04 10:06 -------- d-----w- c:\program files (x86)\Sage Pastel
2015-11-04 08:42 . 2013-05-06 07:13 110176 ----a-w- c:\windows\system32\klfphc.dll
2015-11-04 08:40 . 2015-11-04 08:40 -------- d-----w- c:\windows\ELAMBKUP
2015-11-04 08:40 . 2015-11-08 04:53 -------- d-----w- c:\programdata\Kaspersky Lab
2015-11-04 08:40 . 2015-11-04 08:40 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2015-11-04 08:40 . 2015-11-04 09:26 793800 ----a-w- c:\windows\system32\drivers\klif.sys
2015-11-04 08:40 . 2015-11-04 09:26 141320 ----a-w- c:\windows\system32\drivers\klflt.sys
2015-11-04 08:40 . 2014-04-10 15:25 243808 ----a-w- c:\windows\system32\drivers\klhk.sys
2015-11-03 09:29 . 2015-11-03 09:28 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-11-03 09:28 . 2015-11-03 09:28 -------- d-----w- c:\program files\Java
2015-11-03 09:12 . 2015-11-03 09:12 -------- d-----w- c:\windows\system32\appmgmt
2015-11-03 09:01 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-11-03 08:52 . 2015-11-03 08:53 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-11-03 08:07 . 2015-11-03 08:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-11-02 12:18 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2015-11-02 12:18 . 2013-10-02 04:38 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2015-11-02 12:18 . 2013-10-02 02:22 56832 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2015-11-02 12:18 . 2013-10-02 02:11 13824 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-11-02 12:18 . 2013-10-02 02:08 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-11-02 12:18 . 2013-10-02 01:48 56832 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2015-11-02 12:18 . 2013-10-02 01:48 18944 ----a-w- c:\windows\system32\wksprtPS.dll
2015-11-02 12:18 . 2013-10-02 00:14 50176 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2015-11-02 12:18 . 2013-10-02 00:14 17920 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2015-11-02 12:18 . 2013-10-01 23:31 1147392 ----a-w- c:\windows\system32\mstsc.exe
2015-11-02 12:18 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\SysWow64\mstsc.exe
2015-11-02 12:16 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-11-02 12:16 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2015-11-02 12:16 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2015-11-02 12:16 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2015-11-02 12:13 . 2015-11-02 12:13 -------- d-----w- c:\program files\Microsoft Silverlight
2015-11-02 12:13 . 2015-11-02 12:13 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-11-02 12:11 . 2015-08-05 17:56 22528 ----a-w- c:\windows\system32\icaapi.dll
2015-11-02 12:11 . 2015-08-05 17:06 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2015-11-02 12:05 . 2015-09-14 19:45 3210240 ----a-w- c:\windows\system32\win32k.sys
2015-11-02 11:40 . 2015-11-02 11:40 -------- d-----w- c:\windows\Migration
2015-11-02 10:29 . 2015-11-02 10:33 -------- d-----w- c:\windows\system32\MRT
2015-10-30 20:56 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2015-10-30 20:56 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2015-10-30 20:56 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2015-10-30 20:56 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2015-10-30 20:56 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2015-10-30 20:56 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2015-10-30 20:56 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2015-10-30 20:26 . 2015-10-30 20:26 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2015-10-30 14:19 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-10-30 14:19 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-10-30 14:19 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-10-30 14:19 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-10-30 14:19 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-10-30 14:19 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-10-30 14:18 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-10-30 14:18 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-10-30 13:42 . 2015-10-30 13:42 -------- d-----w- c:\program files (x86)\e@syFile-employer
2015-10-30 13:41 . 2015-10-30 13:53 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2015-10-30 13:41 . 2015-11-03 08:53 -------- d-----w- c:\programdata\Oracle
2015-10-30 13:39 . 2015-11-03 09:12 -------- d-----w- c:\program files (x86)\Java
2015-10-30 09:23 . 2015-07-15 18:10 1743360 ----a-w- c:\windows\system32\sysmain.dll
2015-10-30 09:22 . 2015-02-03 03:30 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2015-10-30 09:22 . 2015-02-03 03:30 842240 ----a-w- c:\windows\system32\blackbox.dll
2015-10-30 09:22 . 2015-02-03 03:12 744960 ----a-w- c:\windows\SysWow64\blackbox.dll
2015-10-30 09:20 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2015-10-30 09:20 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-10-30 09:18 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2015-10-30 09:18 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2015-10-30 09:15 . 2015-07-15 03:17 2048 ----a-w- c:\windows\system32\tzres.dll
2015-10-30 09:15 . 2015-07-15 02:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-10-30 09:13 . 2015-10-01 18:06 692672 ----a-w- c:\windows\system32\winload.efi
2015-10-30 09:12 . 2014-03-04 09:43 57344 ----a-w- c:\windows\system32\cngprovider.dll
2015-10-30 09:12 . 2014-03-04 09:43 44544 ----a-w- c:\windows\system32\dimsroam.dll
2015-10-30 09:12 . 2014-03-04 09:43 56832 ----a-w- c:\windows\system32\adprovider.dll
2015-10-30 09:12 . 2014-03-04 09:17 36864 ----a-w- c:\windows\SysWow64\dimsroam.dll
2015-10-30 09:12 . 2014-03-04 09:43 52736 ----a-w- c:\windows\system32\dpapiprovider.dll
2015-10-30 09:12 . 2014-03-04 09:43 53760 ----a-w- c:\windows\system32\capiprovider.dll
2015-10-30 09:12 . 2014-03-04 09:17 47616 ----a-w- c:\windows\SysWow64\dpapiprovider.dll
2015-10-30 09:12 . 2014-03-04 09:17 51200 ----a-w- c:\windows\SysWow64\cngprovider.dll
2015-10-30 09:12 . 2014-03-04 09:17 48128 ----a-w- c:\windows\SysWow64\capiprovider.dll
2015-10-30 09:12 . 2014-03-04 09:17 49664 ----a-w- c:\windows\SysWow64\adprovider.dll
2015-10-30 09:12 . 2014-03-04 09:44 39936 ----a-w- c:\windows\system32\wincredprovider.dll
2015-10-30 09:12 . 2014-03-04 09:17 35328 ----a-w- c:\windows\SysWow64\wincredprovider.dll
2015-10-30 09:11 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-10-30 09:11 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-10-30 09:11 . 2015-06-25 10:06 115136 ----a-w- c:\windows\system32\consent.exe
2015-10-30 09:11 . 2015-06-25 10:01 1941504 ----a-w- c:\windows\system32\authui.dll
2015-10-30 09:11 . 2015-06-25 10:01 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-10-30 09:11 . 2015-06-25 09:44 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-10-30 09:10 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-10-30 09:10 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-10-30 09:10 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2015-10-30 09:10 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2015-10-30 09:10 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
2015-10-30 09:10 . 2014-02-04 02:35 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2015-10-30 09:10 . 2014-02-04 02:35 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2015-10-30 09:10 . 2014-02-04 02:28 2048 ----a-w- c:\windows\system32\iologmsg.dll
2015-10-30 09:10 . 2014-02-04 02:00 2048 ----a-w- c:\windows\SysWow64\iologmsg.dll
2015-10-30 09:10 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-10-30 09:10 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-10-30 09:09 . 2014-07-17 02:07 455168 ----a-w- c:\windows\system32\winlogon.exe
2015-10-30 09:09 . 2014-07-17 02:07 235520 ----a-w- c:\windows\system32\winsta.dll
2015-10-30 09:09 . 2014-07-17 02:07 150528 ----a-w- c:\windows\system32\rdpcorekmts.dll
2015-10-30 09:09 . 2014-07-17 01:40 157696 ----a-w- c:\windows\SysWow64\winsta.dll
2015-10-30 09:09 . 2014-07-17 01:21 212480 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2015-10-30 08:54 . 2015-09-02 01:47 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-10-30 08:54 . 2015-09-02 01:33 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-10-30 08:54 . 2015-09-02 03:04 41984 ----a-w- c:\windows\system32\lpk.dll
2015-10-30 08:54 . 2015-09-02 03:04 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-10-30 08:54 . 2015-09-02 03:04 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-10-30 08:54 . 2015-09-02 03:04 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-10-30 08:54 . 2015-09-02 02:48 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-29 02:58 . 2015-10-30 09:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-08-21 08:39 . 2015-08-21 08:39 244 ----a-w- c:\windows\system32\{86F549EB-A66B-4D6C-958D-CDDD66410751}.bat
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Payroll Notification Service"="c:\program files (x86)\Sage Connected Services\SageCSClient.exe" [2015-08-25 944728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2014-03-28 3216032]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2014-09-03 134616]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-06-27 292848]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2014-05-15 406328]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2014-05-08 209720]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-07-31 3084288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-10-06 597040]
"Payroll Notification Service"="c:\program files (x86)\Sage Connected Services\SageCSClient.exe" [2015-08-25 944728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start Pervasive PSQL Workgroup Engine.lnk - c:\windows\Installer\{0A3238D7-AB32-1030-B717-F3E3F18B4A8C}\WGE.14A03FCD_EA43_4130_A5C0_F02D38895A13.exe -SRDE [2015-10-29 92854]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelsba;Intel® Small Business Advantage;c:\program files\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASNB4LDRSvc;ASNB4LDRSvc Service;c:\program files (x86)\ASUS\Wireless Console 3\ASNB4LDRSvc.exe;c:\program files (x86)\ASUS\Wireless Console 3\ASNB4LDRSvc.exe [x]
S2 AsusFPService;AsusFPService;c:\program files (x86)\ASUS\FingerPrint\511\AsusFPService_x64.exe;c:\program files (x86)\ASUS\FingerPrint\511\AsusFPService_x64.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [x]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DptfParticipantProcessorService;Intel® Dynamic Platform and Thermal Framework Processor Participant Service Application;c:\windows\system32\DptfParticipantProcessorService.exe;c:\windows\SYSNATIVE\DptfParticipantProcessorService.exe [x]
S2 DptfPolicyConfigTDPService;Intel® Dynamic Platform and Thermal Framework Config TDP Service Application;c:\windows\system32\DptfPolicyConfigTDPService.exe;c:\windows\SYSNATIVE\DptfPolicyConfigTDPService.exe [x]
S2 DptfPolicyCriticalService;Intel® Dynamic Platform and Thermal Framework Critical Service Application;c:\windows\system32\DptfPolicyCriticalService.exe;c:\windows\SYSNATIVE\DptfPolicyCriticalService.exe [x]
S2 DptfPolicyLpmService;Intel® Dynamic Platform and Thermal Framework Low Power Mode Service Application;c:\windows\system32\DptfPolicyLpmService.exe;c:\windows\SYSNATIVE\DptfPolicyLpmService.exe [x]
S2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AmPeStor;Alcor Micro PCIE Card Reader Driver;c:\windows\system32\drivers\AmPeStor.sys;c:\windows\SYSNATIVE\drivers\AmPeStor.sys [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 ATP;ASUS Input Device;c:\windows\system32\DRIVERS\AsusTP.sys;c:\windows\SYSNATIVE\DRIVERS\AsusTP.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 DptfDevDram;DptfDevDram;c:\windows\system32\DRIVERS\DptfDevDram.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevDram.sys [x]
S3 DptfDevPch;DptfDevPch;c:\windows\system32\DRIVERS\DptfDevPch.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevPch.sys [x]
S3 DptfDevProc;DptfDevProc;c:\windows\system32\DRIVERS\DptfDevProc.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevProc.sys [x]
S3 DptfManager;DptfManager;c:\windows\system32\DRIVERS\DptfManager.sys;c:\windows\SYSNATIVE\DRIVERS\DptfManager.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_Accel.sys;c:\windows\SYSNATIVE\DRIVERS\ST_Accel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{804B66D4-45B5-4BA8-97B8-E0F025EEB9DE}]
2015-06-22 08:01 132952 ----a-w- c:\program files (x86)\Sage Connected Services\SCSUserReg.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-29 08:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DptfPolicyLpmServiceHelper"="c:\windows\system32\DptfPolicyLpmServiceHelper.exe" [2013-10-18 114048]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2014-05-12 915160]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2014-04-10 1830616]
"ASUS HDD Protection Tray Application"="c:\program files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe" [2014-02-12 54272]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-11-08  07:28:22
ComboFix-quarantined-files.txt  2015-11-08 05:28
.
Pre-Run: 106 730 479 616 bytes free
Post-Run: 107 896 008 704 bytes free
.
- - End Of File - - 026A5DEE878982F8708DCD569F7EF534
5FB38429D5D77768867C76DCBDB35194
 

Thanks

Marike



#10 olgun52

olgun52

  • Malware Response Team
  • 3,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 08 November 2015 - 05:15 PM

Hi marikep,

Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}

Please Try again run and  presss DELETE button.
 
 
Step 1:
Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)
 
Step 2:
Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

Edited by olgun52, 08 November 2015 - 05:30 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 marikep

marikep
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 09 November 2015 - 02:53 AM

ADW Cleaner:

 

# AdwCleaner v5.019 - Logfile created 09/11/2015 at 08:52:54
# Updated 08/11/2015 by Xplode
# Database : 2015-11-08.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Fin- Accounts - FIN-ACCOUNTS-PC
# Running from : C:\Users\Fin- Accounts\Desktop\adwcleaner_5.019.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Key Found : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [982 bytes] ##########

 

 

RogueKiller (I could not find the log after I ran Emisoft, so I ran the scan again, and paste the log I got then)

 

RogueKiller V10.11.4.0 [Nov  2 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Fin- Accounts [Administrator]
Started from : C:\Users\Fin- Accounts\Desktop\RogueKiller.exe
Mode : Scan -- Date : 11/09/2015 09:51:58

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.2.1.1 ([(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.2.1.1 ([(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.2.1.1 ([(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BF922D5B-F1F6-415F-8A59-66A6BC3E7613} | DhcpNameServer : 10.2.1.1 ([(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F627B56C-247A-4E8A-A7AA-BF6F5EEAA1F2} | DhcpNameServer : 192.15.128.24 ([UNITED STATES (US)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BF922D5B-F1F6-415F-8A59-66A6BC3E7613} | DhcpNameServer : 10.2.1.1 ([(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F627B56C-247A-4E8A-A7AA-BF6F5EEAA1F2} | DhcpNameServer : 192.15.128.24 ([UNITED STATES (US)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BF922D5B-F1F6-415F-8A59-66A6BC3E7613} | DhcpNameServer : 10.2.1.1 ([(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F627B56C-247A-4E8A-A7AA-BF6F5EEAA1F2} | DhcpNameServer : 192.15.128.24 ([UNITED STATES (US)])  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1152905624-1930229052-3158680621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1152905624-1930229052-3158680621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] dk5ak4zj.default : Default SearchProtected [defsearchp@gmail.com] -> Found
[PUP][FIREFX:Addon] dk5ak4zj.default : deskCut [deskCutv2@gmail.com] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 6759584bee4ff0a310c528030cd43f62
[BSP] 739470cd7757223eb0a3447fe8e0df31 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 190774 MB
3 - Basic data partition | Offset (sectors): 391174144 | Size: 260337 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 924344320 | Size: 25600 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 343a9850bc3b8280b4b6463633440686
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 14906 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2:  +++++
--- User ---
[MBR] 99edce60b6908481475826cd12398749
[BSP] 4fe58ab98fab24f5fed4a32f4864ab65 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

 

 

 

Emisisoft:

 

Emsisoft Emergency Kit - Version 10.0
Last update: 2015/11/09 09:34:29 AM
User account: Fin-Accounts-PC\Fin- Accounts

Scan settings:

Scan type: Quick Scan
Objects: Rootkits, Memory, Traces

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 2015/11/09 09:39:57 AM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AC3\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMR\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMV\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.APE\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASS\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.BIK\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CSF\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.F4V\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLAC\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLV\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.GPLF\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.IDX\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MKV\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP5\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPC\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGG\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGM\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PFV\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMF\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMP\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PVA\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QSV\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QT\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RA\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RAM\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RM\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMVB\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SRT\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SSA\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SUB\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TP\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TTA\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3G2\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP2\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GPP\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AAC\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIF\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIFF\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASF\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASX\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AVI\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CDA\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.DVR-MS\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M2TS\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4A\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4B\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4P\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4V\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MID\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MIDI\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOD\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOV\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP2\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP3\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP4\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPE\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPEG\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPG\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMI\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TS\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.VOB\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WM\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMA\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMV\OPENWITHLIST\GEEPLAYER.EXE  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFCTRL.ANIGIF  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG.1  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2.1  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}  detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\CONTROL\CLASS\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}  detected: Application.AdShopper (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\CONTROL\CLASS\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}  detected: Application.AdShopper (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)

Scanned 61003
Found 74

Scan end: 2015/11/09 09:40:27 AM
Scan time: 0:00:30

Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF} Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2.1 Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2 Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG.1 Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFCTRL.ANIGIF Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WM\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.VOB\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TS\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMI\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPG\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPEG\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPE\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP4\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP3\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP2\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOD\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MIDI\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MID\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4V\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4P\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4B\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4A\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M2TS\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.DVR-MS\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CDA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AVI\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASX\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIFF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AAC\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GPP\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP2\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3G2\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TTA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TP\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SUB\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SSA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SRT\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMVB\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RM\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RAM\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QT\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QSV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PVA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMP\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PFV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGM\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGG\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPC\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP5\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MKV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.IDX\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.GPLF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLAC\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.F4V\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CSF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.BIK\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASS\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.APE\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMR\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AC3\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)

Quarantined 72



#12 olgun52

olgun52

  • Malware Response Team
  • 3,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 09 November 2015 - 09:09 AM

Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}

Please Try again run and  presss DELETE button.

 

Adwcleaner ===> Did you press the DELETE button?

===============================================================================================================

 

Please do the following,
Step1:
Download zoek.exe to your Desktop:
http://hijackthis.nl/smeenk/

Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here
http://www.bleepingc...opic114351.html

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
Give it a few seconds to appear

Next, copy/paste the entire script inside the codebox below to the input field of Zoek:

createsrpoint;
autoclean;
emptyalltemp;
emptyclsid;

emptyfolderscheck;delete
iedefaults;
FFdefaults;
CHRdefaults;

ipconfig /flushdns;b

Now...
Close any open programs.
Click the Run script button, and wait. It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

 

Step2:

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Step3:

Java update:
Updating Java and Clearing Cache:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

  • Download the latest version of Java Runtime Environment (JRE) 8
  • Recommended Version is 8 Update 65
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows Offline (64-bit)  and save the file.
  • Close any programs you may have running - especially your web browser.

java-1.jpg
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 marikep

marikep
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 10 November 2015 - 01:46 AM

Hi,

 

ADW Cleaner, I have been pressing the CLEANING button, I got the following report (C4):

 

# AdwCleaner v5.019 - Logfile created 09/11/2015 at 19:52:31
# Updated 08/11/2015 by Xplode
# Database : 2015-11-08.2 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Fin- Accounts - FIN-ACCOUNTS-PC
# Running from : C:\Users\Fin- Accounts\Desktop\adwcleaner_5.019.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [906 bytes] ##########

 

 

Step 1:

 

Zoek.exe v5.0.0.1 Updated 09-November-2015
Tool run by Fin- Accounts on 2015/11/09 at 20:03:05.03.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Fin- Accounts\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

2015/11/09 08:04:42 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\Validity deleted successfully
C:\Users\Fin- Accounts\AppData\Roaming\Opera Software deleted successfully
C:\Users\Fin- Accounts\AppData\Local\CutePDF Writer deleted successfully
C:\Users\Fin- Accounts\AppData\Local\Opera Software deleted successfully
C:\Users\Fin- Accounts\AppData\Local\Unity deleted successfully
C:\Users\Fin- Accounts\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\FIN-AC~1\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default\prefs.js:

Added to C:\Users\FIN-AC~1\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\FIN-AC~1\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_1109_0817_.backup

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\Users\Fin- Accounts\AppData\LocalLow\Unity deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Users\FIN-AC~1\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default\Yahoo Inc deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\FIN-AC~1\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com" [2015/11/04 11:30 AM]

==== Firefox Extensions ======================

==== Firefox Plugins ======================

==== Chromium Look ======================

 

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Fin- Accounts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Fin- Accounts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Fin- Accounts\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2 folders=3 8304 bytes)

==== Empty Temp Folders ======================

C:\Users\ADMINI~1\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Fin- Accounts\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\FIN-AC~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 2015/11/09 at 20:23:08.22 ======================

 

Step 2:

 

C:\AdwCleaner\Quarantine\C\Users\Fin- Accounts\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default\Extensions\defsearchp@gmail.com\chrome\content\jquery-2.1.0.min.js.vir Win32/Toolbar.TNT2.I potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbia.exe a variant of Win64/SBWatchman.B potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbici32.dll a variant of Win32/SBWatchman.A potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbici64.dll a variant of Win64/SBWatchman.A potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbii32.exe a variant of Win32/SBWatchman.A potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbii64.exe a variant of MSIL/SBWatchman.A potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88\hnspBAC8.tmp.xBAD a variant of Win32/Adware.ConvertAd.ABZ application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88\jnsk8381.tmp.xBAD a variant of Win32/Adware.ConvertAd.ABM application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\23845D4A-1446543015-434D-812D-B1BB2F3EED88\23845D4A-1446543015-434D-812D-B1BB2F3EED88\Uninstall.exe Win32/Adware.ConvertAd.YY application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\baidu\pps.exe a variant of Win32/HideBaid.L potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Fin- Accounts\AppData\Local\23845D4A-1446550306-434D-812D-B1BB2F3EED88\D04A.tmp a variant of Win32/Adware.ConvertAd.ACA.gen application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Fin- Accounts\AppData\Local\23845D4A-1446550306-434D-812D-B1BB2F3EED88\snsk96E4.tmp a variant of Win32/Adware.ConvertAd.ABX application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Fin- Accounts\AppData\Local\Temp\5322.exe.xBAD a variant of Win32/Toolbar.CrossRider.CZ potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Fin- Accounts\AppData\Local\Temp\9200.exe.xBAD a variant of Win32/Packed.ScrambleWrapper.O potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Fin- Accounts\AppData\Local\Temp\qqpcmgr_v10.7.16066.216_71821_Silence.exe.xBAD a variant of Win32/Tencent.A potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Fin- Accounts\AppData\Local\Temp\tu17p84.exe.xBAD a variant of Win32/SpeedBit.F potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Fin- Accounts\AppData\Roaming\tpcOKgFosvm9L9zF2nwNsO.exe.xBAD a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Fin- Accounts\AppData\Roaming\tpcOKgFosvm9L9zF2nwNsO.xBAD JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Fin- Accounts\AppData\Roaming\Wqk9orMnD1TBq5UG.exe.xBAD Win32/Toolbar.CrossRider.CB potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Fin- Accounts\AppData\Roaming\Wqk9orMnD1TBq5UG.xBAD JS/Toolbar.Crossrider.I potentially unwanted application deleted - quarantined
C:\Users\Fin- Accounts\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\23845D4A-1446550306-434D-812D-B1BB2F3EED88\D04A.tmp.zip a variant of Win32/Adware.ConvertAd.ACA.gen application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\23845D4A-1446550306-434D-812D-B1BB2F3EED88\onsa96F6.tmp.zip a variant of Win32/Adware.ConvertAd.HY application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\23845D4A-1446550306-434D-812D-B1BB2F3EED88\snsk96E4.tmp.zip a variant of Win32/Adware.ConvertAd.ABX application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AAT76YK1\SU_Srv[1].exe.zip a variant of Win32/Adware.ConvertAd.ABX application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AAT76YK1\VuuPC_VO2_8907[1].exe.zip Win32/InstallMonetizer.BI potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMLVMRHI\1[1].zip.zip Win32/Toolbar.TNT2.I potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMLVMRHI\installer[1].exe.zip a variant of Win32/Toolbar.CrossRider.CZ potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMLVMRHI\prepreinstaller_win[1].exe.zip a variant of Win32/Adware.Imali.E application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMLVMRHI\Reimage[1].exe.zip a variant of Win32/OutBrowse.BS potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMLVMRHI\setup[1].exe.zip Win32/Somoto.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QRG1WLNE\EBsYO2gY[1].exe.zip a variant of Win32/Adware.ConvertAd.ABZ application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QRG1WLNE\face_istartsurf[2].exe.zip a variant of Win32/ELEX.FG potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QRG1WLNE\uSHuw69[1].zip a variant of Win32/Adware.ConvertAd.ABO application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VN5Q6O8I\fl6rRU[1].zip a variant of Win32/Adware.ConvertAd.ACA.gen application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VN5Q6O8I\JOSrv[1].exe.zip a variant of Win32/Adware.ConvertAd.ABM application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VN5Q6O8I\setup[1].exe.zip Win32/Somoto.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VN5Q6O8I\setup[2].exe.zip a variant of Win32/Packed.ScrambleWrapper.O potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\5322.exe.zip a variant of Win32/Toolbar.CrossRider.CZ potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\9200.exe.zip a variant of Win32/Packed.ScrambleWrapper.O potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nsb7CC1.tmp.zip a variant of Win32/ELEX.FG potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nsbF3E8.tmp.zip a variant of Win32/Adware.ConvertAd.ACB.gen application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nscC140.tmp.zip a variant of Win32/Adware.ConvertAd.ACB.gen application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nsdDCAC.tmp.zip Win32/Somoto.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nsgA05B.tmp.zip a variant of Win32/Adware.ConvertAd.ACB.gen application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nsgF4FB.tmp.zip a variant of Win32/Adware.ConvertAd.ACB.gen application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nsi3C68.tmp.zip a variant of Win32/Adware.ConvertAd.ACB.gen application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nsm99F9.tmp.zip a variant of Win32/Adware.ConvertAd.ABO application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nsn9839.tmp.zip a variant of Win32/Adware.ConvertAd.ACA.gen application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nsnED6A.tmp.zip a variant of Win32/Adware.ConvertAd.ACB.gen application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nsrAAB5.tmp.zip a variant of Win32/Adware.ConvertAd.ACB.gen application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nsrF31C.tmp.zip a variant of Win32/Adware.ConvertAd.ACB.gen application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nss43D8.tmp.zip Win32/InstallMonetizer.BI potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nss53C0.tmp.zip a variant of Win32/ELEX.FG potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nss5AC9.tmp.zip a variant of Win32/Adware.Imali.E application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nssDD85.tmp.zip a variant of Win32/Adware.ConvertAd.ABO application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nssFEB.tmp.zip Win32/Somoto.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nsyA36C.tmp.zip Win32/InstallMonetizer.BI potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\qqpcmgr_v10.7.16066.216_71821_Silence.exe.zip a variant of Win32/Tencent.A potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\task.vbs.zip VBS/TrojanDownloader.Agent.NSW trojan deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\tu17p84.exe.zip a variant of Win32/SpeedBit.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.210315\globalupdate.exe.zip Win32/AlteredSoftware.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.210315\globalupdateBroker.exe.zip Win32/AlteredSoftware.H potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.210315\globalupdateCrashHandler.exe.zip Win32/AlteredSoftware.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.210315\globalupdateOnDemand.exe.zip Win32/AlteredSoftware.H potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.210315\goopdate.dll.zip a variant of Win32/AlteredSoftware.A potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.210315\goopdateres_en.dll.zip a variant of Win32/AlteredSoftware.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.210315\npglobalupdateUpdate4.dll.zip a variant of Win32/AlteredSoftware.E potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.210315\psmachine.dll.zip a variant of Win32/AlteredSoftware.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.210315\psuser.dll.zip a variant of Win32/AlteredSoftware.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.261593\globalupdate.exe.zip Win32/AlteredSoftware.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.261593\globalupdateBroker.exe.zip Win32/AlteredSoftware.H potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.261593\globalupdateCrashHandler.exe.zip Win32/AlteredSoftware.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.261593\globalupdateOnDemand.exe.zip Win32/AlteredSoftware.H potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.261593\goopdate.dll.zip a variant of Win32/AlteredSoftware.A potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.261593\goopdateres_en.dll.zip a variant of Win32/AlteredSoftware.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.261593\npglobalupdateUpdate4.dll.zip a variant of Win32/AlteredSoftware.E potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.261593\psmachine.dll.zip a variant of Win32/AlteredSoftware.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.261593\psuser.dll.zip a variant of Win32/AlteredSoftware.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.294094\globalupdate.exe.zip Win32/AlteredSoftware.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.294094\globalupdateBroker.exe.zip Win32/AlteredSoftware.H potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.294094\globalupdateCrashHandler.exe.zip Win32/AlteredSoftware.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.294094\globalupdateOnDemand.exe.zip Win32/AlteredSoftware.H potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.294094\goopdate.dll.zip a variant of Win32/AlteredSoftware.A potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.294094\goopdateres_en.dll.zip a variant of Win32/AlteredSoftware.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.294094\npglobalupdateUpdate4.dll.zip a variant of Win32/AlteredSoftware.E potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.294094\psmachine.dll.zip a variant of Win32/AlteredSoftware.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.294094\psuser.dll.zip a variant of Win32/AlteredSoftware.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.473160\globalupdate.exe.zip Win32/AlteredSoftware.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.473160\globalupdateBroker.exe.zip Win32/AlteredSoftware.H potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.473160\globalupdateCrashHandler.exe.zip Win32/AlteredSoftware.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.473160\globalupdateOnDemand.exe.zip Win32/AlteredSoftware.H potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.473160\goopdate.dll.zip a variant of Win32/AlteredSoftware.A potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.473160\goopdateres_en.dll.zip a variant of Win32/AlteredSoftware.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.473160\npglobalupdateUpdate4.dll.zip a variant of Win32/AlteredSoftware.E potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.473160\psmachine.dll.zip a variant of Win32/AlteredSoftware.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\comh.473160\psuser.dll.zip a variant of Win32/AlteredSoftware.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nseE2B3.tmp\Esrofsdkhr.exe.zip a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nseE2B3.tmp\istow.dll.zip a variant of Win32/Packed.ScrambleWrapper.O potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\lbjtwwxlp.dll.zip a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\vcikdq.dll.zip a variant of Win32/Toolbar.CrossRider.CP potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\102.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\14.js.zip JS/Toolbar.Crossrider.O potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\178.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\179.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\180.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\184.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\200.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\223.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\231.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\232.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\234.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\252.js.zip JS/Toolbar.Crossrider.K potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\253.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\262.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\263.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\273.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\277.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\281.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\288.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\300.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\311.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\335.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\339.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\348.js.zip JS/Toolbar.Crossrider.K potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\357.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\376.js.zip JS/Toolbar.Crossrider.L potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\380.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\385.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\390.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\391.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\419.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\424.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\91.js.zip JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Roaming\tpcOKgFosvm9L9zF2nwNsO.exe.zip a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Roaming\tpcOKgFosvm9L9zF2nwNsO.zip JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Roaming\Wqk9orMnD1TBq5UG.exe.zip Win32/Toolbar.CrossRider.CB potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Roaming\Wqk9orMnD1TBq5UG.zip JS/Toolbar.Crossrider.I potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default\extensions\defsearchp@gmail.com\chrome\content\jquery-2.1.0.min.js.zip Win32/Toolbar.TNT2.I potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Fin- Accounts 2015-11-05 13;19;42 (Full)\Downloads\CuteWriter.exe.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\All Users\gWMiniProg\WMiniPro.exe.zip a variant of Win32/ELEX.FF potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\All Users\XWMiniProX\WMiniPro.exe.zip a variant of Win32/ELEX.FF potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\23845D4A-1446550306-434D-812D-B1BB2F3EED88\D04A.tmp.zip a variant of Win32/Adware.ConvertAd.ACA.gen application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\23845D4A-1446550306-434D-812D-B1BB2F3EED88\onsa96F6.tmp.zip a variant of Win32/Adware.ConvertAd.HY application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\23845D4A-1446550306-434D-812D-B1BB2F3EED88\snsk96E4.tmp.zip a variant of Win32/Adware.ConvertAd.ABX application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AAT76YK1\SU_Srv[1].exe.zip a variant of Win32/Adware.ConvertAd.ABX application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AAT76YK1\VuuPC_VO2_8907[1].exe.zip Win32/InstallMonetizer.BI potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMLVMRHI\1[1].zip.zip Win32/Toolbar.TNT2.I potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMLVMRHI\installer[1].exe.zip a variant of Win32/Toolbar.CrossRider.CZ potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMLVMRHI\prepreinstaller_win[1].exe.zip a variant of Win32/Adware.Imali.E application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMLVMRHI\Reimage[1].exe.zip a variant of Win32/OutBrowse.BS potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMLVMRHI\setup[1].exe.zip Win32/Somoto.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QRG1WLNE\EBsYO2gY[1].exe.zip a variant of Win32/Adware.ConvertAd.ABZ application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QRG1WLNE\face_istartsurf[2].exe.zip a variant of Win32/ELEX.FG potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QRG1WLNE\uSHuw69[1].zip a variant of Win32/Adware.ConvertAd.ABO application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VN5Q6O8I\fl6rRU[1].zip a variant of Win32/Adware.ConvertAd.ACA.gen application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VN5Q6O8I\JOSrv[1].exe.zip a variant of Win32/Adware.ConvertAd.ABM application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VN5Q6O8I\setup[1].exe.zip Win32/Somoto.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VN5Q6O8I\setup[2].exe.zip a variant of Win32/Packed.ScrambleWrapper.O potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\5322.exe.zip a variant of Win32/Toolbar.CrossRider.CZ potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\9200.exe.zip a variant of Win32/Packed.ScrambleWrapper.O potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nsb7CC1.tmp.zip a variant of Win32/ELEX.FG potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nsbF3E8.tmp.zip a variant of Win32/Adware.ConvertAd.ACB.gen application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nscC140.tmp.zip a variant of Win32/Adware.ConvertAd.ACB.gen application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nsdDCAC.tmp.zip Win32/Somoto.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nsgA05B.tmp.zip a variant of Win32/Adware.ConvertAd.ACB.gen application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nsgF4FB.tmp.zip a variant of Win32/Adware.ConvertAd.ACB.gen application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nsi3C68.tmp.zip a variant of Win32/Adware.ConvertAd.ACB.gen application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nsm99F9.tmp.zip a variant of Win32/Adware.ConvertAd.ABO application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nsn9839.tmp.zip a variant of Win32/Adware.ConvertAd.ACA.gen application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nsnED6A.tmp.zip a variant of Win32/Adware.ConvertAd.ACB.gen application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nsrAAB5.tmp.zip a variant of Win32/Adware.ConvertAd.ACB.gen application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nsrF31C.tmp.zip a variant of Win32/Adware.ConvertAd.ACB.gen application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nss43D8.tmp.zip Win32/InstallMonetizer.BI potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nss53C0.tmp.zip a variant of Win32/ELEX.FG potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nss5AC9.tmp.zip a variant of Win32/Adware.Imali.E application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nssDD85.tmp.zip a variant of Win32/Adware.ConvertAd.ABO application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nssFEB.tmp.zip Win32/Somoto.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nsyA36C.tmp.zip Win32/InstallMonetizer.BI potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\qqpcmgr_v10.7.16066.216_71821_Silence.exe.zip a variant of Win32/Tencent.A potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\task.vbs.zip VBS/TrojanDownloader.Agent.NSW trojan deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\tu17p84.exe.zip a variant of Win32/SpeedBit.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.210315\globalupdate.exe.zip Win32/AlteredSoftware.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.210315\globalupdateBroker.exe.zip Win32/AlteredSoftware.H potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.210315\globalupdateCrashHandler.exe.zip Win32/AlteredSoftware.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.210315\globalupdateOnDemand.exe.zip Win32/AlteredSoftware.H potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.210315\goopdate.dll.zip a variant of Win32/AlteredSoftware.A potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.210315\goopdateres_en.dll.zip a variant of Win32/AlteredSoftware.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.210315\npglobalupdateUpdate4.dll.zip a variant of Win32/AlteredSoftware.E potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.210315\psmachine.dll.zip a variant of Win32/AlteredSoftware.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.210315\psuser.dll.zip a variant of Win32/AlteredSoftware.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.261593\globalupdate.exe.zip Win32/AlteredSoftware.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.261593\globalupdateBroker.exe.zip Win32/AlteredSoftware.H potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.261593\globalupdateCrashHandler.exe.zip Win32/AlteredSoftware.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.261593\globalupdateOnDemand.exe.zip Win32/AlteredSoftware.H potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.261593\goopdate.dll.zip a variant of Win32/AlteredSoftware.A potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.261593\goopdateres_en.dll.zip a variant of Win32/AlteredSoftware.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.261593\npglobalupdateUpdate4.dll.zip a variant of Win32/AlteredSoftware.E potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.261593\psmachine.dll.zip a variant of Win32/AlteredSoftware.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.261593\psuser.dll.zip a variant of Win32/AlteredSoftware.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.294094\globalupdate.exe.zip Win32/AlteredSoftware.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.294094\globalupdateBroker.exe.zip Win32/AlteredSoftware.H potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.294094\globalupdateCrashHandler.exe.zip Win32/AlteredSoftware.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.294094\globalupdateOnDemand.exe.zip Win32/AlteredSoftware.H potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.294094\goopdate.dll.zip a variant of Win32/AlteredSoftware.A potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.294094\goopdateres_en.dll.zip a variant of Win32/AlteredSoftware.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.294094\npglobalupdateUpdate4.dll.zip a variant of Win32/AlteredSoftware.E potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.294094\psmachine.dll.zip a variant of Win32/AlteredSoftware.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.294094\psuser.dll.zip a variant of Win32/AlteredSoftware.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.473160\globalupdate.exe.zip Win32/AlteredSoftware.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.473160\globalupdateBroker.exe.zip Win32/AlteredSoftware.H potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.473160\globalupdateCrashHandler.exe.zip Win32/AlteredSoftware.F potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.473160\globalupdateOnDemand.exe.zip Win32/AlteredSoftware.H potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.473160\goopdate.dll.zip a variant of Win32/AlteredSoftware.A potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.473160\goopdateres_en.dll.zip a variant of Win32/AlteredSoftware.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.473160\npglobalupdateUpdate4.dll.zip a variant of Win32/AlteredSoftware.E potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.473160\psmachine.dll.zip a variant of Win32/AlteredSoftware.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\comh.473160\psuser.dll.zip a variant of Win32/AlteredSoftware.G potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nseE2B3.tmp\Esrofsdkhr.exe.zip a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nseE2B3.tmp\istow.dll.zip a variant of Win32/Packed.ScrambleWrapper.O potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\lbjtwwxlp.dll.zip a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\vcikdq.dll.zip a variant of Win32/Toolbar.CrossRider.CP potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\102.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\14.js.zip JS/Toolbar.Crossrider.O potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\178.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\179.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\180.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\184.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\200.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\223.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\231.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\232.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\234.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\252.js.zip JS/Toolbar.Crossrider.K potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\253.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\262.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\263.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\273.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\277.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\281.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\288.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\300.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\311.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\335.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\339.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\348.js.zip JS/Toolbar.Crossrider.K potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\357.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\376.js.zip JS/Toolbar.Crossrider.L potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\380.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\385.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\390.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\391.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\419.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\424.js.zip JS/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Local\Temp\nso476.tmp\{AFBE0894-101E-47FB-8A83-41DBC892FC57}\plugins\91.js.zip JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Roaming\tpcOKgFosvm9L9zF2nwNsO.exe.zip a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Roaming\tpcOKgFosvm9L9zF2nwNsO.zip JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Roaming\Wqk9orMnD1TBq5UG.exe.zip Win32/Toolbar.CrossRider.CB potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Roaming\Wqk9orMnD1TBq5UG.zip JS/Toolbar.Crossrider.I potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\AppData\Roaming\Mozilla\Firefox\Profiles\dk5ak4zj.default\extensions\defsearchp@gmail.com\chrome\content\jquery-2.1.0.min.js.zip Win32/Toolbar.TNT2.I potentially unwanted application deleted - quarantined
G:\Fin Acc Backup\Users 2015-11-05 14;18;14 (Full)\Fin- Accounts\Downloads\CuteWriter.exe.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
G:\PeggyBup\Documents\Downloaded Installations\{985409D7-8B38-48E5-B558-861FF10232DC}\Pastel Payroll 2010 Update 2.msi probably unknown NewHeur_PE virus deleted - quarantined
G:\PeggyBup\Documents\Downloads\mozilla firefox setup.exe MSIL/Soft32Downloader.C potentially unwanted application deleted - quarantined
G:\PeggyBup\My Documents\Downloaded Installations\{985409D7-8B38-48E5-B558-861FF10232DC}\Pastel Payroll 2010 Update 2.msi probably unknown NewHeur_PE virus deleted - quarantined

 

Step 3:

 

I can't do this as it will disable critical software for me (Easyfile, produced by the tax authority in South Africa) - see this page: http://www.sars.gov.za/FAQs/Pages/2120.aspx
 
They actually want Java 7, which is no longer available, but it seems that java 8u40 does work.

 

 

Thanks
 



#14 olgun52

olgun52

  • Malware Response Team
  • 3,781 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 10 November 2015 - 01:40 PM

I understand, but there It will be a security vulnerability. You must be careful.

What is the latest situation now and how is the PC running ? Any issues


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 marikep

marikep
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 11 November 2015 - 03:09 AM

Hi,

 

Thank you for the warning, I will be careful.

 

Computer has been running smoothly and there are no more pop-up warnings from Kaspersky.  I have opened the Easyfile program again, and no warnings came up and it is still working.

 

So I think you fixed it :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users