Start:: CreateRestorePoint: CloseProcesses: HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKU\S-1-5-21-1842900721-2209424687-1813072984-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHumfA2eDXzyC7zIQTHVjodQ9cIF_tXUELIxpCnYB_RBmux6DdI9yDsmOkvjyqDPNtSDBUqhiwafet4nFSpLWrTyV8TJgGOlbSN24UPuz0NY5J71-vjU0cNb6HW8U-yZIbIzvyRTHHA7tahvotd12cbWQ8XSygCZyTfJYUQP&q={searchTerms} HKU\S-1-5-21-1842900721-2209424687-1813072984-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHumfA2eDXzyC7zIQTHVjodQ9cIF_tXUELIxpCnYB_RBmux6DdI9yDsmOkvjyqDPNtSDBUqhiwafet4rGfY6r1a_Cq1LewHpKF9HzE7w4y6wOGloPUCqFCmGw7yrCAFIiEvxkgQGKDVrUH0xl1fQ2SIJKIbDfxWOv_zYuPo2 SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKU\S-1-5-21-1842900721-2209424687-1813072984-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHumfA2eDXzyC7zIQTHVjodQ9cIF_tXUELIxpCnYB_RBmux6DdI9yDsmOkvjyqDPNtSDBUqhiwafet4nFSpLWrTyV8TJgGOlbSN24UPuz0NY5J71-vjU0cNb6HW8U-yZIbIzvyRTHHA7tahvotd12cbWQ8XSygCZyTfJYUQP&q={searchTerms} SearchScopes: HKU\S-1-5-21-1842900721-2209424687-1813072984-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHumfA2eDXzyC7zIQTHVjodQ9cIF_tXUELIxpCnYB_RBmux6DdI9yDsmOkvjyqDPNtSDBUqhiwafet4nFSpLWrTyV8TJgGOlbSN24UPuz0NY5J71-vjU0cNb6HW8U-yZIbIzvyRTHHA7tahvotd12cbWQ8XSygCZyTfJYUQP&q={searchTerms} BHO: YoutubeAdBlock -> {984AFA40-4BEC-457F-AEDE-FE3404A646FA} -> No File FF Homepage: Mozilla\Firefox\Profiles\rmhjc8qi.default -> file:///C:/ProgramData/Quoteexs/ff.HP FF NewTab: Mozilla\Firefox\Profiles\rmhjc8qi.default -> file:///C:/ProgramData/Quoteexs/ff.NT CHR Extension: (Adblocker for Youtube™) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjokomechjchekkcnccjpmgakmjgoaom [2018-12-24] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== ATTENTION CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx U3 iswSvc; no ImagePath 2018-12-24 11:27 - 2018-12-25 18:41 - 000000000 ____D C:\ProgramData\{F5715929-EA18-3B79-60F7-FAB76010A3E6} 2018-12-24 11:27 - 2018-12-25 18:41 - 000000000 ____D C:\ProgramData\{62DC85E0-36D1-ACD4-A92B-5720A9CC0E71} 2018-12-24 11:27 - 2018-12-24 16:39 - 000000000 ____D C:\Program Files (x86)\VKkhWVSisIE 2018-12-24 11:27 - 2018-12-24 15:19 - 000000000 ____D C:\Users\David\AppData\Roaming\3nvzevtk1hn 2018-12-24 11:27 - 2018-12-24 12:55 - 000000000 ____D C:\Users\David\AppData\Roaming\ObFUv 2018-12-24 11:27 - 2018-12-24 12:21 - 000000000 ____D C:\Users\David\AppData\Local\Maurice 2018-12-24 11:27 - 2018-12-24 12:21 - 000000000 ____D C:\Program Files\7EDJF3RO2C 2018-12-24 11:27 - 2018-12-24 12:09 - 000000000 ____D C:\ProgramData\BuHcEEPgNwocAWVB 2018-12-24 11:27 - 2018-12-24 12:05 - 000000000 ____D C:\Program Files (x86)\utzZkkanmIUn 2018-12-24 11:27 - 2018-12-24 12:05 - 000000000 ____D C:\Program Files (x86)\qUgzYKxVLnesC 2018-12-24 11:27 - 2018-12-24 12:04 - 000000000 ____D C:\Program Files (x86)\ooxzIAzTqruiVIszQdR 2018-12-24 11:27 - 2018-12-24 12:03 - 000000000 ____D C:\Program Files (x86)\hUmbquBpttZU2 2018-12-24 11:27 - 2018-12-24 12:03 - 000000000 ____D C:\Program Files (x86)\fHDlqDVwU 2018-12-24 11:27 - 2018-12-24 11:41 - 000000000 ____D C:\Users\David\AppData\Roaming\CRMSvc 2018-12-24 11:27 - 2018-12-24 11:27 - 000003310 _____ C:\WINDOWS\System32\Tasks\ugbHS 2018-12-24 11:27 - 2018-12-24 11:27 - 000003212 _____ C:\WINDOWS\System32\Tasks\mMzvDpxKxjJVUr 2018-12-24 11:27 - 2018-12-24 11:27 - 000003044 _____ C:\WINDOWS\System32\Tasks\UXshqEpiPQcXH2 2018-12-24 11:27 - 2018-12-24 11:27 - 000003034 _____ C:\WINDOWS\System32\Tasks\DvwLFWwXutwLxJgmB2 2018-12-24 11:27 - 2018-12-24 11:27 - 000003026 _____ C:\WINDOWS\System32\Tasks\iYMvCriySoqaGgPjbmR2 2018-12-24 11:27 - 2018-12-24 11:27 - 000003008 _____ C:\WINDOWS\System32\Tasks\SOVqgpLsuXhFCxp2 2018-12-24 11:27 - 2018-12-24 11:27 - 000000000 ____D C:\Program Files (x86)\bubans 2018-12-24 11:26 - 2018-12-24 12:21 - 000000000 ____D C:\Program Files (x86)\AZMD 2018-12-24 11:26 - 2018-12-24 11:33 - 000000000 ____D C:\Program Files (x86)\TweakMASTR 2018-12-24 11:23 - 2018-12-24 16:40 - 000000000 ____D C:\ProgramData\Quoteex 2018-12-24 11:23 - 2018-12-24 11:23 - 002035931 _____ C:\Users\David\AppData\Local\Unosing.tst 2018-12-24 11:23 - 2018-12-24 11:23 - 000070896 _____ C:\Users\David\AppData\Local\Config.xml 2018-12-24 11:23 - 2018-12-24 11:23 - 000015602 _____ C:\WINDOWS\SysWOW64\findit.xml 2018-12-24 11:23 - 2018-12-24 11:23 - 000005568 _____ C:\Users\David\AppData\Local\md.xml 2018-12-24 11:23 - 2018-12-24 11:23 - 000003712 _____ C:\WINDOWS\System32\Tasks\snp 2018-12-24 11:23 - 2018-12-24 11:23 - 000003300 _____ C:\WINDOWS\System32\Tasks\snf 2018-12-24 11:23 - 2018-12-24 11:23 - 000000000 ____D C:\ProgramData\Quoteexs 2018-12-24 11:22 - 2018-12-24 12:21 - 000000414 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job 2018-12-24 11:22 - 2018-12-24 11:23 - 000016416 _____ C:\Users\David\AppData\Local\InstallationConfiguration.xml 2018-12-24 11:22 - 2018-12-24 11:22 - 000722944 _____ C:\Users\David\AppData\Local\sham.db 2018-12-24 11:22 - 2018-12-24 11:22 - 000003308 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application 2018-12-24 11:22 - 2018-12-24 11:22 - 000000000 ____D C:\Users\David\AppData\Roaming\Microleaves 2018-12-24 11:22 - 2018-12-24 11:22 - 000000000 ____D C:\Users\David\AppData\Local\ESET 2018-12-24 11:22 - 2018-12-24 11:22 - 000000000 ____D C:\Users\David\AppData\Local\AdvinstAnalytics 2018-12-24 11:22 - 2018-12-24 11:22 - 000000000 ____D C:\ProgramData\Blogger 2018-12-24 11:22 - 2018-12-24 11:22 - 000000000 ____D C:\Program Files (x86)\Microleaves 2018-12-24 11:18 - 2018-12-24 11:22 - 000000000 ____D C:\ProgramData\Msa 2018-12-23 13:59 - 2018-12-24 16:39 - 000000000 ____D C:\Users\David\Downloads\ESET NOD32 Antivirus, Smart Security, Internet Security 10.0.386.0 + License Keys [SadeemPC] 2018-12-23 13:37 - 2018-12-23 13:37 - 000000000 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts 2018-12-23 13:34 - 2018-12-24 11:01 - 000000000 ____D C:\Program Files (x86)\CheckPoint 2018-12-23 13:33 - 2018-12-24 10:59 - 000000000 ____D C:\ProgramData\CheckPoint 2018-12-22 18:56 - 2018-12-23 13:24 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2018-12-22 18:54 - 2018-12-22 18:55 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2018-12-21 18:08 - 2018-12-21 18:08 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-12-21 18:08 - 2018-12-21 18:08 - 000004088 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-12-21 18:08 - 2018-12-21 18:08 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-12-21 18:08 - 2018-12-21 18:08 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-12-21 18:08 - 2018-12-21 18:08 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-12-21 18:08 - 2018-12-21 18:08 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} CustomCLSID: HKU\S-1-5-21-1842900721-2209424687-1813072984-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-7FCB8A6F166E}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File Task: {264A8A23-554E-4AAF-A41A-49AE1A388FA4} - System32\Tasks\mMzvDpxKxjJVUr => rundll32 "C:\Program Files (x86)\hUmbquBpttZU2\CpagFSVROGPeT.dll",#1 Task: {63B0162A-473D-4C1B-B077-2218DFD3EC3C} - System32\Tasks\UXshqEpiPQcXH2 => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\BuHcEEPgNwocAWVB\CsvqYPw.wsf" Task: {96B7E7AA-A566-4FDE-BCDD-96F10D22FC56} - System32\Tasks\DvwLFWwXutwLxJgmB2 => rundll32 "C:\Program Files (x86)\ooxzIAzTqruiVIszQdR\LdBunKR.dll",#1 Task: {99ED4113-D437-4D67-9CEE-59DD097D6901} - System32\Tasks\snp => C:\ProgramData\Quoteex\Quoteex.exe <==== ATTENTION Task: {A1938C70-A9F8-4624-847A-0553F21D80EA} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== ATTENTION Task: {A61FB639-3373-4478-84CC-0E017299A1DE} - System32\Tasks\SOVqgpLsuXhFCxp2 => rundll32 "C:\Program Files (x86)\fHDlqDVwU\pgSRGe.dll",#1 Task: {D0296985-5EC2-4A6C-AE7C-61FF5DAF4624} - System32\Tasks\iYMvCriySoqaGgPjbmR2 => rundll32 "C:\Program Files (x86)\qUgzYKxVLnesC\JjWYUDw.dll",#1 Task: {E041D5B2-4FCF-4505-8AE9-0A1CECFFC8DD} - System32\Tasks\ugbHS => C:\Users\David\AppData\Roaming\ObFUv\ugbHS.vbs [2018-12-24] () Task: {F758A787-FEF7-44C2-B497-0F4313631815} - System32\Tasks\snf => C:\ProgramData\Quoteex\Quoteex.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION ShortcutWithArgument: C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF% ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF% FirewallRules: [{1E926E51-C41F-49F5-9879-8C7C95D11026}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe No File FirewallRules: [{0E0E1D17-4B6E-492B-A56A-B177681A3C87}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe No File FirewallRules: [{2C15E19E-4BC2-4D36-836B-B977472B539C}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe No File FirewallRules: [{374B12F6-C17B-4302-8A4F-AD59F3BF2FDC}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe No File FirewallRules: [{1974CC7B-0B87-41B1-A870-979FE9F70AE5}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe No File FirewallRules: [{98CB0A46-BE1A-4777-A9B0-13780F6FD213}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File FirewallRules: [{7C625CC1-D1DA-4777-9B9F-D16ED0A36869}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe No File FirewallRules: [{92E5F252-11FB-4BE2-8EDE-B33C3C4CCECC}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe No File FirewallRules: [{C8E3519D-47D5-475E-9A17-59BBEFD6F16D}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe No File FirewallRules: [{8FB88A15-C10E-460C-ACE6-C02BC4A5EE5F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe No File FirewallRules: [{D7E89D65-F769-4A04-864B-4F26B5A4D2A0}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe No File EmptyTemp: End::