Jump to content

Malicious Website warning siloovoox.net ?


Recommended Posts

I started getting a popup indicating a outbound website being blocked. It seems to have started after opening what appeared to be a legitimate invoice from UPS. (I was expecting one and confirmed via UPS website) IP address is listed as 46.16.1.105. If I make an exception to this site, another site (peisaho.net) pops up at the same address.

 

My search didn't turn up anything. Help with this would be appreciated.

 

 

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". <---- Very Important
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...



Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.



Let me see those logs in your next reply...

Thank you,

Kevin...
 

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/26/2016
Scan Time: 1:24 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.26.05
Rootkit Database: v2016.01.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Paul.Smith

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393551
Time Elapsed: 10 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Here are the next 3.  Thanks for your assistance!

 

 

# AdwCleaner v5.031 - Logfile created 26/01/2016 at 13:42:46
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [server]
# Operating system : Windows 7 Enterprise N Service Pack 1 (x64)
# Username : Paul.Smith - PAULS_OFFICE
# Running from : C:\Users\Paul.Smith.THI\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[x] Key Not Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[x] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[x] Key Not Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[x] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[x] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKCU\Software\Myfree Codec
[!] Key Not Deleted : HKU\S-1-5-21-2373160282-2323222335-2653628308-1164\Software\Myfree Codec

***** [ Web browsers ] *****

[-] [C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com
[-] [C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com
[-] [C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com
[-] [C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1786 bytes] ##########

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by Paul.Smith (administrator) on PAULS_OFFICE (26-01-2016 13:48:45)
Running from C:\Users\Paul.Smith.THI\Downloads
Loaded Profiles: Paul.Smith (Available Profiles: Paul.Smith & Paul.Smith)
Platform: Windows 7 Enterprise N Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [indexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-01-13] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\778\g2ax_winlogonx64.dll (Citrix Online, LLC)
HKU\S-1-5-21-2373160282-2323222335-2653628308-1164\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2373160282-2323222335-2653628308-1164\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2373160282-2323222335-2653628308-1164\...\Run: [3756984220] => C:\ProgramData\TisDelx\Verdux.exe [268288 2016-01-26] (Martin Prikryl)
HKU\S-1-5-21-2373160282-2323222335-2653628308-1164\...\MountPoints2: {a1e8b376-23f5-11e5-83a6-a41f7272474f} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2373160282-2323222335-2653628308-1164\...\MountPoints2: {a1e8b381-23f5-11e5-83a6-a41f7272474f} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-02-11] (Microsoft Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{51FC6D4D-16DE-4A54-BA3C-9A0DF6E30EC1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2373160282-2323222335-2653628308-1164\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2373160282-2323222335-2653628308-1164 -> DefaultScope {1A524A41-2481-43F1-87FD-5D1E98D2B1D1} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2373160282-2323222335-2653628308-1164 -> {1A524A41-2481-43F1-87FD-5D1E98D2B1D1} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Paul.Smith.THI\AppData\Roaming\Mozilla\Firefox\Profiles\f1ux3hdi.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @cuminas.jp/DjVuPlugin -> C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2015-05-08] (Cuminas Corporation)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @cuminas.jp/DjVuPlugin -> C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2015-05-08] (Cuminas Corporation)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2373160282-2323222335-2653628308-1164: @citrixonline.com/appdetectorplugin -> C:\Users\Paul.Smith.THI\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-20] (Citrix Online)
FF Plugin HKU\S-1-5-21-2373160282-2323222335-2653628308-1164: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Paul.Smith.THI\AppData\Roaming\Mozilla\Firefox\Profiles\f1ux3hdi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]

Chrome:
=======
CHR Profile: C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-27]
CHR Extension: (Docs) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-27]
CHR Extension: (Google Drive) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Google Sheets) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-27]
CHR Extension: (Google Slides) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.) [File not signed]
S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\778\g2ax_service.exe [610888 2015-03-12] (Citrix Online, LLC)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-26] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-26 13:48 - 2016-01-26 13:49 - 00014742 _____ C:\Users\Paul.Smith.THI\Downloads\FRST.txt
2016-01-26 13:48 - 2016-01-26 13:48 - 00000000 ____D C:\FRST
2016-01-26 13:47 - 2016-01-26 13:47 - 02370560 _____ (Farbar) C:\Users\Paul.Smith.THI\Downloads\FRST64.exe
2016-01-26 13:45 - 2016-01-26 13:45 - 00001869 _____ C:\Users\Paul.Smith.THI\Desktop\AdwCleaner[C1].txt
2016-01-26 13:40 - 2016-01-26 13:42 - 00000000 ____D C:\AdwCleaner
2016-01-26 13:39 - 2016-01-26 13:39 - 01507840 _____ C:\Users\Paul.Smith.THI\Downloads\AdwCleaner.exe
2016-01-26 10:15 - 2016-01-26 10:15 - 00000000 ____D C:\ProgramData\TisDelx
2016-01-25 17:41 - 2016-01-25 17:41 - 05417140 _____ C:\Users\Paul.Smith.THI\Downloads\Z87-PRO-ASUS-1504.zip
2016-01-25 13:49 - 2016-01-25 15:02 - 3320903680 _____ C:\Users\Paul.Smith.THI\Downloads\_Getintopc.com_Windows_7_64-bit_Professional_x64.iso
2016-01-25 11:35 - 2016-01-25 11:37 - 108417060 _____ (AssassinHTPC ) C:\Users\Paul.Smith.THI\Downloads\AssassinHTPC_RC2.exe
2016-01-16 11:01 - 2016-01-16 11:01 - 06230016 _____ C:\Users\Paul.Smith.THI\Downloads\hdpbes.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-26 13:48 - 2009-07-14 00:12 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-26 13:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-26 13:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-26 13:44 - 2015-04-27 11:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-26 13:44 - 2015-04-10 08:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-26 13:43 - 2015-02-15 16:42 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl
2016-01-26 13:43 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-26 13:20 - 2015-02-18 17:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-26 12:57 - 2015-04-27 11:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-26 10:45 - 2009-07-13 23:50 - 00019472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-26 10:45 - 2009-07-13 23:50 - 00019472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-20 13:20 - 2015-02-18 17:36 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 13:20 - 2015-02-18 17:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-20 13:20 - 2015-02-18 17:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-17 09:59 - 2015-12-25 09:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-17 09:59 - 2015-02-12 22:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-17 09:59 - 2009-07-13 23:50 - 00436576 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-16 14:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-15 11:28 - 2015-03-05 11:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-15 11:27 - 2015-03-08 12:30 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-15 11:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-01-14 21:58 - 2015-04-27 11:23 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-28 14:07 - 2015-02-15 16:42 - 00049072 __RSH C:\ProgramData\ntuser.pol
2015-12-28 09:18 - 2015-12-15 22:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak

Some files in TEMP:
====================
C:\Users\Paul.Smith\AppData\Local\Temp\ose00000.exe
C:\Users\Paul.Smith.THI\AppData\Local\Temp\LiveUpdater.exe
C:\Users\Paul.Smith.THI\AppData\Local\Temp\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
C:\Users\Paul.Smith.THI\AppData\Local\Temp\sqlite3.dll
C:\Users\Paul.Smith.THI\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Paul.Smith.THI\AppData\Local\Temp\_is2C30.exe
C:\Users\Paul.Smith.THI\AppData\Local\Temp\_isE91C.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-19 00:30

==================== End of FRST.txt ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by Paul.Smith (2016-01-26 13:49:22)
Running from C:\Users\Paul.Smith.THI\Downloads
Windows 7 Enterprise N Service Pack 1 (X64) (2015-02-12 03:27:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2566415653-4148220107-4077037326-500 - Administrator - Disabled)
Guest (S-1-5-21-2566415653-4148220107-4077037326-501 - Limited - Disabled)
Paul.Smith (S-1-5-21-2566415653-4148220107-4077037326-1000 - Administrator - Enabled) => C:\Users\Paul.Smith

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Advanced Port Scanner 2.4 (HKLM-x32\...\{E76DE59B-D1B5-48AC-9C42-E49B48BC2089}) (Version: 2.4.2679 - Famatech)
Brother MFL-Pro Suite MFC-8950DW (HKLM-x32\...\{37372D85-4945-4B6B-AC87-7BC5D1AB9F5C}) (Version: 1.0.6.0 - Brother Industries, Ltd.)
Bullzip PDF Printer 10.11.0.2338 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.11.0.2338 - Bullzip)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Commander NE Client (HKLM-x32\...\{9B820888-A6BF-43BE-B51C-8796F18B088A}) (Version: 11.5.5.12 - MIC Systems)
Commander NE HLSM Interface (HKLM-x32\...\InstallShield_{8E920B46-ABC1-42BE-965D-4DEBD2BBD2D2}) (Version: 11.5.5.9 - MIC Systems & Software)
Commander NE HLSM Interface (x32 Version: 11.5.5.9 - MIC Systems & Software) Hidden
Crystal Reports 2008 Runtime SP2 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.2.0.290 - Business Objects)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Document Express DjVu Plug-in (HKLM\...\{3677A6FF-9C6F-48B7-B0DC-E958C2FE4FFF}) (Version: 6.1.35472 - Cuminas Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToAssist Customer 2.2.0.778 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.2.0.778 - Citrix Online)
HLSM Microfiche  (HKLM-x32\...\{0F5E6ACB-514D-4811-AE1F-FE46388B57CE}) (Version: 1.6.0 - HLSM)
HLSM Microfiche (HKLM-x32\...\{A7337889-35B3-4CDC-88B6-4480E92DC646}) (Version: 1.0.0 - <no manufacturer>)
Intel® Chipset Device Software (x32 Version: 10.0.24 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyODBC (HKLM-x32\...\{29042B1C-0713-4575-B7CA-5C8E7B0899D4}) (Version: 3.51.11 - MySQL)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.312.1 - Tracker Software Products Ltd)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3D355D7F-004B-4D8B-9AAC-E1B4F8F7A6E7}) (Version: 2.15.0508 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{BB5A0BB0-657F-48DC-A475-5503F39CED05}) (Version: 2.14.1202 - Samsung Electronics Co., Ltd.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}) (Version: 6.1.7900.1 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005A747F-0A85-420E-91B2-FFA40CBD0394} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {10A35AF7-9325-4DC0-B3DE-79F91EB8AE8D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {14A7F82F-8444-4AF7-952A-D0C1C9851E3B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {2952720C-EFA9-46AA-B7FB-66A5FBB70394} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {3D0C10BC-A798-4016-A1A2-75C0B5BB2DA0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-27] (Google Inc.)
Task: {48635056-24DD-4AB4-A22D-6830B0898D9C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {788D8896-1870-4D2A-8E2A-CFBA96A83ABF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-27] (Google Inc.)
Task: {7DBAA15A-A69F-4B56-A08E-E87D5CBC0476} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {A0A782E6-E43F-4C39-B1A1-12BFE5312D92} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B1CBAF69-D2B9-42F8-8D60-FEFF10C7E097} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {BF462ACB-7A14-4E5A-B3DA-0B7C4EA803B8} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {F1970587-7130-4311-B764-C12D40B0018D} - System32\Tasks\{80D31DA3-D212-44E5-BE26-A6E1D94AAD20} => pcalua.exe -a "C:\Users\Paul.Smith.THI\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNI3WNZP\Setup.exe" -d C:\Users\Paul.Smith.THI\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-04-20 15:42 - 2005-04-21 23:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-20 15:42 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2373160282-2323222335-2653628308-1164\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Paul.Smith.THI^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Verizon Wireless Software Utility Application for Android – Samsung.lnk => C:\Windows\pss\Verizon Wireless Software Utility Application for Android – Samsung.lnk.Startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C3706CDB-DE2F-416A-AA4F-8B65CA1258DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{230DEAC3-7982-40B9-B71C-CD3262212780}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{941497B1-EF46-4AA6-9992-E7F7D8ADD732}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7044C37B-F7FE-49F4-8EEC-B432BD4A9511}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3C593780-FDEB-4CAF-AA54-79EB6E71593C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{47A53E7E-FAC8-49B5-A217-CD6C1444D5E9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AFB594E3-63DF-40EA-8EBA-3802F1E797F5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E1E45B39-164A-44AD-91F1-1F0795A224E0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AB489BA9-584C-4818-9A58-F418DC218B53}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{592FAED0-0AFA-4388-A282-B96B8FDC520D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{6815357B-1CCD-4EC8-9017-4683FF6EE76E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{A751B720-8803-4CAD-842B-1555D425DA27}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{35B57522-B5C6-4E98-93A5-2F74674505BA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{5F1C4959-2018-4A70-88DE-5CC836F4582A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E3274510-46AC-4186-97E7-2B19EEBACF94}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11e\FAXRX.exe
FirewallRules: [{F162B212-65AC-4B40-B559-C451499C8C25}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11e\FAXRX.exe
FirewallRules: [{BB348B5C-5A35-43A4-85F1-75C9E30BF579}] => (Allow) LPort=54925
FirewallRules: [{2B186BA0-FF6E-44C6-A149-850617C152A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0C230680-B7EF-4A36-971A-562805A51BC8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0194BD8-BEFF-4AC0-B9B0-2A6C5F2B943D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-01-2016 01:37:17 Windows Update
06-01-2016 17:23:26 Windows Update
10-01-2016 01:37:18 Windows Update
13-01-2016 17:27:14 Windows Update
16-01-2016 23:39:01 Windows Update
17-01-2016 10:07:32 Windows Update
20-01-2016 10:14:16 Windows Update
24-01-2016 00:58:39 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2016 09:55:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cb0

Start Time: 01d13dcf24096b61

Termination Time: 15

Application Path: C:\Windows\Explorer.EXE

Report Id: 4ac62cac-bd2a-11e5-b7e2-a41f7272474f

Error: (01/16/2016 11:05:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OUTLOOK.EXE version 15.0.4779.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8b8

Start Time: 01d15067e88462e7

Termination Time: 16

Application Path: C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE

Report Id: e73d8cf4-bc6a-11e5-b7e2-a41f7272474f

Error: (01/12/2016 12:32:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 43.0.4.5848, time stamp: 0x568c7b1d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x36e0fc64
Faulting process id: 0x10dc
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (12/04/2015 01:52:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56258e62
Exception code: 0xc0000374
Fault offset: 0x000ced0b
Faulting process id: 0xa9c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (11/10/2015 10:50:06 AM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Acquisition of genuine ticket failed (hr=0xC004C4A2) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error: (11/10/2015 10:50:06 AM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: Genuine state set to non-genuine (0x00000000) for application Id 55c92734-d682-4d71-983e-d6ec3f16059f

Error: (11/10/2015 10:45:31 AM) (Source: Software Protection Platform Service) (EventID: 1012) (User: )
Description: Acquisition of Product Certificate failed. hr=0xC004C003
Sku Id=9abf5984-9c16-46f2-ad1e-7fe15931a8dd

Error: (11/10/2015 10:45:31 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C003

Error: (11/10/2015 12:15:30 AM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Acquisition of genuine ticket failed (hr=0xC004C4A2) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error: (11/10/2015 12:15:30 AM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: Genuine state set to non-genuine (0x00000000) for application Id 55c92734-d682-4d71-983e-d6ec3f16059f


System errors:
=============
Error: (01/26/2016 01:42:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/26/2016 01:42:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (01/26/2016 01:42:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/26/2016 01:42:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDFProFiltSrvPP service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/26/2016 01:42:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/26/2016 01:42:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/26/2016 01:42:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/26/2016 01:42:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/26/2016 01:42:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® HD Graphics Control Panel Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/17/2016 09:59:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:57:14 AM on ‎1/‎17/‎2016 was unexpected.


CodeIntegrity:
===================================
  Date: 2015-11-30 20:37:34.764
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-27 22:35:38.381
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 30%
Total physical RAM: 8094.08 MB
Available physical RAM: 5660.43 MB
Total Virtual: 16186.37 MB
Available Virtual: 13943.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:845.53 GB) NTFS
Drive h: (Data Drive Three 2TB) (Fixed) (Total:1863.01 GB) (Free:26.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 174D4E31)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: BDA772EC)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

dr_web_cureit_zpse80d87bf.jpg
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning


    drwebselect.JPG

  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats


    drwebfolders.JPG

  • Press start scan
  • The scan will now commence


    drwebscan.JPG

  • Once the scan has finished click open report <<<--- Do not miss this step


    drwebscancomplete.JPG

  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop



This log will be excessive,  Please attach it to your next reply…
 

Next,

 

I want you to list the most recent Protection log from Malwarebytes, open Malwarebytes ten do the following

  • Click on the History tab > Application Logs.
  • Double click on the Protection log which shows the mosr recent Date and time
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

 

Thank you,

 

Kevin
 

Fixlist.txt

Link to post
Share on other sites

I will post the Dr.Web when complete.

 

ALSO Security Essentials just picked this up; Let me know if you want me to apply actions prior to running Dr.WEB

 

Backdoor:Win32/Vawtrak

Category: Backdoor
Description: This program provides remote access to the computer it is installed on.
Recommended action: Remove this software immediately.
Items: file:C:\ProgramData\TisDelx\Verdux.exe

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 1/26/2016 1:47 AM, SYSTEM, PAULS_OFFICE, Manual, Domain Database, 2016.1.25.7, 2016.1.26.1,
Update, 1/26/2016 1:47 AM, SYSTEM, PAULS_OFFICE, Manual, Malware Database, 2016.1.25.5, 2016.1.26.1,
Protection, 1/26/2016 1:47 AM, SYSTEM, PAULS_OFFICE, Protection, Refresh, Starting,
Protection, 1/26/2016 1:47 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Stopping,
Protection, 1/26/2016 1:47 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Stopped,
Protection, 1/26/2016 1:47 AM, SYSTEM, PAULS_OFFICE, Protection, Refresh, Success,
Protection, 1/26/2016 1:47 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Starting,
Protection, 1/26/2016 1:47 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Started,
Scan, 1/26/2016 1:54 AM, SYSTEM, PAULS_OFFICE, Scheduler, Start:1/26/2016 1:47 AM, Duration:7 min 17 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Scan, 1/26/2016 2:16 AM, SYSTEM, PAULS_OFFICE, Scheduler, Start:1/26/2016 2:11 AM, Duration:4 min 37 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Update, 1/26/2016 2:41 AM, SYSTEM, PAULS_OFFICE, Scheduler, Malware Database, 2016.1.26.1, 2016.1.26.2,
Protection, 1/26/2016 2:41 AM, SYSTEM, PAULS_OFFICE, Protection, Refresh, Starting,
Protection, 1/26/2016 2:41 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Stopping,
Protection, 1/26/2016 2:41 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Stopped,
Protection, 1/26/2016 2:42 AM, SYSTEM, PAULS_OFFICE, Protection, Refresh, Success,
Protection, 1/26/2016 2:42 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Starting,
Protection, 1/26/2016 2:42 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Started,
Update, 1/26/2016 8:45 AM, SYSTEM, PAULS_OFFICE, Scheduler, Domain Database, 2016.1.26.1, 2016.1.26.3,
Update, 1/26/2016 8:45 AM, SYSTEM, PAULS_OFFICE, Scheduler, Malware Database, 2016.1.26.2, 2016.1.26.3,
Protection, 1/26/2016 8:45 AM, SYSTEM, PAULS_OFFICE, Protection, Refresh, Starting,
Protection, 1/26/2016 8:45 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Stopping,
Protection, 1/26/2016 8:45 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Stopped,
Protection, 1/26/2016 8:46 AM, SYSTEM, PAULS_OFFICE, Protection, Refresh, Success,
Protection, 1/26/2016 8:46 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Starting,
Protection, 1/26/2016 8:46 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Started,
Detection, 1/26/2016 10:17 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 53216, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:17 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 53216, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:17 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 53215, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:18 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 53231, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Update, 1/26/2016 10:18 AM, SYSTEM, PAULS_OFFICE, Manual, Malware Database, 2016.1.26.3, 2016.1.26.4,
Protection, 1/26/2016 10:18 AM, SYSTEM, PAULS_OFFICE, Protection, Refresh, Starting,
Protection, 1/26/2016 10:18 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Stopping,
Protection, 1/26/2016 10:18 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Stopped,
Protection, 1/26/2016 10:19 AM, SYSTEM, PAULS_OFFICE, Protection, Refresh, Success,
Protection, 1/26/2016 10:19 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Starting,
Protection, 1/26/2016 10:19 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Started,
Detection, 1/26/2016 10:19 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 53262, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:19 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 53262, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:20 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 53276, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:21 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 53279, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:22 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 53313, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:23 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 53316, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:23 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 53316, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:24 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 53365, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:24 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 53365, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:25 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 53385, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:27 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 53458, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:27 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 53458, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:28 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 53474, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:29 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 53522, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:30 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 53536, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:31 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 53544, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:32 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 53568, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:33 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 53576, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:34 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 53586, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:35 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 53605, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Scan, 1/26/2016 10:35 AM, SYSTEM, PAULS_OFFICE, Manual, Start:1/26/2016 10:23 AM, Duration:11 min 15 sec, Threat Scan, Completed, 0 Malware Detections, 1 Non-Malware Detection,
Protection, 1/26/2016 10:37 AM, SYSTEM, PAULS_OFFICE, Protection, Malware Protection, Starting,
Protection, 1/26/2016 10:37 AM, SYSTEM, PAULS_OFFICE, Protection, Malware Protection, Started,
Protection, 1/26/2016 10:37 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Starting,
Protection, 1/26/2016 10:37 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Started,
Detection, 1/26/2016 10:39 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49259, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:39 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49259, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:40 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49268, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:41 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49297, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:42 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49320, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:43 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49323, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:44 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49327, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:45 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49333, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:46 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49447, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:47 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49496, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:48 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49517, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:49 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49520, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:50 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49530, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:51 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49540, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:52 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49560, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:53 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49567, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:54 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49570, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:55 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49573, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:56 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49576, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:57 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49587, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:58 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49592, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 10:59 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49596, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:00 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49616, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:01 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49619, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:02 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49622, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:03 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49658, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:04 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49674, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:05 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49689, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:06 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49694, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:07 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49719, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:08 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49723, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:09 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49730, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:10 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49735, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:11 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49740, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:12 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49745, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:13 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49749, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:14 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49758, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:15 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49796, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:16 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49807, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:17 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49811, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:18 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49814, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:19 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49817, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:20 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49823, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:21 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49828, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:22 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49835, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:23 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49839, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:24 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49842, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:25 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49845, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:26 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49848, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:27 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49851, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:28 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49854, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:29 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49857, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:30 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49866, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:31 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49869, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:32 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49872, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:33 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49875, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:34 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49882, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:35 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 49885, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 11:37 AM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, siloovoox.net, 50270, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 1/26/2016 1:18 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50464, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:18 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50464, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:19 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50501, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:20 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50516, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:21 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50526, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:22 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50531, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:23 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50534, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:24 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50537, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Update, 1/26/2016 1:24 PM, SYSTEM, PAULS_OFFICE, Manual, Domain Database, 2016.1.26.3, 2016.1.26.5,
Update, 1/26/2016 1:24 PM, SYSTEM, PAULS_OFFICE, Manual, Malware Database, 2016.1.26.4, 2016.1.26.5,
Protection, 1/26/2016 1:24 PM, SYSTEM, PAULS_OFFICE, Protection, Refresh, Starting,
Protection, 1/26/2016 1:24 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Stopping,
Protection, 1/26/2016 1:24 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Stopped,
Protection, 1/26/2016 1:24 PM, SYSTEM, PAULS_OFFICE, Protection, Refresh, Success,
Protection, 1/26/2016 1:24 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Starting,
Protection, 1/26/2016 1:24 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Started,
Detection, 1/26/2016 1:25 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50584, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:25 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50584, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:26 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50597, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:27 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50601, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:28 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50604, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:29 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50607, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:30 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50614, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:31 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50619, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:32 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50623, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:33 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50626, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:34 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50629, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Scan, 1/26/2016 1:35 PM, SYSTEM, PAULS_OFFICE, Manual, Start:1/26/2016 1:24 PM, Duration:10 min 51 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Detection, 1/26/2016 1:35 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50634, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:35 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50634, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:36 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50638, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:37 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50645, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:38 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50676, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:39 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50698, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:40 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50704, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:41 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 50707, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Protection, 1/26/2016 1:44 PM, SYSTEM, PAULS_OFFICE, Protection, Malware Protection, Starting,
Protection, 1/26/2016 1:44 PM, SYSTEM, PAULS_OFFICE, Protection, Malware Protection, Started,
Protection, 1/26/2016 1:44 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Starting,
Protection, 1/26/2016 1:44 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Started,
Detection, 1/26/2016 1:47 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49310, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:47 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49310, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:48 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49340, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:49 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49346, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:50 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49350, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:51 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49354, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:52 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49360, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:53 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49375, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:54 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49382, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:55 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49385, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:56 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49388, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:57 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49403, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:58 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49406, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 1:59 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49411, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:00 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49415, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:01 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49422, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:02 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49425, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:03 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49428, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:04 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49431, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:05 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49434, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:06 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49437, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:07 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49440, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:08 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49444, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:09 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49447, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:10 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49450, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:11 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49453, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:12 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49456, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:13 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49459, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:14 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49464, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:15 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49469, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:16 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49472, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:17 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49475, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:18 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49478, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:19 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49481, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:20 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49484, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:21 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49488, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:22 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49491, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:23 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49494, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:24 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49497, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:25 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49500, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:26 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49503, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:27 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49506, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:28 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49509, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:29 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49514, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:30 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49521, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:31 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49524, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:32 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49527, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:33 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49530, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:34 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49533, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Update, 1/26/2016 2:34 PM, SYSTEM, PAULS_OFFICE, Scheduler, Domain Database, 2016.1.26.5, 2016.1.26.7,
Update, 1/26/2016 2:34 PM, SYSTEM, PAULS_OFFICE, Scheduler, Malware Database, 2016.1.26.5, 2016.1.26.6,
Protection, 1/26/2016 2:34 PM, SYSTEM, PAULS_OFFICE, Protection, Refresh, Starting,
Protection, 1/26/2016 2:34 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Stopping,
Protection, 1/26/2016 2:34 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Stopped,
Protection, 1/26/2016 2:35 PM, SYSTEM, PAULS_OFFICE, Protection, Refresh, Success,
Protection, 1/26/2016 2:35 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Starting,
Protection, 1/26/2016 2:35 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Started,
Detection, 1/26/2016 2:35 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49568, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:35 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49568, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:36 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49572, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:37 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49575, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:38 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49600, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:39 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49603, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:40 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49606, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:41 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49631, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:42 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49634, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:43 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49639, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:44 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49666, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:45 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49669, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:46 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49673, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:47 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49676, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:48 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49679, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:49 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49718, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:50 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49796, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:51 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49812, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:51 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 49813, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:51 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 49813, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:52 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 49818, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:53 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 49823, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:54 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 49831, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:55 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 49851, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:56 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 49854, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:57 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, niheeree.net, 49896, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:57 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 49901, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:57 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 49901, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:58 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 49915, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 2:59 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 49920, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:00 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 49946, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:01 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 49950, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:02 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 49954, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:03 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 49957, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:04 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 49960, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:05 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 49987, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:06 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 49995, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:07 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50013, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:08 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50017, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:09 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50022, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:10 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50028, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:11 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50057, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:12 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50065, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:13 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50072, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:14 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50096, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:15 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50099, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:16 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50110, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:17 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50153, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:18 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50156, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:19 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50162, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:20 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50168, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:21 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50171, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:22 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50191, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:23 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50194, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:24 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50197, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:25 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50212, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:26 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50219, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:27 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50258, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:28 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50277, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:29 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50282, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:30 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50285, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:31 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50288, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:32 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, veipapeitee.net, 50304, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:33 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50335, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
Detection, 1/26/2016 3:33 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50338, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:34 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50357, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:35 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50360, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:36 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50363, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:37 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50366, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:38 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50369, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:39 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50372, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:40 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50378, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:41 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50389, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:42 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50392, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:43 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50395, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:44 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50400, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:45 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50403, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:46 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50407, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:47 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50410, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:48 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50413, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:49 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50432, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:57 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50557, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:58 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50560, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 3:59 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50565, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:00 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50570, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:01 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50573, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:02 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50576, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:03 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50579, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:04 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50582, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:05 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50585, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:06 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50588, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:07 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50591, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:08 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50594, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:09 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50597, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:10 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50600, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:11 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50603, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:12 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50606, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:13 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50609, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:14 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50614, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:15 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50618, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:16 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50623, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:17 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50626, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:18 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50629, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:20 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50632, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:21 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50635, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:22 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50638, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:23 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50641, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:24 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50644, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:25 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50647, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:26 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50652, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:27 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50681, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:28 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 50693, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Protection, 1/26/2016 4:31 PM, SYSTEM, PAULS_OFFICE, Protection, Malware Protection, Starting,
Protection, 1/26/2016 4:31 PM, SYSTEM, PAULS_OFFICE, Protection, Malware Protection, Started,
Protection, 1/26/2016 4:31 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Starting,
Protection, 1/26/2016 4:31 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Started,
Detection, 1/26/2016 4:32 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49277, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:32 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49277, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:34 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49321, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 1/26/2016 4:35 PM, SYSTEM, PAULS_OFFICE, Protection, Malicious Website Protection, Domain, 46.161.1.105, peisaho.net, 49324, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

(end)

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by Paul.Smith (2016-01-26 16:28:59) Run:1
Running from C:\Users\Paul.Smith.THI\Downloads
Loaded Profiles: Paul.Smith (Available Profiles: Paul.Smith & Paul.Smith)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2373160282-2323222335-2653628308-1164\...\MountPoints2: {a1e8b376-23f5-11e5-83a6-a41f7272474f} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2373160282-2323222335-2653628308-1164\...\MountPoints2: {a1e8b381-23f5-11e5-83a6-a41f7272474f} - H:\VZW_Software_upgrade_assistant.exe
GroupPolicyScripts: Restriction <======= ATTENTION
HKU\S-1-5-21-2373160282-2323222335-2653628308-1164\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Paul.Smith\AppData\Local\Temp\ose00000.exe
C:\Users\Paul.Smith.THI\AppData\Local\Temp\LiveUpdater.exe
C:\Users\Paul.Smith.THI\AppData\Local\Temp\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
C:\Users\Paul.Smith.THI\AppData\Local\Temp\sqlite3.dll
C:\Users\Paul.Smith.THI\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Paul.Smith.THI\AppData\Local\Temp\_is2C30.exe
C:\Users\Paul.Smith.THI\AppData\Local\Temp\_isE91C.exe
EmptyTemp:
end



*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2373160282-2323222335-2653628308-1164\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1e8b376-23f5-11e5-83a6-a41f7272474f}" => key removed successfully
HKCR\CLSID\{a1e8b376-23f5-11e5-83a6-a41f7272474f} => key not found.
"HKU\S-1-5-21-2373160282-2323222335-2653628308-1164\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1e8b381-23f5-11e5-83a6-a41f7272474f}" => key removed successfully
HKCR\CLSID\{a1e8b381-23f5-11e5-83a6-a41f7272474f} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKU\S-1-5-21-2373160282-2323222335-2653628308-1164\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
C:\Users\Paul.Smith\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Users\Paul.Smith.THI\AppData\Local\Temp\LiveUpdater.exe => moved successfully
C:\Users\Paul.Smith.THI\AppData\Local\Temp\SAMSUNG_USB_Driver_for_Mobile_Phones.exe => moved successfully
C:\Users\Paul.Smith.THI\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Paul.Smith.THI\AppData\Local\Temp\xmlUpdater.exe => moved successfully
C:\Users\Paul.Smith.THI\AppData\Local\Temp\_is2C30.exe => moved successfully
C:\Users\Paul.Smith.THI\AppData\Local\Temp\_isE91C.exe => moved successfully
EmptyTemp: => 9.9 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 16:29:59 ====

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by Paul.Smith (administrator) on PAULS_OFFICE (26-01-2016 17:26:36)
Running from C:\Users\Paul.Smith.THI\Downloads
Loaded Profiles: Paul.Smith (Available Profiles: Paul.Smith & Paul.Smith)
Platform: Windows 7 Enterprise N Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [indexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-01-13] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\778\g2ax_winlogonx64.dll (Citrix Online, LLC)
HKU\S-1-5-21-2373160282-2323222335-2653628308-1164\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2373160282-2323222335-2653628308-1164\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-02-11] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{51FC6D4D-16DE-4A54-BA3C-9A0DF6E30EC1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2373160282-2323222335-2653628308-1164 -> DefaultScope {1A524A41-2481-43F1-87FD-5D1E98D2B1D1} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2373160282-2323222335-2653628308-1164 -> {1A524A41-2481-43F1-87FD-5D1E98D2B1D1} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Paul.Smith.THI\AppData\Roaming\Mozilla\Firefox\Profiles\f1ux3hdi.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @cuminas.jp/DjVuPlugin -> C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2015-05-08] (Cuminas Corporation)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @cuminas.jp/DjVuPlugin -> C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2015-05-08] (Cuminas Corporation)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2373160282-2323222335-2653628308-1164: @citrixonline.com/appdetectorplugin -> C:\Users\Paul.Smith.THI\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-20] (Citrix Online)
FF Plugin HKU\S-1-5-21-2373160282-2323222335-2653628308-1164: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Paul.Smith.THI\AppData\Roaming\Mozilla\Firefox\Profiles\f1ux3hdi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]

Chrome:
=======
CHR Profile: C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-27]
CHR Extension: (Docs) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-27]
CHR Extension: (Google Drive) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Google Sheets) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-27]
CHR Extension: (Google Slides) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\Paul.Smith.THI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.) [File not signed]
S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\778\g2ax_service.exe [610888 2015-03-12] (Citrix Online, LLC)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-26] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-26 17:17 - 2016-01-26 17:17 - 02039971 _____ C:\Users\Paul.Smith.THI\Desktop\DrWEB.txt
2016-01-26 17:07 - 2016-01-26 17:07 - 00000000 ____D C:\Users\Paul.Smith.THI\Doctor Web
2016-01-26 16:33 - 2016-01-26 16:39 - 182119752 _____ C:\Users\Paul.Smith.THI\Downloads\2nsi8eox.exe
2016-01-26 16:28 - 2016-01-26 16:29 - 00003135 _____ C:\Users\Paul.Smith.THI\Downloads\Fixlog.txt
2016-01-26 13:49 - 2016-01-26 13:49 - 00024723 _____ C:\Users\Paul.Smith.THI\Downloads\Addition.txt
2016-01-26 13:48 - 2016-01-26 17:26 - 00013914 _____ C:\Users\Paul.Smith.THI\Downloads\FRST.txt
2016-01-26 13:48 - 2016-01-26 17:26 - 00000000 ____D C:\FRST
2016-01-26 13:47 - 2016-01-26 13:47 - 02370560 _____ (Farbar) C:\Users\Paul.Smith.THI\Downloads\FRST64.exe
2016-01-26 13:45 - 2016-01-26 13:45 - 00001869 _____ C:\Users\Paul.Smith.THI\Desktop\AdwCleaner[C1].txt
2016-01-26 13:40 - 2016-01-26 13:42 - 00000000 ____D C:\AdwCleaner
2016-01-26 13:39 - 2016-01-26 13:39 - 01507840 _____ C:\Users\Paul.Smith.THI\Downloads\AdwCleaner.exe
2016-01-26 10:15 - 2016-01-26 17:05 - 00000000 ____D C:\ProgramData\TisDelx
2016-01-25 17:41 - 2016-01-25 17:41 - 05417140 _____ C:\Users\Paul.Smith.THI\Downloads\Z87-PRO-ASUS-1504.zip
2016-01-25 13:49 - 2016-01-25 15:02 - 3320903680 _____ C:\Users\Paul.Smith.THI\Downloads\_Getintopc.com_Windows_7_64-bit_Professional_x64.iso
2016-01-25 11:35 - 2016-01-25 11:37 - 108417060 _____ (AssassinHTPC ) C:\Users\Paul.Smith.THI\Downloads\AssassinHTPC_RC2.exe
2016-01-16 11:01 - 2016-01-16 11:01 - 06230016 _____ C:\Users\Paul.Smith.THI\Downloads\hdpbes.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-26 17:20 - 2015-02-18 17:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-26 17:13 - 2009-07-14 00:12 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-26 17:13 - 2009-07-13 23:50 - 00019472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-26 17:13 - 2009-07-13 23:50 - 00019472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-26 17:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-26 17:08 - 2015-02-15 19:30 - 00000000 ____D C:\Users\Paul.Smith.THI
2016-01-26 17:06 - 2015-04-27 11:22 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-26 17:06 - 2015-04-10 08:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-26 17:06 - 2015-02-15 16:42 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl
2016-01-26 17:06 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-26 16:57 - 2015-04-27 11:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-26 16:31 - 2015-02-15 16:42 - 00048584 __RSH C:\ProgramData\ntuser.pol
2016-01-26 16:29 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-26 13:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-20 13:20 - 2015-02-18 17:36 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 13:20 - 2015-02-18 17:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-20 13:20 - 2015-02-18 17:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-17 09:59 - 2015-12-25 09:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-17 09:59 - 2015-02-12 22:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-17 09:59 - 2009-07-13 23:50 - 00436576 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-16 14:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-15 11:28 - 2015-03-05 11:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-15 11:27 - 2015-03-08 12:30 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-15 11:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-01-14 21:58 - 2015-04-27 11:23 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-28 09:18 - 2015-12-15 22:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-19 00:30

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by Paul.Smith (2016-01-26 17:26:54)
Running from C:\Users\Paul.Smith.THI\Downloads
Windows 7 Enterprise N Service Pack 1 (X64) (2015-02-12 03:27:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2566415653-4148220107-4077037326-500 - Administrator - Disabled)
Guest (S-1-5-21-2566415653-4148220107-4077037326-501 - Limited - Disabled)
Paul.Smith (S-1-5-21-2566415653-4148220107-4077037326-1000 - Administrator - Enabled) => C:\Users\Paul.Smith

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Advanced Port Scanner 2.4 (HKLM-x32\...\{E76DE59B-D1B5-48AC-9C42-E49B48BC2089}) (Version: 2.4.2679 - Famatech)
Brother MFL-Pro Suite MFC-8950DW (HKLM-x32\...\{37372D85-4945-4B6B-AC87-7BC5D1AB9F5C}) (Version: 1.0.6.0 - Brother Industries, Ltd.)
Bullzip PDF Printer 10.11.0.2338 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.11.0.2338 - Bullzip)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Commander NE Client (HKLM-x32\...\{9B820888-A6BF-43BE-B51C-8796F18B088A}) (Version: 11.5.5.12 - MIC Systems)
Commander NE HLSM Interface (HKLM-x32\...\InstallShield_{8E920B46-ABC1-42BE-965D-4DEBD2BBD2D2}) (Version: 11.5.5.9 - MIC Systems & Software)
Commander NE HLSM Interface (x32 Version: 11.5.5.9 - MIC Systems & Software) Hidden
Crystal Reports 2008 Runtime SP2 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.2.0.290 - Business Objects)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Document Express DjVu Plug-in (HKLM\...\{3677A6FF-9C6F-48B7-B0DC-E958C2FE4FFF}) (Version: 6.1.35472 - Cuminas Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToAssist Customer 2.2.0.778 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.2.0.778 - Citrix Online)
HLSM Microfiche  (HKLM-x32\...\{0F5E6ACB-514D-4811-AE1F-FE46388B57CE}) (Version: 1.6.0 - HLSM)
HLSM Microfiche (HKLM-x32\...\{A7337889-35B3-4CDC-88B6-4480E92DC646}) (Version: 1.0.0 - <no manufacturer>)
Intel® Chipset Device Software (x32 Version: 10.0.24 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyODBC (HKLM-x32\...\{29042B1C-0713-4575-B7CA-5C8E7B0899D4}) (Version: 3.51.11 - MySQL)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.312.1 - Tracker Software Products Ltd)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3D355D7F-004B-4D8B-9AAC-E1B4F8F7A6E7}) (Version: 2.15.0508 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{BB5A0BB0-657F-48DC-A475-5503F39CED05}) (Version: 2.14.1202 - Samsung Electronics Co., Ltd.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}) (Version: 6.1.7900.1 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005A747F-0A85-420E-91B2-FFA40CBD0394} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {10A35AF7-9325-4DC0-B3DE-79F91EB8AE8D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {14A7F82F-8444-4AF7-952A-D0C1C9851E3B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {2952720C-EFA9-46AA-B7FB-66A5FBB70394} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {3D0C10BC-A798-4016-A1A2-75C0B5BB2DA0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-27] (Google Inc.)
Task: {48635056-24DD-4AB4-A22D-6830B0898D9C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {788D8896-1870-4D2A-8E2A-CFBA96A83ABF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-27] (Google Inc.)
Task: {7DBAA15A-A69F-4B56-A08E-E87D5CBC0476} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {A0A782E6-E43F-4C39-B1A1-12BFE5312D92} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B1CBAF69-D2B9-42F8-8D60-FEFF10C7E097} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {BF462ACB-7A14-4E5A-B3DA-0B7C4EA803B8} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {F1970587-7130-4311-B764-C12D40B0018D} - System32\Tasks\{80D31DA3-D212-44E5-BE26-A6E1D94AAD20} => pcalua.exe -a "C:\Users\Paul.Smith.THI\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNI3WNZP\Setup.exe" -d C:\Users\Paul.Smith.THI\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-04-20 15:42 - 2005-04-21 23:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-15 15:13 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-20 15:42 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2373160282-2323222335-2653628308-1164\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Paul.Smith.THI^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Verizon Wireless Software Utility Application for Android – Samsung.lnk => C:\Windows\pss\Verizon Wireless Software Utility Application for Android – Samsung.lnk.Startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C3706CDB-DE2F-416A-AA4F-8B65CA1258DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{230DEAC3-7982-40B9-B71C-CD3262212780}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{941497B1-EF46-4AA6-9992-E7F7D8ADD732}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7044C37B-F7FE-49F4-8EEC-B432BD4A9511}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3C593780-FDEB-4CAF-AA54-79EB6E71593C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{47A53E7E-FAC8-49B5-A217-CD6C1444D5E9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AFB594E3-63DF-40EA-8EBA-3802F1E797F5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E1E45B39-164A-44AD-91F1-1F0795A224E0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AB489BA9-584C-4818-9A58-F418DC218B53}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{592FAED0-0AFA-4388-A282-B96B8FDC520D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{6815357B-1CCD-4EC8-9017-4683FF6EE76E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{A751B720-8803-4CAD-842B-1555D425DA27}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{35B57522-B5C6-4E98-93A5-2F74674505BA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{5F1C4959-2018-4A70-88DE-5CC836F4582A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E3274510-46AC-4186-97E7-2B19EEBACF94}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11e\FAXRX.exe
FirewallRules: [{F162B212-65AC-4B40-B559-C451499C8C25}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11e\FAXRX.exe
FirewallRules: [{BB348B5C-5A35-43A4-85F1-75C9E30BF579}] => (Allow) LPort=54925
FirewallRules: [{2B186BA0-FF6E-44C6-A149-850617C152A3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0C230680-B7EF-4A36-971A-562805A51BC8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0194BD8-BEFF-4AC0-B9B0-2A6C5F2B943D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-01-2016 01:37:17 Windows Update
06-01-2016 17:23:26 Windows Update
10-01-2016 01:37:18 Windows Update
13-01-2016 17:27:14 Windows Update
16-01-2016 23:39:01 Windows Update
17-01-2016 10:07:32 Windows Update
20-01-2016 10:14:16 Windows Update
24-01-2016 00:58:39 Windows Update
26-01-2016 16:29:01 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2016 04:29:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {38a4ff3a-518d-4496-8bf3-a7c6dd987233}

Error: (01/17/2016 09:55:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cb0

Start Time: 01d13dcf24096b61

Termination Time: 15

Application Path: C:\Windows\Explorer.EXE

Report Id: 4ac62cac-bd2a-11e5-b7e2-a41f7272474f

Error: (01/16/2016 11:05:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OUTLOOK.EXE version 15.0.4779.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 8b8

Start Time: 01d15067e88462e7

Termination Time: 16

Application Path: C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE

Report Id: e73d8cf4-bc6a-11e5-b7e2-a41f7272474f

Error: (01/12/2016 12:32:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 43.0.4.5848, time stamp: 0x568c7b1d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x36e0fc64
Faulting process id: 0x10dc
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (12/04/2015 01:52:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56258e62
Exception code: 0xc0000374
Fault offset: 0x000ced0b
Faulting process id: 0xa9c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (11/10/2015 10:50:06 AM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Acquisition of genuine ticket failed (hr=0xC004C4A2) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error: (11/10/2015 10:50:06 AM) (Source: Software Protection Platform Service) (EventID: 8209) (User: )
Description: Genuine state set to non-genuine (0x00000000) for application Id 55c92734-d682-4d71-983e-d6ec3f16059f

Error: (11/10/2015 10:45:31 AM) (Source: Software Protection Platform Service) (EventID: 1012) (User: )
Description: Acquisition of Product Certificate failed. hr=0xC004C003
Sku Id=9abf5984-9c16-46f2-ad1e-7fe15931a8dd

Error: (11/10/2015 10:45:31 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C003

Error: (11/10/2015 12:15:30 AM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Acquisition of genuine ticket failed (hr=0xC004C4A2) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f


System errors:
=============
Error: (01/26/2016 04:29:43 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (01/26/2016 04:29:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/26/2016 04:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (01/26/2016 04:29:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/26/2016 04:29:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDFProFiltSrvPP service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/26/2016 04:29:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/26/2016 04:29:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/26/2016 04:29:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/26/2016 04:29:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/26/2016 04:29:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® HD Graphics Control Panel Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2015-11-30 20:37:34.764
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-27 22:35:38.381
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 28%
Total physical RAM: 8094.08 MB
Available physical RAM: 5826.05 MB
Total Virtual: 16186.37 MB
Available Virtual: 13740.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:854.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 174D4E31)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Yes you should be good to go, clean up as follows:

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…
 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif
 

Link to post
Share on other sites

  • 2 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.