CloseProcesses: HKLM\...\Run: [Colonnades] => C:\Program Files (x86)\Avalanche\Brodsky.exe [21504 2018-06-05] () HKLM\...\Run: [Seshadri] => C:\Program Files (x86)\dusty\Rivalry.exe [21504 2018-06-05] () HKLM\...\Run: [Wall] => C:\Program Files (x86)\Hesitates\Brodsky.exe [21504 2018-06-05] () HKLM-x32\...\Run: [Eakins] => C:\Program Files (x86)\Avalanche\Brodsky.exe [21504 2018-06-05] () HKLM-x32\...\Run: [Squamish] => C:\Program Files (x86)\dusty\Rivalry.exe [21504 2018-06-05] () HKLM-x32\...\Run: [Divinity] => C:\Program Files (x86)\Hesitates\Brodsky.exe [21504 2018-06-05] () HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [nostgo] => rundll32.exe "C:\Users\Mercedes\AppData\Local\pfialx.dll",nostgo <==== ATTENTION HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [Browning] => C:\Program Files (x86)\Avalanche\Brodsky.exe [21504 2018-06-05] () HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [Pareto] => C:\Program Files (x86)\dusty\Rivalry.exe [21504 2018-06-05] () HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [Praiseworthy] => C:\Program Files (x86)\Hesitates\Brodsky.exe [21504 2018-06-05] () HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [Druce] => C:\Program Files (x86)\Avalanche\Brodsky.exe [21504 2018-06-05] () HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [Normative] => C:\Program Files (x86)\dusty\Rivalry.exe [21504 2018-06-05] () HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [Affectation] => C:\Program Files (x86)\Hesitates\Brodsky.exe [21504 2018-06-05] () HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [murdering] => C:\Program Files (x86)\gaea\murdering.exe [37657 2018-06-05] () HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [bullhorns] => C:\Program Files (x86)\Avalanche\Brodsky.exe [21504 2018-06-05] () HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\...\Run: [Interstatnogui] => C:\Users\Mercedes\AppData\Roaming\Interstatnogui\interstatnogui.exe [1115760 2018-06-06] (IOT Mega) <==== ATTENTION AppInit_DLLs: C:\ProgramData\Quoteex\Qvofix.dll => C:\ProgramData\Quoteex\Qvofix.dll [342528 2018-06-06] () AppInit_DLLs-x32: C:\ProgramData\Quoteex\Joyotcore.dll => C:\ProgramData\Quoteex\Joyotcore.dll [460800 2018-06-06] () Startup: C:\Users\Mercedes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reevaluating.lnk [2018-06-06] ShortcutTarget: reevaluating.lnk -> C:\Program Files (x86)\Avalanche\Brodsky.exe () Startup: C:\Users\Mercedes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reevaluatingreevaluating.lnk [2018-06-06] ShortcutTarget: reevaluatingreevaluating.lnk -> C:\Program Files (x86)\dusty\Rivalry.exe () HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tp7FD6Y5ZRv8Eqmry9Tp5o8p58-8Nj59DAmZ0WOjLoF5EU1_EEeDTerOCz9rphakFMhOjsb0U4lyhf518mLJE7Nc1PZESiAP0T6EueJ8qXhwhjDSjoWFUlJnrGZowqi1cyYcfK6WtI6bw1JiBc3a0Jedbq9Q,,&q={searchTerms} HKU\S-1-5-21-2757255035-3979406009-1362736679-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tp7FD6Y5ZRv8Eqmry9Tp5o8p58-8Nj59DAmZ0WOjLoF5EU1_EEeDTerOCz9rphakFAkhJtQ_sd8KWNJb8qtKv0dNYpzCUpwQKotc8GAnahGFJRTdeMCl5BTK3lvKfj2Kt-yzVulF9qbJboE-uJTAnDkJAnTA,, SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tp7FD6Y5ZRv8Eqmry9Tp5o8p58-8Nj59DAmZ0WOjLoF5EU1_EEeDTerOCz9rphakFMhOjsb0U4lyhf518mLJE7Nc1PZESiAP0T6EueJ8qXhwhjDSjoWFUlJnrGZowqi1cyYcfK6WtI6bw1JiBc3a0Jedbq9Q,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-2757255035-3979406009-1362736679-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tp7FD6Y5ZRv8Eqmry9Tp5o8p58-8Nj59DAmZ0WOjLoF5EU1_EEeDTerOCz9rphakFMhOjsb0U4lyhf518mLJE7Nc1PZESiAP0T6EueJ8qXhwhjDSjoWFUlJnrGZowqi1cyYcfK6WtI6bw1JiBc3a0Jedbq9Q,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-2757255035-3979406009-1362736679-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-2757255035-3979406009-1362736679-1001 -> {1E5B71DC-45ED-4D28-B8DF-37CE2F9D7018} URL = SearchScopes: HKU\S-1-5-21-2757255035-3979406009-1362736679-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH4wRuVxAvqMi2tp7FD6Y5ZRv8Eqmry9Tp5o8p58-8Nj59DAmZ0WOjLoF5EU1_EEeDTerOCz9rphakFMhOjsb0U4lyhf518mLJE7Nc1PZESiAP0T6EueJ8qXhwhjDSjoWFUlJnrGZowqi1cyYcfK6WtI6bw1JiBc3a0Jedbq9Q,,&q={searchTerms} R2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2018-06-06] () [File not signed] <==== ATTENTION R2 ed896c4569b349cf14f608f5a7a00f93; C:\Program Files\ed896c4569b349cf14f608f5a7a00f93\dbe628b249273c180a6002346247c9c8.exe [1760712 2018-06-06] () S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd) <==== ATTENTION S2 Quoteex; C:\ProgramData\\Quoteex\\Quoteex.exe [1810944 2018-06-06] (TODO: ) [File not signed] <==== ATTENTION R2 867dcb50fd45ef7018a23d0efed06666; rundll32.exe C:\WINDOWS\yjvhvvrtfooukidv.ijvh DNPh [X] R1 83a915133303ff21ff8a5b901dfa17ab; C:\WINDOWS\System32\drivers\83a915133303ff21ff8a5b901dfa17ab.sys [162712 2018-06-06] () 2018-06-09 01:12 - 2018-06-09 01:12 - 000000000 _____ C:\jbzzytgqb79uux9 018-06-07 21:58 - 2018-06-07 21:58 - 000857600 _____ C:\WINDOWS\yjvhvvrtfooukidv.ijvh 2018-06-07 21:58 - 2018-06-07 21:58 - 000000000 ____D C:\Program Files\ed896c4569b349cf14f608f5a7a00f93 2018-06-07 21:53 - 2018-06-07 21:53 - 000000072 ___SH C:\bootTel.dat 2018-06-06 19:55 - 2018-06-06 19:55 - 001830912 _____ C:\WINDOWS\54c7e575ec387f2ba0b614c3d95d2a1c.exe 2018-06-06 19:55 - 2018-06-06 19:55 - 000162712 _____ C:\WINDOWS\system32\Drivers\83a915133303ff21ff8a5b901dfa17ab.sys 2018-06-06 19:55 - 2018-06-06 19:55 - 000096527 _____ C:\WINDOWS\uninstaller.dat 2018-06-06 01:17 - 2018-06-09 01:12 - 000000000 ____D C:\Program Files (x86)\ProxyGate 2018-06-06 01:14 - 2018-06-06 01:14 - 000000000 ____D C:\Program Files (x86)\Microleaves 2018-06-06 01:13 - 2018-06-06 01:27 - 000000366 _____ C:\WINDOWS\Tasks\Online Application V2G6.job 2018-06-06 01:13 - 2018-06-06 01:27 - 000000366 _____ C:\WINDOWS\Tasks\Online Application V2G4.job 2018-06-06 01:13 - 2018-06-06 01:27 - 000000366 _____ C:\WINDOWS\Tasks\Online Application V2G3.job 2018-06-06 01:13 - 2018-06-06 01:13 - 000003292 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application 2018-06-06 01:13 - 2018-06-06 01:13 - 000003256 _____ C:\WINDOWS\System32\Tasks\Online Application V2G6 2018-06-06 01:13 - 2018-06-06 01:13 - 000003256 _____ C:\WINDOWS\System32\Tasks\Online Application V2G4 2018-06-06 01:13 - 2018-06-06 01:13 - 000003256 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3 2018-06-06 01:12 - 2018-06-07 22:28 - 000000000 ____D C:\Program Files (x86)\SystemHealer 2018-06-06 01:12 - 2018-06-06 01:27 - 000000398 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job 2018-06-06 01:12 - 2018-06-06 01:27 - 000000366 _____ C:\WINDOWS\Tasks\Online Application V2G5.job 2018-06-06 01:12 - 2018-06-06 01:27 - 000000366 _____ C:\WINDOWS\Tasks\Online Application V2G2.job 2018-06-06 01:12 - 2018-06-06 01:27 - 000000366 _____ C:\WINDOWS\Tasks\Online Application V2G1.job 2018-06-06 01:12 - 2018-06-06 01:12 - 000003256 _____ C:\WINDOWS\System32\Tasks\Online Application V2G5 2018-06-06 01:12 - 2018-06-06 01:12 - 000003256 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2 2018-06-06 01:12 - 2018-06-06 01:12 - 000003256 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1 2018-06-06 01:11 - 2018-06-06 01:11 - 000000000 ____D C:\Users\Mercedes\AppData\LocalLow\endGirl 2018-06-06 01:10 - 2018-06-06 01:10 - 000000000 ____D C:\Users\Mercedes\AppData\Roaming\Microleaves 2018-06-06 01:10 - 2018-06-06 01:10 - 000000000 ____D C:\Users\Mercedes\AppData\Local\AdvinstAnalytics 2018-06-06 01:09 - 2018-06-06 01:09 - 000000000 ____D C:\Users\Mercedes\AppData\Roaming\SystemHealer 2018-06-06 01:06 - 2018-06-06 01:06 - 000003774 _____ C:\WINDOWS\System32\Tasks\SoftUpgrade 2018-06-06 01:06 - 2018-06-06 01:06 - 000000012 _____ C:\WINDOWS\b32694208 2018-06-06 01:06 - 2018-06-06 01:06 - 000000000 ____D C:\Users\Mercedes\AppData\Roaming\Interstatnogui 2018-06-06 01:06 - 2018-06-06 01:06 - 000000000 ____D C:\Program Files (x86)\SoftUpgrade 2018-06-06 01:03 - 2018-06-06 01:03 - 000003850 _____ C:\WINDOWS\System32\Tasks\coinage regie racial 2018-06-06 01:03 - 2018-06-06 01:03 - 000003848 _____ C:\WINDOWS\System32\Tasks\gatekeeping_socking 2018-06-06 01:03 - 2018-06-06 01:03 - 000003844 _____ C:\WINDOWS\System32\Tasks\hollyhock-freundlich 2018-06-06 01:03 - 2018-06-06 01:03 - 000003842 _____ C:\WINDOWS\System32\Tasks\praising_gorges 2018-06-06 01:03 - 2018-06-06 01:03 - 000003840 _____ C:\WINDOWS\System32\Tasks\ic vacationing 2018-06-06 01:03 - 2018-06-06 01:03 - 000003834 _____ C:\WINDOWS\System32\Tasks\cassino 2018-06-06 01:03 - 2018-06-06 01:03 - 000003824 _____ C:\WINDOWS\System32\Tasks\sabine 2018-06-06 01:03 - 2018-06-06 01:03 - 000003824 _____ C:\WINDOWS\System32\Tasks\aquafresh 2018-06-06 01:03 - 2018-06-06 01:03 - 000003730 _____ C:\WINDOWS\System32\Tasks\coinage regie racialcoinage regie racial 2018-06-06 01:03 - 2018-06-06 01:03 - 000003726 _____ C:\WINDOWS\System32\Tasks\gatekeeping_sockinggatekeeping_socking 2018-06-06 01:03 - 2018-06-06 01:03 - 000003724 _____ C:\WINDOWS\System32\Tasks\hollyhock-freundlichhollyhock-freundlich 2018-06-06 01:03 - 2018-06-06 01:03 - 000003712 _____ C:\WINDOWS\System32\Tasks\praising_gorgespraising_gorges 2018-06-06 01:03 - 2018-06-06 01:03 - 000003708 _____ C:\WINDOWS\System32\Tasks\ic vacationingic vacationing 2018-06-06 01:03 - 2018-06-06 01:03 - 000003692 _____ C:\WINDOWS\System32\Tasks\snp 2018-06-06 01:03 - 2018-06-06 01:03 - 000003688 _____ C:\WINDOWS\System32\Tasks\cassinocassino 2018-06-06 01:03 - 2018-06-06 01:03 - 000003682 _____ C:\WINDOWS\System32\Tasks\aquafreshaquafresh 2018-06-06 01:03 - 2018-06-06 01:03 - 000003676 _____ C:\WINDOWS\System32\Tasks\sabinesabine 2018-06-06 01:03 - 2018-06-06 01:03 - 000000000 ___HD C:\Program Files (x86)\gaea 2018-06-06 01:02 - 2018-06-06 01:02 - 000000000 ___HD C:\Program Files (x86)\Hesitates 2018-06-06 01:02 - 2018-06-06 01:02 - 000000000 ____D C:\Program Files (x86)\Legg 2018-06-06 01:02 - 2018-06-06 01:02 - 000000000 ____D C:\Program Files (x86)\dusty 2018-06-06 01:02 - 2018-06-06 01:02 - 000000000 ____D C:\Program Files (x86)\congestion 2018-06-06 01:02 - 2018-06-06 01:02 - 000000000 ____D C:\Program Files (x86)\Avalanche 2018-06-06 01:01 - 2018-06-06 01:04 - 000003278 _____ C:\WINDOWS\System32\Tasks\snf 2018-06-06 01:01 - 2018-06-06 01:02 - 000015606 _____ C:\WINDOWS\SysWOW64\findit.xml 2018-06-06 01:01 - 2018-06-06 01:01 - 000000000 ____D C:\ProgramData\Quoteexs 2018-06-06 01:00 - 2018-06-06 01:00 - 000000000 ____D C:\ProgramData\Logic Cramble 2018-06-06 00:59 - 2018-06-06 00:59 - 001895384 _____ C:\Users\Mercedes\AppData\Local\Stannix.bin 2018-06-06 00:58 - 2018-06-06 01:14 - 000000000 ____D C:\ProgramData\Quoteex 2018-06-06 00:58 - 2018-06-06 00:58 - 007627776 _____ C:\Users\Mercedes\AppData\Local\agent.dat 2018-06-06 00:58 - 2018-06-06 00:58 - 001988014 _____ C:\Users\Mercedes\AppData\Local\MathSolotech.tst 2018-06-06 00:58 - 2018-06-06 00:58 - 000126464 _____ C:\Users\Mercedes\AppData\Local\noah.dat 2018-06-06 00:58 - 2018-06-06 00:58 - 000070896 _____ C:\Users\Mercedes\AppData\Local\Config.xml 2018-06-06 00:58 - 2018-06-06 00:58 - 000018432 _____ C:\Users\Mercedes\AppData\Local\Main.dat 2018-06-06 00:58 - 2018-06-06 00:58 - 000005568 _____ C:\Users\Mercedes\AppData\Local\md.xml 2018-06-06 00:58 - 2018-06-06 00:50 - 001810944 _____ (TODO: ) C:\Users\Mercedes\AppData\Local\MathSolotech.exe 2018-06-06 00:57 - 2018-06-06 01:02 - 000000000 ____D C:\Users\Mercedes\AppData\Local\WinZip 2018-06-06 00:57 - 2018-06-06 00:58 - 000278509 _____ C:\Users\Mercedes\AppData\Local\FinDom.tst 2018-06-06 00:57 - 2018-06-06 00:50 - 001810944 _____ (TODO: ) C:\Users\Mercedes\AppData\Local\FinDom.exe 2018-06-06 00:55 - 2018-06-07 22:24 - 000929792 _____ C:\Users\Mercedes\AppData\Local\sham.db 2018-06-06 00:55 - 2018-06-06 00:57 - 000016416 _____ C:\Users\Mercedes\AppData\Local\InstallationConfiguration.xml 2018-06-06 00:55 - 2018-06-06 00:55 - 000140800 _____ C:\Users\Mercedes\AppData\Local\installer.dat C:\Users\Mercedes\AppData\Roaming\Interstatnogui\interstatnogui.exe 2018-06-06 00:57 - 2018-06-06 00:57 - 000088576 _____ () C:\Users\Mercedes\AppData\Local\Temp\AZOREG.exe 2018-05-03 15:12 - 2018-05-03 15:12 - 001115760 _____ (IOT Mega) C:\Users\Mercedes\AppData\Local\Temp\Uk0I6Gfz-prog.exe 2018-05-03 15:12 - 2018-05-03 15:12 - 000147792 _____ () C:\Users\Mercedes\AppData\Local\Temp\Uk0I6Gfz-upd.exe Task: {011ED799-A057-4B6F-81D5-C4656EF085F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {026757CA-1853-40C9-A795-1FACC8E16102} - System32\Tasks\praising_gorges => C:\Program Files (x86)\Hesitates\Brodsky.exe [2018-06-05] () Task: {083F6CB4-D2E8-4688-AECA-D6882639785A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {1394CD72-F23F-4D6F-9511-DBBCC0314137} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {1EED2BD1-7AD4-467D-BA8B-B9EAE2FA57D1} - System32\Tasks\sabinesabine => C:\Program Files (x86)\Avalanche\Brodsky.exe [2018-06-05] () Task: {22BF10D5-8606-4C16-8A14-0D8785581226} - \WPD\SqmUpload_S-1-5-21-2757255035-3979406009-1362736679-1001 -> No File <==== ATTENTION Task: {24F567AB-697C-46BA-94E0-6320162432D4} - System32\Tasks\gatekeeping_sockinggatekeeping_socking => C:\Users\Mercedes\AppData\Local\Rivalry.exe [2018-06-05] () Task: {26A35A25-E5B5-49CC-9999-BF62F487BE68} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {441A91B9-208A-4F73-9FF8-6B86279A3F34} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {4452A53C-C3AE-4ACE-807E-6F5CE4DA5D67} - System32\Tasks\SoftUpgrade => C:\Program Files (x86)\SoftUpgrade\softup.exe [2018-05-03] () <==== ATTENTION Task: {5346D354-1A64-4A83-972A-7FF7F942D3B7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {53EA5E11-0597-4139-99E2-7AAC34E85F50} - System32\Tasks\cassino => C:\Program Files (x86)\congestion\congestion.exe [2018-06-05] () Task: {62CF14B9-15C2-4949-9BCD-8E272FAA9862} - System32\Tasks\aquafresh => C:\Program Files (x86)\Legg\loveridge.exe [2018-06-05] () Task: {666FA970-C2AA-4965-851E-133A3F11EE1F} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION Task: {67CD85BA-53C4-4871-827D-DFAC0A521956} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION Task: {6AF7D459-7629-4120-8074-3B300A35B279} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== ATTENTION Task: {70638CE6-8B31-45DA-9B49-6D0F8B09C588} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {7257DF9E-1768-45A1-B410-CEC852DDBFBE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {760DCCD4-4C44-401C-9475-85CE4C26EB0E} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION Task: {79CB7BB7-C52D-4D12-9E48-E81ECAF0414D} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION Task: {7A631C52-187A-4213-BF11-580AD4D8834C} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION Task: {7CCBF3EE-C183-435E-8149-70D9AC03813B} - System32\Tasks\snf => C:\ProgramData\Quoteex\Quoteex.exe [2018-06-06] (TODO: ) <==== ATTENTION Task: {901362F5-C53F-497C-813A-F1887AF79AAD} - System32\Tasks\coinage regie racialcoinage regie racial => C:\Users\Mercedes\AppData\Local\Brodsky.exe [2018-06-05] () Task: {98BBFC45-5B8B-4FBA-B408-698FDDA50946} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {A54E25E1-2505-446E-A77C-6C928B03091D} - System32\Tasks\ic vacationing => C:\Program Files (x86)\Hesitates\Rivalry.exe [2018-06-05] () Task: {A68DB59F-A8A0-42DE-8E58-78ABE2775CD1} - System32\Tasks\hollyhock-freundlichhollyhock-freundlich => C:\Program Files (x86)\dusty\Rivalry.exe [2018-06-05] () Task: {B410CFA2-F632-448E-89FA-86AB5F007816} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-12-15] (WinZip) Task: {B46BD411-4B84-40C7-9546-71C9D1A90BB8} - System32\Tasks\aquafreshaquafresh => C:\Program Files (x86)\Legg\loveridge.exe [2018-06-05] () Task: {BF54AF64-5D98-4BFB-B518-C1BF8082F0CE} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== ATTENTION Task: {CA1771C8-9657-4DA5-B930-CFDBA220D2D1} - System32\Tasks\ic vacationingic vacationing => C:\Program Files (x86)\Hesitates\Rivalry.exe [2018-06-05] () Task: {CDBB38B1-4D3A-4DCC-B8F2-D2AE78163719} - System32\Tasks\snp => C:\ProgramData\Quoteex\Quoteex.exe [2018-06-06] (TODO: ) <==== ATTENTION Task: {CFB6E486-9602-401B-8065-F5D8BD1F2993} - System32\Tasks\cassinocassino => C:\Program Files (x86)\congestion\congestion.exe [2018-06-05] () Task: {D2D9D031-CFB0-4304-A4A8-E1FB84F20213} - System32\Tasks\gatekeeping_socking => C:\Users\Mercedes\AppData\Local\Rivalry.exe [2018-06-05] () Task: {D57D3DCE-C142-4640-A093-47CF29E6A7D8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {D75FBD91-C174-43F6-ACCB-96C0B024C60A} - System32\Tasks\coinage regie racial => C:\Users\Mercedes\AppData\Local\Brodsky.exe [2018-06-05] () Task: {E4D03BCA-9934-48EC-A1E5-38BD4E6CDA34} - System32\Tasks\sabine => C:\Program Files (x86)\Avalanche\Brodsky.exe [2018-06-05] () Task: {E7B91281-D17C-4F4B-906E-228F0397551A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {F1BC8045-013E-498C-9C2A-6DAFE1C13899} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {FA002666-67D7-42EA-A62C-16C478809892} - System32\Tasks\hollyhock-freundlich => C:\Program Files (x86)\dusty\Rivalry.exe [2018-06-05] () Task: {FC151B94-065F-4F60-A468-BAD5E7D87CFB} - System32\Tasks\praising_gorgespraising_gorges => C:\Program Files (x86)\Hesitates\Brodsky.exe [2018-06-05] () Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION FirewallRules: [{DFA8394C-B31B-4986-AD8D-A816E9C342E7}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [{507F1A07-FA30-4849-A94A-40003C6B2905}] => (Allow) C:\Program Files (x86)\Avalanche\Brodsky.exe FirewallRules: [{E40E42B3-B976-4DBD-969D-987A2FEDB419}] => (Allow) C:\Program Files (x86)\Hesitates\Brodsky.exe FirewallRules: [{341A5668-CC45-448F-B433-CC297928F7CC}] => (Allow) C:\Program Files (x86)\dusty\Rivalry.exe FirewallRules: [{3BC135EC-81D0-41B9-9CBF-24430371B0F5}] => (Allow) C:\Program Files (x86)\Hesitates\Rivalry.exe Unlock: C:\Program Files (x86)\Avalanche\Brodsky.exe Unlock: C:\Program Files (x86)\dusty\Rivalry.exe Unlock: C:\Program Files (x86)\Hesitates\Brodsky.exe C:\Program Files (x86)\Avalanche\Brodsky.exe C:\Program Files (x86)\dusty\Rivalry.exe C:\Program Files (x86)\Hesitates\Brodsky.exe CreateDummy: C:\Program Files (x86)\Avalanche\Brodsky.exe CreateDummy: C:\Program Files (x86)\dusty\Rivalry.exe CreateDummy: C:\Program Files (x86)\Hesitates\Brodsky.exe Unlock: C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe CreateDummy: C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe Unlock: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe Unlock: C:\Program Files (x86)\Hesitates\Rivalry.exe Unlock: C:\Users\Mercedes\AppData\Local\Brodsky.exe Unlock: C:\Program Files (x86)\Legg\loveridge.exe Unlock: C:\ProgramData\Quoteex\Quoteex.exe Unlock: C:\Program Files (x86)\congestion\congestion.exe [2018-06-05] () C:\Users\Mercedes\AppData\Local\Rivalry.exe C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe C:\Program Files (x86)\Hesitates\Rivalry.exe C:\Users\Mercedes\AppData\Local\Brodsky.exe C:\Program Files (x86)\Legg\loveridge.exe C:\ProgramData\Quoteex\Quoteex.exe C:\Program Files (x86)\congestion\congestion.exe [2018-06-05] () C:\Users\Mercedes\AppData\Local\Rivalry.exe CreateDummy: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe CreateDummy: C:\Program Files (x86)\Hesitates\Rivalry.exe CreateDummy: C:\Users\Mercedes\AppData\Local\Brodsky.exe CreateDummy: C:\Program Files (x86)\Legg\loveridge.exe CreateDummy: C:\ProgramData\Quoteex\Quoteex.exe CreateDummy: C:\Program Files (x86)\congestion\congestion.exe [2018-06-05] () CreateDummy: C:\Users\Mercedes\AppData\Local\Rivalry.exe Unlock: C:\Users\Mercedes\AppData\Local\pfialx.dll C:\Users\Mercedes\AppData\Local\pfialx.dll CreateDummy: C:\Users\Mercedes\AppData\Local\pfialx.dll ResetHosts: EmptyTemp: CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"