start
CreateRestorePoint:
CloseProcesses:
Task: {68166B4E-9B27-4599-8A18-9EF5FD53C52D} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe [2015-08-28] (OB) <==== ATTENTION
Task: {5E9D0A76-8D7D-4C31-A17E-77829F21F33E} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5_user => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe [2015-08-28] (OB) <==== ATTENTION
C:\Program Files\SFK\SSFK.exe
C:\Program Files\SFK\SFKEX.exe
C:\Program Files\SFK
C:\Program Files\NixSrv\packages\c3cd72eb-e609-45a2-97c2-d2479f8fa73d\NixHost.exe
C:\ProgramData\ExtTag\Zaamstock.exe
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVc10LodNmSHz1i0FugpAW8314UUtUUEKG8yhwFXiWN5wJYIj83EPv_dkI8HuZie3LzPna7ty6lh1tD0
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
SearchScopes: HKU\S-1-5-21-444297693-2264169564-2716400923-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1440760054&z=54f83e43e617994f95f37d7g3zaz0e9meqaefgecee&from=obw&uid=ST3250823AS_5ND3BHZBXXXX5ND3BHZB
FF Homepage: hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVc10LodNmSHz1i0FugpAW8314UUtUUEKG8yhwFXiWN5wJYIj83EPv_dkI8HuZie3LzPna7ty6lh1tD0
FF NewTab: hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVc10LodNmSHz1i0FugpAW8314UUtUUEKG8yhwFXiWN5wJYIj83EPv_dkI8HuZie3LzPna7ty6lh1tD0
R2 ExtTag; C:\ProgramData\ExtTag\ExtTag.exe [33792 2015-08-27] () [File not signed]
C:\ProgramData\ExtTag\ExtTag.exe
R2 NixSrv; C:\Program Files\NixSrv\NixSrv.exe [379904 2015-08-27] () [File not signed] <==== ATTENTION
R2 SSFK; C:\Program Files\SFK\SSFK.exe [448000 2015-08-28]
S2 updvte; C:\Users\Riaan Nel\AppData\Local\Lot-media.exe [52736 2015-08-28] () [File not signed]
2015-08-28 13:12 - 2015-08-28 13:13 - 00000000 ____D C:\Users\Riaan Nel\AppData\Roaming\istartsurf
2015-08-28 13:07 - 2015-08-28 14:07 - 00000000 ____D C:\Program Files\NixSrv
C:\Users\Riaan Nel\AppData\Local\Temp\ose00000.exe
Task: {965AF130-2446-4959-9471-25DD739B5415} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-6 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-6.exe [2015-08-28] (OB) <==== ATTENTION
Task: {A7A7F30F-C622-4D72-8F2F-CBCABBE1FB69} - \ProgramRefresh-ATFST -> No File <==== ATTENTION
Task: {A9269E43-DBB5-41B2-ABC1-81059AE9E90B} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-7 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-7.exe <==== ATTENTION
Task: {C129B3D8-8A12-45CB-8A78-484EBAE55753} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-6 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-6.exe [2015-08-28] (OB) <==== ATTENTION
Task: {D2220DE8-2932-46CF-A071-15E2C77BB12F} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-7 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-7.exe [2015-08-28] (OB) <==== ATTENTION
Task: {FDDFBAD9-E558-45FF-87F0-5F2E3E1DE836} - \ProgramUpdateCheck -> No File <==== ATTENTION
Task: {FF3C717F-E3D9-4903-ABB6-E944098C0BD0} - System32\Tasks\atSFQS1rBZ3lbTAqGUWmZlNN => C:\Users\Riaan Nel\AppData\Roaming\atSFQS1rBZ3lbTAqGUWmZlNN.exe [2015-04-20] () <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-6.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-7.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5_user.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-6.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-7.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\atSFQS1rBZ3lbTAqGUWmZlNN.job => C:\Users\Riaan Nel\AppData\Roaming\atSFQS1rBZ3lbTAqGUWmZlNN.exe <==== ATTENTION
EmptyTemp:
Hosts:
End