.
DDS (Ver_2011-06-23.01) - NTFSAMD64 MINIMAL
Internet Explorer: 8.0.7601.17514
Run by James at 20:48:09 on 2011-10-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.4095.3460 [GMT 11:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\explorer.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_x1800&r=17360310c107p0428v125w4451s593
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_x1800&r=17360310c107p0428v125w4451s593
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_x1800&r=17360310c107p0428v125w4451s593
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
uURLSearchHooks: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
mURLSearchHooks: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll
mWinlogon: Userinit=userinit.exe,
uWinlogon: Shell=C:\Users\James\AppData\Local\cf2a1baf\X
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111010201424.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
TB: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [cjYYCekkIVrNx0c8234A] C:\Windows\system32\F222ibF3pnG5a6K.exe
mRun: [Z5sWWJ7dEL8R] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [cJJfRRZ9h8234A] C:\Windows\system32\CXXwjeeItzPyc1v.exe
mRun: [qbAkTimwqKqpG.exe] C:\ProgramData\qbAkTimwqKqpG.exe
mRun: [rwwwkVrlO8234A] C:\Windows\system32\EaaQQ6sWKfELg.exe
mRun: [aYYCkVrlOtvDoF48234A] C:\Windows\system32\HNNP0ucS1iDoGsL.exe
mRun: [mhhYYXwjUVlItPy8234A] C:\Windows\system32\JsQJJddK8.exe
mRun: [BKK88fRL9TXqUeI] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [gibbF3pnGaQHdKf8234A] C:\Windows\system32\PkIBBrzOyxA.exe
mRun: [viiib33nG4aHsK7] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [LF4aamH5WJ7dLg8234A] C:\Windows\system32\iwkUUrrOBtx0c1i.exe
mRun: [QPNNNcc1uv2oFp] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [XffRR99TXqUCk8234A] C:\Windows\system32\pAA1uvS2ob3pGaJ.exe
mRun: [OL99gTTqYC] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [P3onnG4aH6s8234A] C:\Windows\system32\RCCwkIVrlOtx0c.exe
mRun: [Y1ivv33oF4aHsW7] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [nwwkUVrlO8234A] C:\Windows\system32\BmmH6sWJ7EL8T.exe
mRun: [cqhhhXXkUVeOtz0] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [aoobbF4pG5sQ6E88234A] C:\Windows\system32\nYYXwjUVeIBtPyA.exe
mRun: [yQQJ66dWK8RLhqj] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [uA0uuSS2bD3n4aH8234A] C:\Windows\system32\PffRR99TXqYCkVz.exe
mRun: [G11ibD3onGam6W7] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [eYYCwkUVrlBtPyS8234A] C:\Windows\system32\qD3ooGG4mH6WJfL.exe
mRun: [TqqhYXwkUelOtPy] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [S6ddEK8fZ9hTwUe8234A] C:\Windows\system32\qzPNNccAuvDob4m.exe
mRun: [TJJ66dWKfRLhTqU] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [dgTXXqjYekIVzNx8234A] C:\Windows\system32\QS2iiFFpnG5Q6WK.exe
mRun: [FrllONtxPucSiDo] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [PCwwkUVrlBtx0c8234A] C:\Windows\system32\VonGG4am6sWJfLg.exe
mRun: [ZzzPP0ycAivDoFp] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [h88ffZZhTXjUeIr8234A] C:\Windows\system32\RccA1uvD2oF4m5Q.exe
mRun: [ZqqjjCCeIBrOyxu] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [DKK77EE9gTZjCkV8234A] C:\Windows\system32\o2ibb33nG4a.exe
mRun: [kZqqhYCwkVrlBx0] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [IpmmH5sQJdEKgZh8234A] C:\Windows\system32\FtzzP0ycAivD.exe
mRun: [Hpppm55QJ6dKfZ9] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [VQJJ6dWK8RL9TqU8234A] C:\Windows\system32\sBrrzPNyA1uv2b3.exe
mRun: [bggTTqqjCekVzOt] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [EDD3onn4am6sJfL8234A] C:\Windows\system32\QZqqjYCwIVrlNx0.exe
mRun: [UnnF4amH5sJ7E8] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [BkUUVelOBzP0c1v8234A] C:\Windows\system32\sFF4amm5sW7dLgZ.exe
mRun: [fttzzNyc1uvDoFp] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [Q55aQJ6dWKf8234A] C:\Windows\system32\xBBrzPPyxAuv2b.exe
mRun: [RHH66WKK7fLgTqY] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [ZvD2opHQJEgZpGs8234A] C:\Windows\system32\xgRZqhYXwUeOz0c.exe
mRun: [YjSD4aQH67IrOx0] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [ulIBrzPNyAuSoFp8234A] C:\Windows\system32\X6dEK8fRZh.exe
mRun: [mzONyxA0uSiFpGa] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [HEL8gRZhYwU8234A] C:\Windows\system32\t0ycS1ivDoFaH.exe
mRun: [ElIBtzPNyAuDoFp] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [XVrzONtxAuSiDpG8234A] C:\Windows\system32\RG5aQH6dW7R9TqY.exe
mRun: [c6sWJ7fELgZhCkV] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [ZcA1ivD2oFpHsJd8234A] C:\Windows\system32\d7dEL8gRZhXkVlB.exe
mRun: [RNyxA1uvSoFpGaJ] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [yVrlONtxPuSiDoG8234A] C:\Windows\system32\TsWK7fEL9TqY.exe
mRun: [oycA1ivD2n4m5Q7] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [TpnG5aQH6W7R9Tq8234A] C:\Windows\system32\VXqjUCekIrOyAuS.exe
mRun: [pL8gTZqhYwUrOtP] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [NtzPNycA1v2b4m58234A] C:\Windows\system32\nEK8gRZ9hXjV.exe
mRun: [oamH6sWJ7E8TqYw8234A] C:\Windows\system32\QCwkIVrlOtPuSiD.exe
mRun: [donF4pm5QJ7dKgZ] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [bF3pmG5aQ6W8R9T8234A] C:\Windows\system32\aZ9hTwjUClBPyAu.exe
mRun: [ArOxu1Do4] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [HpnG5aQHdKfLgXj8234A] C:\Windows\system32\hIrzOyxAu.exe
mRun: [UmH6W7fE8TqYwU] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [ajUCelIBrPyAuSo8234A] C:\Windows\system32\E2obF4pmGsJdKfZ.exe
mRun: [EpnG5aQH6W7LgXj] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [SK8gRZ9hYwUeItP8234A] C:\Windows\system32\nBtzP0ycAiDoFpH.exe
mRun: [tA0uvS2ib3n5QdK] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [eonF4pmH5Q7E8R8234A] C:\Windows\system32\xZqhYXwkUeOtPy.exe
mRun: [JzONyxA0u] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [uxP0ycS1iDoFaHs8234A] C:\Windows\system32\n6sWJ7fELgZhCkV.exe
mRun: [kycA1uvD2b4] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [lssWK7fEL8234A] C:\Windows\system32\dtxAAuuS2ib3.exe
mRun: [U0yycA1iv2on4m5] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [ZQH66WW7fRLgXjC8234A] C:\Windows\system32\deekIBrzOyxAuSi.exe
mRun: [EggTZqqYCwUVlBx] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [LsQQJ66dEKfZ9Tw8234A] C:\Windows\system32\sVelBPNyc1uv2oF.exe
mRun: [ZrrzzONtxAuc2iD] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [IVVVeOOtzPyc8234A] C:\Windows\system32\CaamH55WJ7ELgZ.exe
mRun: [kjUVVllItzPyc1v] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [xYCCekIVrONtAuS8234A] C:\Windows\system32\aaaaQ66dW7fR9.exe
mRun: [ZsWWJJ7dL8gRqYw] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [HuuuvD2oF4pG5Q68234A] C:\Windows\system32\sjUUVelIBzP.exe
mRun: [A6dWW77RL9gXjCe] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [bL88gTZqYCwkVlB8234A] C:\Windows\system32\SuucS1ibD3nGaHs.exe
mRun: [vVellIBtPNyc1v2] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [S9hhTTXwUCelB8234A] C:\Windows\system32\Y22obFFpmG5sJdK.exe
mRun: [aWWK7ffL9gXqYeI] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [nzzzONNxA0cS8234A] C:\Windows\system32\XpnnG5aQH6.exe
mRun: [BWWJ7fEL8TZqYwU] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [p7dEE88gZ9hXwUe8234A] C:\Windows\system32\DPP00cc1ivDoFpH.exe
mRun: [p33pnG5aQ6dW7R9] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [FmmHHssW78234A] C:\Windows\system32\fBttxP0yc1iv3.exe
mRun: [WEKK8fRZhTXwUeI] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [tucSSiiD3pn4Q6W8234A] C:\Windows\system32\IL9ggXXqYCeIrzN.exe
mRun: [GhYYCwkUVlOBx] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [kWWJ7dEL8gZqYwU8234A] C:\Windows\system32\Xttxx00cS1iDoFa.exe
mRun: [uNyccA1uD2oF4m5] C:\Users\James\AppData\Roaming\svhostu.exe
mRun: [aIBrrOOyxA0v2bF8234A] C:\Windows\system32\oGG5aQJ6dW8fLhX.exe
mRun: [r4aaQH6sW7fE9Tq8234A] C:\Windows\system32\l77fRLLgTXjY.exe
mRun: [D6sWW77fL8gZqYw8234A] C:\Windows\system32\bcSS1ibDonG.exe
mRun: [b000ycS1vD3nFaH8234A] C:\Windows\system32\yJ77fEL8TqYwkVl.exe
mRun: [CYYXwkUVelB8234A] C:\Windows\system32\yFF44mm5sW7dLg.exe
mRun: [xsQJJ7dE8gR9hXj8234A] C:\Windows\system32\BBttzP0yA1iv2n4.exe
mRun: [D6dEE88RZ9hXjCe8234A] C:\Windows\system32\nvD22bbFp.exe
mRun: [aRLL9gTXqYCeIrO8234A] C:\Windows\system32\FuuvS2ibFpnGaHd.exe
mRun: [RWJ77EE8gTZhCkU8234A] C:\Windows\system32\r00ucS1ib3on.exe
mRun: [ALL88gRZqYXwUeO8234A] C:\Windows\system32\O0yycS1iv3on4m5.exe
mRun: [mzzP0yyA1iD2n4m8234A] C:\Windows\system32\t7ddEL8ggZqhXkV.exe
mRun: [TKK8fRZ9hTwjClB8234A] C:\Windows\system32\LyccA1uvDobFpGs.exe
mRun: [vdWWK88RL9hXjCe8234A] C:\Windows\system32\APNNyxA1vS2oFpG.exe
mRun: [vSSS2obF3p8234A] C:\Windows\system32\whTXXjjUelIrP.exe
mRun: [yaQQH6dWKfR8234A] C:\Windows\system32\NrzzONyxA0vSiF.exe
mRun: [LDD3onG4am6sJfL8234A] C:\Windows\system32\iqqjYCwkIrlOtPu.exe
mRun: [hpmHHssQ7dE8gZh8234A] C:\Windows\system32\ZVVeeOOtzP0c1v2.exe
mRun: [XpmmG5aQJd8234A] C:\Windows\system32\yllIBrzPNxA1v2.exe
mRun: [XuvvS2ib3pnGaHd8234A] C:\Windows\system32\CCCekIBrzOy.exe
mRun: [QOOONtxA0uS2b38234A] C:\Windows\system32\G6ddWK7fR9gTqYe.exe
mRun: [LiibF33nG5QHdKf8234A] C:\Windows\system32\zUCCekIBzONyA.exe
mRun: [xcSS2bbDn4HsKE98234A] C:\Windows\system32\OLL9gTXqjYekVOt.exe
mRun: [xlOONtxPucS1b38234A] C:\Windows\system32\OHH6sWK7fE9gZjC.exe
mRun: [Qvvv3onnFaHsJEg8234A] C:\Windows\system32\B88TqhYwUVrBtP0.exe
mRun: [mF44pmH5sJ7dKgZ8234A] C:\Windows\system32\XBBBtzzP0yc1v.exe
mRun: [QBBBtzPNcA1uDoF8234A] C:\Windows\system32\InF44mm5sQJdKgZ.exe
mRun: [BjjjUVVelI8234A] C:\Windows\system32\ipmmH5sQJdEKg.exe
mRun: [PAAA1vvSob3pG5J8234A] C:\Windows\system32\X555sQJ6dK8fZ.exe
mRun: [ZJJ6dWK8fL9hXjC8234A] C:\Windows\system32\bzzPNyxA1uS2b3m.exe
mRun: [XYYCCekIrzOtx0c8234A] C:\Windows\system32\c5aQQ66WK7fL.exe
mRun: [h77ff99gTXqjCkV8234A] C:\Windows\system32\z9ggTXqjCekIrOy.exe
mRun: [yOONtxA0uc2iDp8234A] C:\Windows\system32\rH6ddWK7RL9TXjC.exe
mRun: [vWWKK7fE9gTqjCk8234A] C:\Windows\system32\FbbD3ppG4.exe
mRun: [xYYCwkIVrON8234A] C:\Windows\system32\gnGG4aQH6WK7E9.exe
mRun: [SnGG4am6W7ELg8234A] C:\Windows\system32\xjYYCwkIlNP0c1.exe
mRun: [sZZqhYCwkVr8234A] C:\Windows\system32\yD33onG4aH6sJf.exe
mRun: [grOBBtxPySiDn4m8234A] C:\Windows\system32\ybD33nn4amsJf8T.exe
mRun: [NmmHH6sW7fELgTq8234A] C:\Windows\system32\A00uucS1ibD3.exe
mRun: [lnnG4amH68234A] C:\Windows\system32\KVrllNNxP0uSi.exe
mRun: [D00yySSivD3n4aH8234A] C:\Windows\system32\wfEEL8gTqhYCkVl.exe
mRun: [ynFF4amH5WJ8234A] C:\Windows\system32\NkUUVrlOBxP0c1.exe
mRun: [UyycS1ivD3nFaHs8234A] C:\Windows\system32\sL8ggTZqYCw.exe
mRun: [rmHH5sWJdEL8RqY8234A] C:\Windows\system32\ASS11vv3o.exe
mRun: [u5sQQJ7dK8gZ9Yw8234A] C:\Windows\system32\GVVelOBtP0yAiD2.exe
mRun: [TnF44pmHsQJ7E8R8234A] C:\Windows\system32\KXwkkVVlOBtPyA1.exe
mRun: [EEEKKggZ9h8234A] C:\Windows\system32\SA1iiDD2nF4m5.exe
mRun: [XwjUVelIBzNc1v28234A] C:\Windows\system32\YQJ7dEK8gZ.exe
mRun: [lwjUCelIBzNx1v28234A] C:\Windows\system32\q2obF4pmGsJdKfZ.exe
mRun: [iTOuipnGCtw37A68234A] C:\Windows\system32\vAv2obG6TIy2pQf.exe
mRun: [DCelBPuFmQd8LT8234A] C:\Windows\system32\Q7lS3a7XPi2FmsE.exe
mRun: [zBPuFmQd8LTjlNv8234A] C:\Windows\system32\AlS3a7XPi2FmsEg.exe
mRun: [hwkAF5JEg9XUltN8234A] C:\Windows\system32\oUc2FpGJTwUeBP.exe
mRun: [noH8wlP13asE8234A] C:\Windows\system32\hAF5JEg9XUltNAv.exe
mRun: [OubYrxi4fjNcD8234A] C:\Windows\system32\nF5W9UOGCA4g.exe
mRun: [d7ghwUltPcu2b3m8234A] C:\Windows\system32\ntcGZVDna6Wf.exe
mRun: [Cr71qnV4lsIJrn98234A] C:\Windows\system32\EPeVOrutUTgXTBP.exe
mRun: [U4KVA4EXrvG8jO8234A] C:\Windows\system32\Bd7E69LsppsG89y.exe
mRun: [oekrzOxvp5Q6W7L8234A] C:\Windows\system32\ovCi10PPNG7RZg.exe
mRun: [b9XYkrNA0Sb8234A] C:\Windows\system32\ai2n4H5sQdKR9.exe
mRun: [ckVOxuSb3Ga6WfL8234A] C:\Users\James\AppData\Roaming\XCzASpQK9YVtSpQ\OrxSFWRUzDsgVND.exe
mRun: [kVOxuSb3Ga6WfLT8234A] C:\Windows\system32\v0SbpGQKLXYkr.exe
mRun: [zgrDshlcnJ9eyFJ8234A] C:\Windows\system32\OAvoWRhqCIzy0SF.exe
mRun: [oAu2ibF3pGQdKfL8234A] C:\Users\James\AppData\Roaming\VfUiWXzmg\WXNF7C0nEV16qto.exe
mRun: [r5QdK7fRLgqC8234A] C:\Users\James\AppData\Roaming\EnEV16qto7wti\mhCNSpJ8TU.exe
mRun: [HfRLgqYIVztAuSD8234A] C:\Users\James\AppData\Roaming\EnEV16qto7wti\SRqezNAu2b3n5Hd.exe
mRun: [SgqYIVrzOt0c2Dp8234A] C:\Users\James\AppData\Roaming\EnEV16qto7wti\dNAu2ibF3n5HdKf.exe
mRun: [VYIVrzONt0c2DpG8234A] C:\Windows\system32\QrASbnHfZID7wS7.exe
mRun: [TW8qhYCwkrx0Si38234A] C:\Users\James\AppData\Roaming\dA0ucS2D3n4HsKL\wCwkIVrlOtPu1b3.exe
mRun: [a8qhYCwkVlPci348234A] C:\Windows\system32\cgqYIVrzOt0c2Dp.exe
mRun: [O9wVIzy1Db8234A] C:\Users\James\AppData\Roaming\F2D3pnG4aHsKLZj\Bm6W8ZqhYwrx0Si.exe
mRun: [B9wVIzy1Db8234A] C:\Users\James\AppData\Roaming\N3pnG4aH6W7LZjC\Bm6W8ZqhYwrx0Si.exe
mRun: [l9wVIzy1D8234A] C:\Users\James\AppData\Roaming\jwkIVrlONx0c1b3\Bm6W8ZqhYwrx0Si.exe
mRun: [QsJ7dF9wVIzy1D8234A] C:\Users\James\AppData\Roaming\HlcnJ9eyFJfhCNS\OdK7fRLgqCIrO.exe
mRun: [tjwVltPcboGmsfL8234A] C:\Users\James\AppData\Roaming\KcS2D3pnGaHsKLZ\wCwkIVrlOtPu1b3.exe
mRun: [WtzPNycA1v4ms688234A] C:\Users\James\AppData\Roaming\FSiD34sJ7\B9wVIzy1Db.exe
mRun: [rcA1uvD4ps68RTI8234A] C:\Users\James\AppData\Roaming\h4sJ7dF9wVIz\njeBOyui3na6.exe
mRun: [O1uvD4pm568RTIP8234A] C:\Users\James\AppData\Roaming\Ee12Fm5JWRTjeBO\gna6WE9ZjwVltPc.exe
mRun: [H27I04LV15qB2lu8234A] C:\Windows\system32\O1uvD4pm568RTIP.exe
mRun: [JudUIi57LTjeVOA8234A] C:\Windows\system32\Gwcs53ebLxmCcJl.exe
mRun: [TL57TCrASpQ7gCV8234A] C:\Windows\system32\lxQq0aqPmh0HYcs.exe
mRun: [J3L57TCrASpQ7gC8234A] C:\Windows\system32\SSWe2KIiKki7U.exe
mRun: [InF4pmHQJ8234A] C:\Windows\system32\tONtxP0uc1b3n4m.exe
mRun: [RFpmHQJ7EgZ8234A] C:\Windows\system32\W1ibD3onGaHs.exe
mRun: [HH5sQJ7dEgZhXj8234A] C:\Users\James\AppData\Roaming\ooWhOimc6jvRNpR\dc3m7RwOyv4Q8YV.exe
mRun: [LgRZ9hYXwUeItPy8234A] C:\Windows\system32\QbL57TCrASpQ7gC.exe
mRun: [VEKgRZhXwUeItPy8234A] C:\Windows\system32\uQs7EgqCk.exe
mRun: [dKgRZhXwjVlBzyu8234A] C:\Windows\system32\KkIVrOxu13nmsJE.exe
mRun: [oRZhXwjUVlBzyuD8234A] C:\Users\James\AppData\Roaming\by1DAdUIiH7\KkIVrOxu13nmsJE.exe
mRun: [W4w4TQSYbe73IQN8234A] C:\Windows\system32\dI0n7qOim.exe
mRun: [g29p0Z2j7W4irgE8234A] C:\Windows\system32\sxDsTr03dUymhy5.exe
mRun: [bw3IY5rfHnurg5S8234A] C:\Windows\system32\Di5qB2KIbfr.exe
mRun: [w7qRWaFcU78234A] C:\Windows\system32\bQTzp9ODJkSsB7z.exe
mRun: [CsGD0jda2b2yVZH8234A] C:\Windows\system32\xODJkSsO7zduXGO.exe
mRun: [kjRWaSNZ4BQBsP98234A] C:\Windows\system32\C2N8uTQcwpkLnUm.exe
mRun: [bckH07zdxX3eaV68234A] C:\Windows\system32\Qa2kJIRoBfy.exe
mRun: [eXuKr4qPmhP5j1J8234A] C:\Windows\system32\HpkEnUmrwQNLW42.exe
mRun: [kLzp9Nn8BaX8234A] C:\Windows\system32\LmrwQNLW42OZJbk.exe
mRun: [UWhlcFJRU02sheP8234A] C:\Windows\system32\kJvuuUhTg8puxOX.exe
mRun: [Eu1Dna67LThwUB08234A] C:\Windows\system32\XniScxw851eTdDO.exe
mRun: [t45Wd8ZXUBP1n5J8234A] C:\Users\James\AppData\Roaming\GlGw16ki7V\Xc6YcsXAsw1JTzo.exe
mRun: [Y5Wd8ZXUBP1n5JE8234A] C:\Users\James\AppData\Roaming\D5lGw16ki7V\Xc6YcsXAsw1JTzo.exe
mRun: [buvDobF4pGsJE8R8234A] C:\Windows\system32\eCschvppamHmbSt.exe
mRun: [OJE8ZYjVIzN1voG8234A] C:\Windows\system32\dqUCjRQni.exe
mRun: [O5aQJ6dWK98234A] C:\Windows\system32\pNA0uc2ib3n4Q6W.exe
mRun: [OaQJ6dK8RX8234A] C:\Windows\system32\pJ2Nqfa30OBU.exe
mRun: [NaQJ6dK8RXj8234A] C:\Windows\system32\buvDobF4pGsJE8R.exe
mRun: [ZL8gZhCwktPySiD8234A] C:\Windows\system32\XQH6sWK7fLgZjCk.exe
mRun: [epmH5sQJ7E8R9Yw8234A] C:\Windows\system32\O6sWJ7L8gZhCktP.exe
mRun: [yK8RZ9hYXje8234A] C:\Windows\system32\UCwkUP0yc1v35W7.exe
mRun: [c8R9hYXwjeIt8234A] C:\Windows\system32\i1ivD3oFm5WdLRh.exe
mRun: [IdKfR9hTXjClBzy8234A] C:\Windows\system32\h1ivonF4pHsJdKR.exe
mRun: [Y1uv2obFaKLTqUk8234A] C:\Windows\system32\PIBtzPNcADoFm5Q.exe
mRun: [tPxA1uv2oFaKLTq8234A] C:\Windows\system32\iA1D2obF4m.exe
mRun: [tPyxA1uv2bmQ8hX8234A] C:\Windows\system32\KcA1uD2ob4.exe
mRun: [eQH6dWK7fLg8234A] C:\Windows\system32\fKfR9hTXwUeBzyA.exe
mRun: [crlOBt0yc8234A] C:\Windows\system32\zcnQZVyoQZlSQ9z.exe
mRun: [VyS1ivonFa578234A] C:\Windows\system32\t3jFqbTiEcLcd.exe
mRun: [honF4a578hwUl0i8234A] C:\Windows\system32\Y4kGYoY2ZcJl5UF.exe
mRun: [I9XUlBPcu8234A] C:\Windows\system32\W2RNaj0HhP4h.exe
mRun: [hFm6KRhXU8234A] C:\Windows\system32\fNPci3onGaHs7.exe
mRun: [IwP2msJKR8234A] C:\Windows\system32\qRr3XuHCS7YlPb3.exe
mRun: [rJKRhwClrAoGWfh8234A] C:\Windows\system32\pajig0WOFRzp9Pm.exe
mRun: [FGWfhqCIzy0Sbp58234A] C:\Windows\system32\IvEe2Rr3XuHCS7Y.exe
mRun: [WucS2ibD38234A] C:\Windows\system32\dEe2Rr3Xu.exe
mRun: [hpnG4aQH6W7EZjC8234A] C:\Windows\system32\Fjig0WOFRzp9Pmw.exe
mRun: [yqCwkVON0Si8234A] C:\Windows\system32\GdO49A6lFL.exe
mRun: [GqjYCwVrl08234A] C:\Windows\system32\GTxajig0WOFRzp9.exe
mRun: [yqjYCwVrl0n8234A] C:\Windows\system32\Oig0WOFRzp.exe
mRun: [fELZqjYCwVl0na68234A] C:\Windows\system32\ie2Rr3XuHCS7YlP.exe
mRun: [AYCwVrlO0na68234A] C:\Windows\system32\ZFTxajig0WOFRzp.exe
mRun: [dVrlO0una6JCV3F8234A] C:\Windows\system32\zH6sWJ7fE8.exe
mRun: [KO0una6sJCV3FaH8234A] C:\Windows\system32\hsWJ7fEL8TqC.exe
mRun: [quna6sJTV3FaHsJ8234A] C:\Windows\system32\K3naH6sWJfLgZhC.exe
mRun: [T6sJZV3nFaHsJd88234A] C:\Windows\system32\StQZlPb3nH.exe
mRun: [T6sJTV3nFaHsJd88234A] C:\Windows\system32\TsWJ7fEL8TqC.exe
mRun: [GUVelIBtzNc1v2b8234A] C:\Windows\system32\T49A6lFLxHeGqS7.exe
mRun: [GjUVelIBtPyAuDo8234A] C:\Windows\system32\Jb9SLAKtWlmknYv.exe
mRun: [GfZhweBx2m6fqkO8234A] C:\Windows\system32\QvdO49A6lFLxHeG.exe
mRun: [yD3pnaQHW9I0ogO8234A] C:\Windows\system32\pci3FmsLRhwVOzy.exe
mRun: [is4NErFfrFfr3LO8234A] C:\Windows\system32\Z9fWTYO01KLVO0p.exe
mRun: [ADfkPi3Fm8234A] C:\Windows\system32\raYcsX1JC.exe
mRun: [eOn8rc3Fms7LRhw8234A] C:\Windows\system32\qu6X1QUuG.exe
mRun: [Ts7LRhwVOzyimg98234A] C:\Windows\system32\xc6ei7VDWkSDdei.exe
mRun: [xBtzPNycAu2Fms8234A] C:\Users\James\AppData\Roaming\FhznZydInqAWzGq\F0Klpw1HwvE9.exe
mRun: [jPNycA1u2Fms6ER8234A] C:\Windows\system32\axtVJl2Wk2Wki7V.exe
mRun: [IKz3Q8hqjkx0GQW8234A] C:\Users\James\AppData\Roaming\kiZvT1g1f0LcExK\O7N8xJzdIpTeAo0.exe
mRun: [W0pGQdf9X8234A] C:\Windows\system32\NHOJBHOQNWP.exe
mRun: [pUkx0pGQdf9XYkr8234A] C:\Windows\system32\rsB6tEu92.exe
mRun: [cV0nJZecF7hI1pE8234A] C:\Users\James\AppData\Roaming\sO7P7N7xJzJ\Kst5BaVmlQVaVGq.exe
mRun: [zF7hI1pEXr8234A] C:\Users\James\AppData\Roaming\bjojDqv9STifuEy\bALuEc8z4hBv3S.exe
mRun: [EIb9xdCSEt6raw28234A] C:\Windows\system32\rFms6EKR9Byv3Q8.exe
mRun: [FkcHq0mq08234A] C:\Windows\system32\KbWCtvWY04KV1GZ.exe
mRun: [LfkcHq0mq04KV18234A] C:\Windows\system32\hWCtvWY04KV1GZB.exe
mRun: [WwtvmLXtvH8wIyv8234A] C:\Windows\system32\JdUy5gNp9OGhy5X.exe
mRun: [GnKXkNSpQgktSnH8234A] C:\Users\James\AppData\Roaming\RhN5quWVoZy\yV2RyQjuWrG.exe
mRun: [DwINv4QfjBxS3Jf8234A] C:\Windows\system32\V9zpLz3EroLViJC.exe
mRun: [oNSp6EZkOuboaH8234A] C:\Windows\system32\O9eP1bGW9U.exe
mRun: [vG4am6JEghwUOPc8234A] C:\Windows\system32\WucS2ibD3n4Q6KT.exe
mRun: [WelzP0ycAv2np5Q8234A] C:\Windows\system32\FOPcvnaWJdLgqYw.exe
mRun: [ToFd9Urxu8234A] C:\Windows\system32\RQ7dEg9XwUlzNc1.exe
mRun: [ND2oFd9UrxuSbpa8234A] C:\Windows\system32\D45Q7dEgZXUlzN.exe
mRun: [goFd9UrxuSbpa6K8234A] C:\Windows\system32\un45Q7dEg9XU.exe
mRun: [HKR9XjkrNx08234A] C:\Windows\system32\HdEg9XwUVlzNc1v.exe
mRun: [T2m6hezxu2FGQd78234A] C:\Windows\system32\xhYXwkUelPcvo4.exe
mRun: [Zi2Fm578ZhwU8234A] C:\Windows\system32\xIBtzPNyc1FGsd.exe
mRun: [Ti2Fm578ZhwU8234A] C:\Windows\system32\ZdKRhwVIBzNc1FG.exe
mRun: [Ti2Fms78ZhwU8234A] C:\Windows\system32\ARhwVIBtzNc1FGs.exe
mRun: [Q2Fms78ZhwUeIt8234A] C:\Windows\system32\yhezxu2FGQd.exe
mRun: [jZhwUVelIt8234A] C:\Windows\system32\Lezxu2FGQd7LXje.exe
mRun: [zy4JKRTjIv35JWX8234A] C:\Windows\system32\GXeP1Sbp56KR9XU.exe
mRun: [y8ZhwUVelBzNc1v8234A] C:\Windows\system32\O2FGQd7LXjezx.exe
mRun: [Ii6TkNS47qlSG7h8234A] C:\Windows\system32\B56KR9XjkrNx0vi.exe
mRun: [hlIBtzPNyAuDoFp8234A] C:\Windows\system32\hPci3na5JLgq.exe
mRun: [TIBtzPNyc1v2b4m8234A] C:\Windows\system32\H5JLgqXUlPAi2Fm.exe
mRun: [ISiaKRgjVx2QECt8234A] C:\Users\James\AppData\Roaming\m67LTjwIlt0Sbo4\Ti2Fms78ZhwU.exe
mRun: [BFEYIum8UPoQL8234A] C:\Users\James\AppData\Roaming\Cjezx2Dnas7LTj\Ti2Fms78ZhwU.exe
mRun: [tLexFH9V0psZIun8234A] C:\Users\James\AppData\Roaming\Ina67LTjwIlt\Ti2Fms78ZhwU.exe
mRun: [qQRVcFJZecFJZey8234A] C:\Windows\system32\CCVzt0Sbn6ZItS.exe
mRun: [hETBumdTI136fXe8234A] C:\Windows\system32\WUy4JKRTjIv3.exe
mRun: [mNtP0ucS1b3n4mL8234A] C:\Windows\system32\W9V0psZIunJh.exe
mRun: [US1bD3onGaL8234A] C:\Users\James\AppData\Roaming\FHd7RgjeV\T9gTZqjYCrtP.exe
mRun: [pNtx0S1bDoGaEqC8234A] C:\Windows\system32\I03HZI0o6.exe
mRun: [EbD3onG4aEqCr8234A] C:\Users\James\AppData\Roaming\N7gqCIztAc2\gELTYCwlNx0.exe
mRun: [X8ZwIrN18j8234A] C:\Users\James\AppData\Roaming\KGdRqCIztAc2bp4\SYCwlNtx01b3n4H.exe
mRun: [LCelIBrzPyRGgt48234A] C:\Users\James\AppData\Roaming\ejeVOAci3nQWE9T\BNtP0ucS1b3n4mL.exe
mRun: [pelIBrzPNRGgt4Z8234A] C:\Users\James\AppData\Roaming\HZqjYCwrtPuSb3\NLZCUOxc3Fms78Z.exe
mRun: [yjVelItzPyAuDoF8234A] C:\Windows\system32\DqCUOxySi3Fm5JE.exe
mRun: [RZ9hYXwjUeItPy18234A] C:\Users\James\AppData\Roaming\SYCwrtP0uSb3n4m\sgt4ZOyvmdlzFmd.exe
mRun: [fZ9hYXwjUeItPy18234A] C:\Users\James\AppData\Roaming\kwrtP0ucSb3n4mL\sgt4ZOyvmdlzFmd.exe
mRun: [DG5sQJ6dE8R9TwU8234A] C:\Windows\system32\feB012457K.exe
mRun: [DG5sQ6dEKfZhXjN8234A] C:\Windows\system32\kxySi3Fm5JEgqXk.exe
mRun: [OaHd7RTjCkrNAcb8234A] C:\Users\James\AppData\Roaming\jelItzPNyA\JF4pmG5sQ6E8R9T.exe
mRun: [OWTezubaKgCl0i48234A] C:\Users\James\AppData\Roaming\xtPFmQdK8ZhXjVl\P1uvDobF4m5Q6E8.exe
mRun: [SjVx2p6EqINSomf8234A] C:\Windows\system32\hvDobF4pm5Q6E8R.exe
mRun: [UwCry1Sbp5JWRTj8234A] C:\Users\James\AppData\Roaming\EzPNycA1uDoFp\R6dEK8fRZhX.exe
mRun: [gbDpnG6sKgC8234A] C:\Windows\system32\CgTXqjYCeIr.exe
mRun: [nhzo8IpwvdIp8234A] C:\Windows\system32\FCekIVrzOtAuSiD.exe
mRun: [yR0sUFh1WBnTuKl8234A] C:\Windows\system32\E7L9TjwVOx0Si3G.exe
mRun: [D8gRZ9XUVItyAv8234A] C:\Windows\system32\o7LRhXUltPy.exe
mRun: [IeBPxu23GQdKRhq8234A] C:\Windows\system32\hRhkeBPy1DoFpHs.exe
mRun: [eJEgqCUrBPci3Fm8234A] C:\Windows\system32\ZkeBPci2Fms7Egh.exe
mRun: [rmLrS5qtn8234A] C:\Windows\system32\CIrzPNyA1SbmaW9.exe
mRun: [JBrzPNyxAuSo8234A] C:\Windows\system32\KzPNyAvSbGa6Kf9.exe
mRun: [ZdVDEBGj27rG8234A] C:\Windows\system32\qCelIrzPNAuSbma.exe
mRun: [Uj27rGZPnV48VDJ8234A] C:\Windows\system32\S7gYrx2p4Hs7LTj.exe
mRun: [q4KgClPiG6EhUrB8234A] C:\Windows\system32\dINv4Q8Te.exe
mRun: [llPiG6EhUrBPyiD8234A] C:\Windows\system32\lPci3Fms7.exe
mRun: [DhUrBPyciDFm5W78234A] C:\Users\James\AppData\Roaming\dUrxuF5HWf9XjeV\lPci3Fms7.exe
mRun: [EvoHJ8hV1b5E9jB8234A] C:\Windows\system32\JGU27rGZPnV4.exe
mRun: [vlo6UAGgta8234A] C:\Users\James\AppData\Roaming\TlBrzPNyx1v2\IuD4KgClP.exe
mRun: [i6uZ3XFjmIQra8234A] C:\Windows\system32\I1b5E9jB1Fafku3.exe
mRun: [NaB7PKyRSh292qG8234A] C:\Windows\system32\oFafku369CNcnHf.exe
mRun: [e7fE8gTZqYUlt478234A] C:\Windows\system32\ek6uZ3XFjmIQrar.exe
mRun: [rsLhVz1nsKYV8234A] C:\Windows\system32\k5BJzpRzpLI.exe
mRun: [gLhVz1nsKYVIzN8234A] C:\Windows\system32\wTbqokpVDdCSW.exe
mRun: [NLhVz1nsKYVIzN8234A] C:\Windows\system32\oSpHEqINu1D.exe
mRun: [OGa6KfgjeV8234A] C:\Windows\system32\mNu1Dna6W7EgZhC.exe
mRun: [sivD3onF4HW8234A] C:\Users\James\AppData\Roaming\cTjwVN0cSb3Gm6W\B8ZhCUrBx0.exe
mRun: [DnlEDUJok72IWS8234A] C:\Windows\system32\cY8G2cPCR.exe
mRun: [wolKiIs1wHP9p8234A] C:\Windows\system32\npzfSCWiVZEbNrj.exe
mRun: [BlfvY5cRxRvXiZc8234A] C:\Windows\system32\bVL3cBZJpDiPtBe.exe
mRun: [nNKAgc90Wl4h8234A] C:\Windows\system32\ZiPe85F2SBlejXf.exe
mRun: [NtNAu2Fpm5Q8234A] C:\Windows\system32\SKqzcGKZVc.exe
mRun: [iVtNAu2FpGsJE8R8234A] C:\Windows\system32\VrvmKqB036gI0p6.exe
mRun: [GQd8RhqCIzy0Sbp8234A] C:\Users\James\AppData\Roaming\IfwxDsRU02QZecF\f9CxmKXrvG.exe
mRun: [iBDQRlxbQRCybHf8234A] C:\Windows\system32\bVlejfKmo2v1zrC.exe
mRun: [RP0Dn4pHs9XjeBP8234A] C:\Windows\system32\h6Oaw3LB4Kjc46h.exe
mRun: [RP0Dn4pHE9XjeBP8234A] C:\Windows\system32\yVnh1dlFKjc.exe
mRun: [uRZ9hYwUVlBz8234A] C:\Windows\system32\qKR9hVz1Dbp5JE8.exe
mRun: [vZ9hYwUVeItPy8234A] C:\Windows\system32\OTUIrNAvo3GQdKR.exe
mRun: [RUVelIBtzNc1v2b8234A] C:\Users\James\AppData\Roaming\iqItSn6fZUOxySv\ThYXwkUVeBz0Dn4.exe
mRun: [BwUVelIBtPyAv2b8234A] C:\Windows\system32\NZqhYXwkUeBz0D.exe
mRun: [ZVelIBtzPyAv2b48234A] C:\Users\James\AppData\Roaming\axySvo4HWd\ThYXwkUVeBz0Dn4.exe
mRun: [pelIBtzPNc1v2b48234A] C:\Windows\system32\wD4W9YrPiG.exe
mRun: [LNua9YOc4gl15qB8234A] C:\Users\James\AppData\Roaming\JgRZ9hYwUeIt\VcA1vD2b4.exe
mRun: [kS92j4lmr5U8234A] C:\Windows\system32\vfXezA2m6fTkOuF.exe
mRun: [a81ZvhuZSRvR08234A] C:\Windows\system32\uTkOuF5dLjkrNua.exe
mRun: [WloLOoZAsXx5TNG8234A] C:\Windows\system32\StDJYPFEVu.exe
mRun: [CjAHYc6ZPGT8234A] C:\Windows\system32\jisYNbKl2d.exe
mRun: [Xr3fkSsCcs8234A] C:\Users\James\AppData\Roaming\qsYNbKl2dCu6YuQ\puHqc7VoRBGlszJ.exe
mRun: [uCtvH8wzvpEYBub8234A] C:\Windows\system32\pUbjpq3qbEl3.exe
mRun: [VrAoGdLTjeBOxu28234A] C:\Windows\system32\ZPGTBFRzp.exe
mRun: [ua6KRTjer8234A] C:\Windows\system32\sfl1mRUNvpQRqI.exe
mRun: [h0Si3GQs7LTj8234A] C:\Users\James\AppData\Roaming\sfl1mRUNvpQRqI\Ac3afTCNu.exe
mRun: [OGQs7LTjwVOxu1D8234A] C:\Windows\system32\lTCNuosLC.exe
mRun: [Ta5JEgqYkVOz8234A] C:\Windows\system32\zafTCNuosLCtvH8.exe
mRun: [TrQBaCpj3Cakplp8234A] C:\Windows\system32\DV4wSLA7xslmVmO.exe
mRun: [x9gXYCIzt0Sbna68234A] C:\Windows\system32\dOzy1Dnp5JEg.exe
mRun: [qhr2GKkxnWjz8234A] C:\Windows\system32\U6KRhqCIzy0Sbp5.exe
mRun: [BBOy0Sb3GHKRgqC8234A] C:\Windows\system32\tRlu3JUO3H.exe
mRun: [ktxP0yciv3n8234A] C:\Windows\system32\dibD3onG4m6W7EC.exe
mRun: [vELThwUOtPci3n48234A] C:\Windows\system32\Ks7fLgZYwIltPci.exe
mRun: [BweyopaLCr8234A] C:\Windows\system32\wAn4Hs7Eg9.exe
mRun: [pyopaLCr0bna8234A] C:\Windows\system32\Cn4Hs7Eg9Yj.exe
mRun: [haLCr0bna8234A] C:\Windows\system32\y0An4Hs7Eg9YjVI.exe
mRun: [UopaLCr0bnaHWf98234A] C:\Windows\system32\pt0An4Hs7Eg9YjV.exe
mRun: [ehVx1omWdgqXUlB8234A] C:\Windows\system32\SIzNAvoFm5JdKR9.exe
mRun: [qv4J8XIvde1p8234A] C:\Windows\system32\DJ7dEqkezAoH7gY.exe
mRun: [Kym8wypdTIA369r8234A] C:\Users\James\AppData\Roaming\LyopaLCr0bn\OHWf9TjerNAciDn.exe
mRun: [HwypdTIA369rups8234A] C:\Users\James\AppData\Roaming\QLCr0bnaHWf\eTjerNAciDna6W.exe
mRun: [oo8IvJjAHCcHTOb8234A] C:\Users\James\AppData\Roaming\x3on4m5J7EqkezA\FH7gYVtAomJ8hjC.exe
mRun: [Xsgkxbmgrcm8kzo8234A] C:\Windows\system32\aZjwVltPci.exe
mRun: [RpdYB1pEwrvm6Rq8234A] C:\Windows\system32\Rgrcm8kzv5ZlAFJ.exe
mRun: [AG4amH6sW7EgqYU8234A] C:\Windows\system32\XVx23GQ7gY.exe
mRun: [xnG4amH6sJfgqYU8234A] C:\Windows\system32\aynQZeybJhlAF.exe
mRun: [XUPDmdYBDQYtvQf8234A] C:\Windows\system32\wt48tGwS8OGXAHw.exe
mRun: [d2obF4p5JEfZXUl8234A] C:\Windows\system32\b7fEgqYUyD4.exe
mRun: [h79YrASpQ7ZIPDm8234A] C:\Windows\system32\RQYv8zGjSWI3LNm.exe
mRun: [BgkP36LkP358wzv8234A] C:\Windows\system32\k1oGWLTCz0F.exe
mRun: [tPNycA1uv2b4m5Q8234A] C:\Windows\system32\kYkVOzyAvo4ms7E.exe
mRun: [F2sKTlxoGdRqkNv8234A] C:\Windows\system32\v9YrASpQ7ZIPDmJ.exe
mRun: [e8hCrAin6RqkNi8234A] C:\Windows\system32\xpQ7ZIPDmJZV035.exe
mRun: [CcGsfTwl0b4WLqU8234A] C:\Users\James\AppData\Roaming\RtiG6EYOSFJ\IO1pdhlcosfUN2a.exe
mRun: [YUVrlOBtx0cn48234A] C:\Windows\system32\aQH6dWK7fg.exe
mRun: [vsfTwl0b4WLqUtS8234A] C:\Windows\system32\St1469lxF6TBu.exe
mRun: [SQRqItSpH7Twl0b8234A] C:\Windows\system32\STlxoGdRqkNvFaK.exe
mRun: [kHWd8ZXUlt0Avo8234A] C:\Windows\system32\LYl0in5EZkOyD4Q.exe
mRun: [iUlt0Avo4Q8234A] C:\Windows\system32\EVz1oHdRwlNuo4G.exe
mRun: [qFmdRXltN8234A] C:\Windows\system32\jRVyoJZeybJRCyb.exe
mRun: [Cs6dEK8fR9T8234A] C:\Windows\system32\ZUeBzyAv2Fmd.exe
mRun: [DePAvo4mJdfhwCI8234A] C:\Windows\system32\jqrun6RqItSpQLw.exe
mRun: [wNyxAviFGaHdKfL8234A] C:\Windows\system32\vxo7XBc2mJ8YePA.exe
mRun: [UxAviFG5aHdKfLg8234A] C:\Windows\system32\Eo4mJdf9wCIzy1S.exe
mRun: [cYjeIzyADb4m8234A] C:\Windows\system32\yzv4QKhVz1b5E9U.exe
mRun: [lF4pmG5sQ6E88234A] C:\Windows\system32\XE9UrAoGdRqIy.exe
mRun: [xjUCelIBrPy8234A] C:\Users\James\AppData\Roaming\adqUB0Avo4\DQd8ZYjeIzy1Db4.exe
mRun: [Ewl0in5dRXlN1om8234A] C:\Windows\system32\ZdWK8fRL9TqUeIr.exe
mRun: [qrx2m6RqkNuFaK98234A] C:\Windows\system32\cRL9hTXqjCkBNv2.exe
mRun: [wH6sWJ7fE8TqYwU8234A] C:\Windows\system32\ALTjCVOxuiDo.exe
mRun: [eQTIAGLkxinWZwO8234A] C:\Windows\system32\glc4KwzGfCu5Rk.exe
mRun: [UsLwz1oHEXBcDp8234A] C:\Windows\system32\VCN3WCx1nWZwOyv.exe
mRun: [GHEXBcDps88234A] C:\Windows\system32\PwOyvaEqwVO.exe
mRun: [eL9qCIzxu2F8234A] C:\Windows\system32\grBxy1vo4Hs7LRh.exe
mRun: [DL9qCIzxu2F8234A] C:\Windows\system32\lkrBxy1vo4Hs7LR.exe
mRun: [EA0uvS2ib35Q6f98234A] C:\Windows\system32\ewVOyD4Hsd8Rhw.exe
mRun: [krlONPS1i3G8234A] C:\Users\James\AppData\Roaming\cPDG68ZjBy1S\KmaKfhqCIzyAuSi.exe
mRun: [SVrltis7Eg8234A] C:\Windows\system32\PG4aQH6sW7E.exe
mRun: [SERYkeBPci8234A] C:\Windows\system32\qi3Gas7LCUrt0c1.exe
mRun: [HJERYkeBPci2Fms8234A] C:\Users\James\AppData\Roaming\bD3p67LgZlSi3Ga\O7LCUrtPc1.exe
mRun: [uAi3ad7R9XjeVOx8234A] C:\Windows\system32\FcaLUcH9ID58.exe
mRun: [S2ibD3a6W7EgZYw8234A] C:\Windows\system32\C9eNSpQd8LqUkNu.exe
mRun: [tW7EZYwIVO8234A] C:\Windows\system32\Qz1baWXrupQKqIt.exe
mRun: [OYCwkIrO0SiDoGa8234A] C:\Windows\system32\seVOxA0u2b36W7E.exe
mRun: [oWJ7fEL8gqYwVOx8234A] C:\Windows\system32\w6RCzASi3QW7E.exe
mRun: [iCwkOxy1ioFa5W78234A] C:\Windows\system32\pibD3onG4m6W7E8.exe
mRun: [N9VzAomE9jrxSmJ8234A] C:\Users\James\AppData\Roaming\w4amH6sWJfLgYwO\ay1ivonF4m5W7E8.exe
mRun: [uRgTYkIVr8234A] C:\Windows\system32\nnHfTItc3m7TVtS.exe
mRun: [EYeIVrciDn4Qf8234A] C:\Windows\system32\OLYrPiFsLhUBcom.exe
mRun: [BfEL9gTZqYwIrOt8234A] C:\Windows\system32\GkNubaWRgXjeIrc.exe
mRun: [BELTZqjYCkVlNx08234A] C:\Windows\system32\BWfRgTYkIrtcbpG.exe
mRun: [qlOBtx0S18234A] C:\Windows\system32\dVrlONtxPuSi.exe
mRun: [XXwkVOzy1Dn4Hs78234A] C:\Windows\system32\OlBxy1v3naHWd.exe
mRun: [bwePvF56RwexS3a8234A] C:\Windows\system32\WeBzy1DFm.exe
mRun: [swClPxm6Rhqkyv8234A] C:\Windows\system32\KZ9hYXwjUeBc1v2.exe
mRun: [hfjOv3d9YrxS3a68234A] C:\Windows\system32\hBxiGdgCzSps.exe
mRun: [z4HsKE9ZYw8234A] C:\Windows\system32\KGJWf9TUeBOx0Sb.exe
mRun: [CEgqCVOPi4JLZkB8234A] C:\Windows\system32\e0oH7hUxDHXBiFJ.exe
mRun: [FQK9Cz0inHEq8234A] C:\Windows\system32\TgqCUOxcDaJE.exe
mRun: [UelIPc2JRwl8234A] C:\Windows\system32\FQK9Cz0inHEq.exe
mRun: [mhwelIPc2JRwlyS8234A] C:\Windows\system32\TTjeO2pQK.exe
mRun: [UCekBrNAui3Ga6K8234A] C:\Windows\system32\zFm5QKZwlB.exe
mRun: [PtSoHWfTwBy3mJ8234A] C:\Windows\system32\obQferxi3GQ7Rg.exe
mRun: [dRhVIzNAo8234A] C:\Windows\system32\IhVx1F5EqUP2sKh.exe
mRun: [UTwCzy1SpJKRTje8234A] C:\Windows\system32\Ytc3aJEgqX.exe
mRun: [rhYwkUltP8234A] C:\Windows\system32\GKf9XVNA2p.exe
mRun: [kna67hkUrBP8234A] C:\Windows\system32\mJKRTXjeBO.exe
mRun: [AomJ8YVtcD4W8234A] C:\Windows\system32\PZhwVOzy1Do4ms7.exe
mRun: [if9TjwVlNx0cb8234A] C:\Windows\system32\yb4sEZwlPin.exe
mRun: [W4HWf8ZhwVOxySD8234A] C:\Windows\system32\LDp4HWf9TjwVltP.exe
mRun: [smH5s7E8gqYkVOz8234A] C:\Windows\system32\SPDnaHW7ghwOPyv.exe
mRun: [sGaJWf9XUkrNAv8234A] C:\Windows\system32\J5sWJ7dELgZhkeO.exe
mRun: [BwVOxu1o4Hs7Tkl8234A] C:\Windows\system32\ukVOzyio4HQ7.exe
mRun: [pUCelIxA1SoFm5J8234A] C:\Windows\system32\Js7LThwUrOtPy1D.exe
mRun: [xClzxA1SoFGJWLX8234A] C:\Windows\system32\Pi3GQ7TjwVOxuDo.exe
mRun: [yqhYCwkUlt0Sv3F8234A] C:\Windows\system32\RfLXUkBOAu2bna6.exe
mRun: [CUt0v3FJEgqkyiD8234A] C:\Windows\system32\kUIzx2Fn6KRgqC.exe
mRun: [XAoQKRhwVIzy1Db8234A] C:\Windows\system32\zDn5JEgXUl.exe
mRun: [yd8ZTjeBPyAv2b38234A] C:\Windows\system32\b1Sbp5JWR9XUkr.exe
mRun: [jhTXqjUCeBzyuSi8234A] C:\Windows\system32\ETjeBPyAv2b3Ga6.exe
mRun: [etxA0ucbDpGHsKf8234A] C:\Windows\system32\UK7R9gTXqYe.exe
mRun: [kGH6sWK7fgqYkVO8234A] C:\Windows\system32\ogTXqjYCerOtAu.exe
mRun: [EH6sWK7fEgqwIlt8234A] C:\Windows\system32\tXqjYCekIOtAubn.exe
mRun: [z6WR9XCIrNx0i8234A] C:\Windows\system32\Un6EZwlPv4W.exe
mRun: [tibnG4H6sKfLTqY8234A] C:\Windows\system32\a0v4Q8YePuFsK.exe
mRun: [tibDnG4HsKfTqYw8234A] C:\Windows\system32\gTUkrNviFna6WR9.exe
mRun: [LlONtxP0uSiDoGa8234A] C:\Windows\system32\DsWK7fETZjC.exe
mRun: [e8gTZqhYCkV8234A] C:\Windows\system32\kwkrlONtx0c1b3n.exe
mRun: [yUVrlOBtxc1v3n48234A] C:\Windows\system32\o3onG4amHsJfLgZ.exe
mRun: [QJRhwCIzyAvp5Jd8234A] C:\Windows\system32\C13Fms7LqXUt0Av.exe
mRun: [GIlN0ci3n6JEgCU8234A] C:\Windows\system32\GByuSbGHWf9XYkN.exe
mRun: [zBtzNyc1uDoFp8234A] C:\Windows\system32\lFm57LRqYkVOt01.exe
mRun: [zIBNycv2b4m5J8234A] C:\Windows\system32\IRwVOt0vo.exe
mRun: [XNyc1uvD2b45JE88234A] C:\Windows\system32\AVOt01Dnp5QEgZY.exe
mRun: [CelIzyAvo3ma6Kf8234A] C:\Windows\system32\HJ6EK8fRZhX.exe
mRun: [ec1Dnp5Qd8R8234A] C:\Windows\system32\LfRL9gXztASDGsY.exe
mRun: [JXwjUVelItPyAuD8234A] C:\Windows\system32\y6EZkBcD4W8.exe
mRun: [tG5sQJ6dE8R9TwU8234A] C:\Windows\system32\cA1uvD2ob.exe
mRun: [Y6dEK8fRZhXjlBz8234A] C:\Windows\system32\OlIBtzPNyAuDoFG.exe
mRun: [K8fRZ9hTXjlBzNx8234A] C:\Windows\system32\ZzPNycA1uDoFGsJ.exe
mRun: [nJ6dWK8fR9TqUeI8234A] C:\Windows\system32\p4G5sQJ6dKfZhXj.exe
mRun: [IUCekIBrzNx0v2b8234A] C:\Windows\system32\v8YeP1b5E9jBx.exe
mRun: [pBrzONyxAuSiFpG8234A] C:\Windows\system32\QjOuDafqUtv4WZ.exe
mRun: [XQH6dWK7fLgjCkV8234A] C:\Windows\system32\dvS2ibF3p.exe
mRun: [mjYCekIVrO8234A] C:\Windows\system32\zpnG5aQH6W7R9.exe
mRun: [zS2ibD3pn4Q6W7E8234A] C:\Windows\system32\OnG5aQH6dKfLg.exe
mRun: [mEL9gTZqjCkVlNx8234A] C:\Users\James\AppData\Roaming\mjYCekIVrO\KtxA0ucS2b3n4Q6.exe
mRun: [q8ThwklOBx0c1Do8234A] C:\Windows\system32\oVxu2Dn6KEgCIl.exe
mRun: [bwklOBtxPySiDoF8234A] C:\Windows\system32\J2Da6KEgCIl0SDn.exe
mRun: [NOBtxP0yc1DoFaH8234A] C:\Windows\system32\Cl0SDna6WLT.exe
mRun: [V7dEL8gRZ8234A] C:\Windows\system32\J0ycS1iD3n4m.exe
mRun: [GJ7dEK8gR9YwUeI8234A] C:\Users\James\AppData\Roaming\V7dEL8gRZ\PhYXwkUVeOtPyA.exe
mRun: [fPycAivD2FpHs8234A] C:\Windows\system32\FF4amH5WJ.exe
mRun: [pcAivD2F4m5Q7E88234A] C:\Windows\system32\xamH5WJdgqY.exe
mRun: [d4pmH5sQJdKgZhX8234A] C:\Windows\system32\bL8gqhXUVltPc1v.exe
mRun: [CsQJ6dEK8R9TwUe8234A] C:\Users\James\AppData\Roaming\d4pmH5sQJdKgZhX\IjelIBtzPyAuDoF.exe
mRun: [FBtxP0ycSiDoFa58234A] C:\Windows\system32\o1bom6WfE8TYwU.exe
mRun: [Z5sWJ7dELgZhXkV8234A] C:\Windows\system32\EVrlOBtxPySiDoF.exe
mRun: [TH5sWJ7dE8RqYwV8234A] C:\Windows\system32\VkUVrlOBtPySiDo.exe
mRun: [cJ6dWK8fR9TqUeI8234A] C:\Windows\system32\xqXVlOBtz0c1v2n.exe
mRun: [KBrzONyxAuSiFpG8234A] C:\Windows\system32\efRL9hTXqUe.exe
mRun: [v0ucS2ibDpGaHsK8234A] C:\Users\James\AppData\Roaming\CekIBrzONx0v2b3\knG5aQH6dKfLgX.exe
mRun: [e0ycS1ivDoFaHs8234A] C:\Windows\system32\L6JEgqYCwVl.exe
mRun: [sYXwkUVeBz0c1v28234A] C:\Windows\system32\RivD3onF4msJdLg.exe
mRun: [m0ycA1ivDoFpH8234A] C:\Windows\system32\DdEL8gRZqYwUeO.exe
mRun: [LrzPNyxA1So3G6W8234A] C:\Windows\system32\W5sQJ6dEKfZhXjC.exe
mRun: [flIBrPNyx12b3m58234A] C:\Windows\system32\FvDobF4pm5Q68Rh.exe
mRun: [vaQH6dWK7LgXj8234A] C:\Windows\system32\GCeIBrzONx0v2.exe
mRun: [CzONyxA0u2FpGaH8234A] C:\Windows\system32\DF3pmGaQJW8R9Tq.exe
mRun: [aQH6sWK7fLgZj8234A] C:\Windows\system32\bVrzONtxAuSiDp.exe
mRun: [abD3pnGQ6W7LTqC8234A] C:\Windows\system32\y6dWK7fRgXjCkrN.exe
mRun: [Q0cA1iDn4m5Q78R8234A] C:\Windows\system32\XrBx0Si3Fms7EgZ.exe
mRun: [jWJ7fEL8gZhCV8234A] C:\Windows\system32\lVNtxP0ucb3n.exe
mRun: [pnF4pmH5sJdKgZh8234A] C:\Windows\system32\WqhYXwkUVlBz0c1.exe
mRun: [SIBtzPNyc1v2b4m8234A] C:\Windows\system32\nn4pmH5sQ7E8R9Y.exe
mRun: [UA1uvS2ob3m5Q6W8234A] C:\Windows\system32\O6dEK8fRZhXjClB.exe
mRun: [pTXqjUCeI8234A] C:\Windows\system32\nIBNyx1vSb3m5W8.exe
mRun: [S9gTXqjYCkVzNx08234A] C:\Windows\system32\vnG5aQH6dK.exe
mRun: [SnG5aQH6dKfLg8234A] C:\Windows\system32\xjUCIBrzOyAuSi.exe
mRun: [qONtxA0uc2b3n4Q8234A] C:\Windows\system32\IaQH6dWK7R9TqYe.exe
mRun: [hzONyxA0uSiFpGa8234A] C:\Windows\system32\I5aQJ6dWKfLhXjC.exe
mRun: [TONyxA0uv2b3n5Q8234A] C:\Windows\system32\fQJ6dWK8fLhXjCk.exe
mRun: [ppnG5aQH6W7R9Tq8234A] C:\Windows\system32\WXqjUCekIrOyAuS.exe
mRun: [AQH6dWK7fLgXjCk8234A] C:\Windows\system32\lkIBrzONyAuSiFp.exe
mRun: [dG4aQH6sW7E9TqY8234A] C:\Windows\system32\TjYCekIVrOtAuSi.exe
mRun: [bH6sWK7fE9TqYwI8234A] C:\Windows\system32\aCekIVrzOtAuSiD.exe
mRun: [JWJ7fEL8gZYwUrO8234A] C:\Windows\system32\nlONtxP0uSiDoGa.exe
mRun: [l5sWJ7dELgZh8234A] C:\Users\James\AppData\Roaming\XH6sWJ7fE8TqYwU\krlOBtxP0c1v3n.exe
mRun: [tlOBtzP0yAiDo8234A] C:\Windows\system32\emH5sWJ7dLgZhX.exe
mRun: [XP0ycA1iv2n4m5Q8234A] C:\Windows\system32\fsWJ7dEL8RqYwUe.exe
mRun: [vS1ivD3on48234A] C:\Windows\system32\jTZqhYCwkVlBx.exe
mRun: [ccS1ivD3oFaH8234A] C:\Windows\system32\PL8gTZqhYwUrOt.exe
mRun: [uYCwkUVrBx0c1v38234A] C:\Windows\system32\smH6sWJ7fLg.exe
mRun: [svD3onF4aHsJdLg8234A] C:\Windows\system32\R8gTZqhYCkVlBx0.exe
mRun: [AhYXwjUVeItPyAu8234A] C:\Windows\system32\zivD2onF4m5Q7E8.exe
mRun: [LG5sQJ6dE8R9TwU8234A] C:\Windows\system32\blIBtzPNyAu.exe
mRun: [cuvS2obF3m5Q8234A] C:\Windows\system32\KZ9hYXUVeItPyAu.exe
mRun: [iH6dWK7fR9TqYeI8234A] C:\Windows\system32\rhTXqjUCeIrOyAu.exe
mRun: [hvD2onF4pHsJdKg8234A] C:\Windows\system32\bD3onF4am5W7E8R.exe
mRun: [JS1ivD3on8234A] C:\Windows\system32\VsWJ7fEL8TqYwUr.exe
mRun: [xsWJ7dEL8RqYwUe8234A] C:\Windows\system32\FEL8gTZqhCkV.exe
mRun: [sdEK8gRZ9YwUeIt8234A] C:\Windows\system32\gOBtzP0yc1v2n4m.exe
mRun: [VYCekIVrzNx0c2b8234A] C:\Windows\system32\XJ7dEK8gR9YwUeI.exe
mRun: [oNtxP0ucSiDoGaH8234A] C:\Windows\system32\unG5aQH6dKfLgXj.exe
mRun: [CIVrlONtxuSiDoG8234A] C:\Windows\system32\lbD3pnG4aHsKfLg.exe
mRun: [RycA1ivD2n4m5Q78234A] C:\Windows\system32\pnF4amH5sJdLgZh.exe
mRun: [w3onF4amHsJdL8234A] C:\Windows\system32\ghYXwkUVeOtPyA.exe
mRun: [rsWJ7dEL8RqYwUe8234A] C:\Windows\system32\RhYCwkUVrOtPySi.exe
mRun: [gpmH5sQ7dKgZhXj8234A] C:\Windows\system32\cZqhYXwkUeOtPyA.exe
mRun: [J1ivD2onFpHsJdK8234A] C:\Windows\system32\R7dEL8gRZhXkVl.exe
mRun: [JBtzPNycA8234A] C:\Windows\system32\SvD2onF4pHsJdKg.exe
mRun: [XVelIBtzPy8234A] C:\Windows\system32\c1ivD2onFpHsJdK.exe
mRun: [qF4pmG5sQ8234A] C:\Windows\system32\PsQJ7dEK8R9YwUe.exe
mRun: [ldEK8gRZ9YwUeIt8234A] C:\Windows\system32\nivD2onF4.exe
mRun: [rvD2onF4pHsJ8234A] C:\Windows\system32\kZqhYXwkUeOtPy.exe
mRun: [B2onF4pmHsJdKgZ8234A] C:\Windows\system32\jRZqhYXwkVlBz0c.exe
mRun: [QP0ycA1iv2n4m58234A] C:\Windows\system32\pWJ7dEL8gZhXkVl.exe
mRun: [DwkUVelOBz08234A] C:\Windows\system32\jF4amH5sW7E8R.exe
mRun: [OdEL8gRZqYwUeOt8234A] C:\Windows\system32\ktxP0ycS1v3n4m5.exe
mRun: [xbD3onG4aHsJfLg8234A] C:\Windows\system32\S8gTZqhYCkVlBx0.exe
mRun: [dP0ucS1ib3n4m6W8234A] C:\Windows\system32\T6sWK7fELgZjCkV.exe
mRun: [bucS1ibD3n4m6W78234A] C:\Windows\system32\HK7fEL9gTqYwIrO.exe
mRun: [WZqjYCwkIrOt8234A] C:\Windows\system32\HibD3pnG4Q6W7E.exe
mRun: [ZucS2ibD3n4Q6W78234A] C:\Windows\system32\dK7fRL9gTqYeIrO.exe
mRun: [RA0ucS2ib3n4Q6W8234A] C:\Windows\system32\sWK7fRL9gXjCkVz.exe
mRun: [kzONtxA0uSiDpGa8234A] C:\Windows\system32\P5aQH6dWKfLgXjC.exe
mRun: [LqjUCekIBzNx0v8234A] C:\Windows\system32\W2obF3pmGaJdKfL.exe
mRun: [V9hTXqjUCkBzNx08234A] C:\Windows\system32\hA1uvS2ob3m5Q6W.exe
mRun: [KTXqjUCekBzNx0v8234A] C:\Windows\system32\auvS2obF3m5Q6W8.exe
mRun: [k0uvS2ibFpGaHdK8234A] C:\Windows\system32\xdWK8fRL9TqUeIr.exe
mRun: [W6dWK7fRLgXjCkV8234A] C:\Windows\system32\aBrzONyxAuSiFpG.exe
mRun: [Y5aQH6dWKfLgXjC8234A] C:\Windows\system32\fCekIBrzOyAuSiF.exe
mRun: [TG5aQH6dW7R9TqY8234A] C:\Windows\system32\fUCekIBrzNx0v2b.exe
mRun: [GXqjUCekIrOyAuS8234A] C:\Windows\system32\vS2obF3pm5Q6W8R.exe
mRun: [lxA0uvS2iFpG8234A] C:\Windows\system32\UK8fRL9hTqUeIr.exe
mRun: [rTXqjUCekBzNx0v8234A] C:\Windows\system32\SvS2obF3pGaJdKf.exe
mRun: [h6dWK8fRLhXjCkB8234A] C:\Windows\system32\BBrzPNyxAuSoFpG.exe
mRun: [rG5aQJ6dW8R9TqU8234A] C:\Windows\system32\SUCelIBrzNx1v2b.exe
mRun: [tyxA1uvS2b3m58234A] C:\Windows\system32\edEK8fRZ9TwUeI.exe
mRun: [xXwjUVelItPyAuD8234A] C:\Windows\system32\ZpmH5sQJ7E8R.exe
mRun: [AQJ7dEK8gZhXjVl8234A] C:\Windows\system32\v1ivD2onFp.exe
mRun: [hwjUVelIBzNc1v28234A] C:\Windows\system32\V2onF4pmHsJdKgZ.exe
mRun: [x2obF4pmGsJdKf8234A] C:\Windows\system32\rZ9hYXwjUeItPyA.exe
mRun: [n1uvD2obFpGsJdK8234A] C:\Windows\system32\uK8gRZ9hYwUeItP.exe
mRun: [AlIBtzPNyAuD8234A] C:\Windows\system32\NH5sQJ7dE8R9Yw.exe
mRun: [YBtzPNycAuDoFpG8234A] C:\Windows\system32\gH5sQJ7dE8R9YwU.exe
mRun: [LEK8gRZ9hXjVlBz8234A] C:\Windows\system32\YOBtzP0yc1v2n4m.exe
mRun: [mnF4pmH5sJdKgZh8234A] C:\Windows\system32\KqhYXwkUVlBz0c1.exe
mRun: [fivD2onF4m5Q7E88234A] C:\Windows\system32\X8gRZqhYXkVlBz0.exe
mRun: [KvD2onF4pHsJdKg8234A] C:\Windows\system32\QgRZqhYXwUeOtPy.exe
mRun: [D2onF4pmHsJdKgZ8234A] C:\Windows\system32\yRZqhYXwkVlBz0c.exe
mRun: [fgRZ9hYXwUeItPy8234A] C:\Windows\system32\Y0ycA1ivDoFpHsJ.exe
mRun: [PwkUVelOBz0c1v8234A] C:\Windows\system32\l3onF4amHsJdLgZ.exe
mRun: [NwkUVelOBz0c1v28234A] C:\Windows\system32\I3onF4amHsJdLgZ.exe
mRun: [gwkUVelOBz0c1v28234A] C:\Windows\system32\V3onF4amHsJdLgZ.exe
mRun: [UP0ycA1iv2n4m58234A] C:\Windows\system32\hWJ7dEL8gZhXkVl.exe
mRun: [jtzP0ycA1v2n4m58234A] C:\Windows\system32\B5sWJ7dELgZhXkV.exe
mRun: [fEK8gRZ9hXjVlBz8234A] C:\Windows\system32\XzP0ycA1iDoFpHs.exe
mRun: [m4pmH5sQJdKgZhX8234A] C:\Windows\system32\J0ycA1ivD.exe
mRun: [atxP0ycS1v8234A] C:\Windows\system32\t7fEL8gTZhCkV.exe
mRun: [dvD3onF4aHsJdLg8234A] C:\Windows\system32\T8gTZqhYCkVlBx0.exe
mRun: [dzP0ycA1iDoF8234A] C:\Windows\system32\QJ7dEL8gRqYwUe.exe
mRun: [IQJ7dEK8gZhX8234A] C:\Windows\system32\UOBtzP0yc1v2n4.exe
mRun: [q9hYXwjUVlBzNc18234A] C:\Windows\system32\DycA1ivD2n4m5Q7.exe
mRun: [dQJ7dEK8gZhXjVl8234A] C:\Windows\system32\B1ivD2onFp.exe
mRun: [EWJ7dEL8gZhXkVl8234A] C:\Windows\system32\TVrlOBtxPySiDoF.exe
mRun: [XqhYXwkUVlBz0c18234A] C:\Windows\system32\E1ivD3onFaHsJdL.exe
mRun: [LjUVelIBtPyAuDo8234A] C:\Users\James\AppData\Roaming\yXwkUVelOtPyAiD\WonF4pmH5Q7E8R9.exe
mRun: [O9hTXqjUCk8234A] C:\Windows\system32\lUCelIBrzNx1v2b.exe
mRun: [bxA0uvS2iFp8234A] C:\Windows\system32\kfRL9hTXqUeIrO.exe
mRun: [eibD3pnG4Q6W7E8234A] C:\Windows\system32\jTXqjYCekVzNx0c.exe
mRun: [Si3GQd79jCIzt0S8234A] C:\Windows\system32\EZhkVBPcDn45Jd8.exe
mRun: [dwjUClIBr8234A] C:\Windows\system32\xcsTSQTzbdI.exe
mRun: [EwjUClIBrP8234A] C:\Windows\system32\rjS6Cc6knqcHRlD.exe
mRun: [LaKheBPy1Sb8234A] C:\Windows\system32\B7EgZhkeOt.exe
mRun: [xKheBPy1SbpGaJ8234A] C:\Windows\system32\fZhwUlBPy1.exe
mRun: [p3n5HdWK7RApsgC8234A] C:\Windows\system32\j9hTXwjUClBzNx1.exe
mRun: [dWRU0o5gj8234A] C:\Windows\system32\OkIBAv23n5HdKRA.exe
mRun: [q7ZU0oWRU0o5gjz8234A] C:\Windows\system32\X0vn5JEgYkeOz.exe
mRun: [bZU0oWRU0o5gjzo8234A] C:\Users\James\AppData\Roaming\k3aKheBPy1Sb3Ga\C9hXUekIBAv23n5.exe
mRun: [igCz0iG6EZkNc3a8234A] C:\Windows\system32\VdZjy5wAJUAbH7q.exe
mRun: [qG6EZkNc3aJgCl08234A] C:\Windows\system32\wQ8Ye1JUvWkvpWT.exe
mRun: [Kop5JE8ZTwUlB8234A] C:\Users\James\AppData\Roaming\DwINubG6Rqk\naKgCz0iG.exe
mRun: [oop5JE8ZTwUlBP8234A] C:\Users\James\AppData\Roaming\DwINubG6Rqk\qKgCz0iG6EZk.exe
mRun: [qOxu23GQs7EgqYV8234A] C:\Windows\system32\WvoFms7KRhwVBop.exe
mRun: [dkOxSbD3G8234A] C:\Windows\system32\YcvoFms7KRhwVBo.exe
mRun: [JFsELgZhkltPyAD8234A] C:\Windows\system32\ABPx1SbpG.exe
mRun: [CltNcA1uDb4msJ8234A] C:\Users\James\AppData\Roaming\q0viF3p5a\md7RgjkOxu23GHs.exe
mRun: [vDnp5JgluX8234A] C:\Windows\system32\iDFQ7K8RYIcoGdR.exe
mRun: [auDb4msJdKfZXjC8234A] C:\Windows\system32\FOxSbD3GaHWf.exe
mRun: [wfqItiboHJ8234A] C:\Windows\system32\ud9COvpQWfCzbQZ.exe
mRun: [NByioHJLqVv8234A] C:\Windows\system32\nfRL9hTXqUeIrOy.exe
mRun: [buQ8RTjCIrN0Sip8234A] C:\Users\James\AppData\Roaming\uJLZYkBPSDo4\zbClxAu2FpGa6W8.exe
mRun: [DP5jbUaOf2CHPZ58234A] C:\Windows\system32\GF4pmG5sQ6E8R.exe
mRun: [h7CxoJYtn7jcJCu8234A] C:\Windows\system32\geUEe3d9qezxvi5.exe
mRun: [EyyBzVYLa0wdbAV8234A] C:\Users\James\AppData\Roaming\Epm5aQd8Lh\yGdRqIA3Wj0mhPa.exe
mRun: [nAi4WLjIx8234A] C:\Windows\system32\gEicRoe6ATQ.exe
mRun: [e7TYlyv4EXtimKw8234A] C:\Windows\system32\zoe6ATQNTnesFUG.exe
mRun: [zF7YBumZrodU05g8234A] C:\Windows\system32\Ke6OUW1UEoeXbq1.exe
mRun: [KcHYS7B5Un8234A] C:\Users\James\AppData\Roaming\cKxldDlf32j3Cbf\bsc5qOi5RlcGZB6.exe
mRun: [VPh07OsIGV4h8234A] C:\Users\James\AppData\Roaming\sE3EkyF7Xzo\ljG9CySn7gqCzAb.exe
mRun: [S9cLyJBd1RSOYfJ8234A] C:\Users\James\AppData\Roaming\J8n8VAm8UN48\ja9CySn7gqCzA.exe
mRun: [UehJaDtCRJo8234A] C:\Windows\system32\grrrtBOXCqgqqL.exe
mRun: [G9JFuVg672yjrIL8234A] C:\Windows\system32\ACzAi4WLjIx1oH7.exe
mRun: [DuOTqE51NBUTKGo8234A] C:\Windows\system32\iNrrrtBOXCqgqqL.exe
mRun: [qfa30xlYfKQ68234A] C:\Users\James\AppData\Roaming\d11uAxBkUREfRHD\oJAwQujHcVLave.exe
mRun: [uPrkjY8smbSpDbP8234A] C:\Users\James\AppData\Roaming\j2boF21yBBX9XgW\QOJAwQujHcVLav.exe
mRun: [t8gRZhYXwUeOJRY8234A] C:\Windows\system32\CCwkIVrlOtPuSiD.exe
mRun: [t8gRZqhXwUeOItP8234A] C:\Windows\system32\oqhYCwkUVlB.exe
mRun: [BAF7hIcbQRUzF6O8234A] C:\Windows\system32\FYCwkUVrlBxy.exe
mRun: [QTwlP0u1bGmsJLY8234A] C:\Windows\system32\Db6Tz2HTrcnWZV0.exe
mRun: [CLN4TxnLUiWRVyn8234A] C:\Users\James\AppData\Roaming\EJ7dEL8gRhXUeOJ\KYeBtzNc1v2bpGQ.exe
mRun: [Jwu4TlnWRVyn79j8234A] C:\Windows\system32\XBtzNc1v2bpGQdK.exe
mRun: [G9G6qkVONAci3GQ8234A] C:\Windows\system32\L6OvndTVuGWTIPD.exe
mRun: [JVvs8kP258jB8234A] C:\Windows\system32\lvJU1G9zpLridqN.exe
mRun: [ejyb8xaYS7V17Uv8234A] C:\Windows\system32\AWUSmgOoQhzo6wN.exe
mRun: [EeXyGZ1LzpfC0GE8234A] C:\Windows\system32\C9zpLridqNDKCP4.exe
mRun: [YRB3HL8J7l8234A] C:\Windows\system32\F7hBAp6hCyoaLku.exe
mRun: [ZXViWqu6g8234A] C:\Windows\system32\iYzF7XVItNAvop5.exe
mRun: [FTO29jCkq11bWJd8234A] C:\Windows\system32\eyFQZeybQRjPum8.exe
mRun: [ZjCUXpRjU8234A] C:\Users\James\AppData\Roaming\IOHEjINP01bGmsJ\QYklt0Svms7LgZw.exe
mRun: [B6fwUlU5gwrc1Fb8234A] C:\Users\James\AppData\Roaming\NWTwlP0u1bGmsJ\QYklt0Svms7LgZw.exe
mRun: [KFxjQbVL1qmtE8234A] C:\Users\James\AppData\Roaming\DHQjIA2m6xhGXkz\f37X1sV2Xp.exe
mRun: [pvEeoKUAmRI0agV8234A] C:\Windows\system32\iEvUJijsAUHcCs1.exe
mRun: [ocFJghXwjVlBzNc8234A] C:\Users\James\AppData\Roaming\V2CDkHPRnBgblfF\sLoBgnz8FeQbGPi.exe
mRun: [Z6Wf9qjYC8234A] C:\Windows\system32\oNvFaKTeOuDa6Kf.exe
mRun: [mWfgTXqjIz8234A] C:\Users\James\AppData\Roaming\lzHLjb57f5sUOAi\ZTtiaEhxDs8Y02Q.exe
mRun: [AZYrt01voFHWLRh8234A] C:\Windows\system32\W1SbpGQ6KRhXUkr.exe
mRun: [AEgYwrlOxSvoFaJ8234A] C:\Windows\system32\ZGJW8LTqC.exe
mRun: [Wz1o4GQE8ZhwIzN8234A] C:\Windows\system32\Hf9XeBPxuo3GJW8.exe
mRun: [WBzy1DbGdhCzu358234A] C:\Windows\system32\nlry1SbpGQ6K.exe
mRun: [skN0cS1iDaHsfLT8234A] C:\Users\James\AppData\Roaming\bA0ucS2DGQs\zOtxP0cb3GmJETY.exe
mRun: [qJ7fEL8gTqYwUrO8234A] C:\Users\James\AppData\Roaming\uQsK9TZYIrOtPcb\ZoFamJEgqXkVOty.exe
mRun: [xsWfEL8TZhCkVlB8234A] C:\Users\James\AppData\Roaming\bA0ucS2DGQs\rlOtxP0cb3GmJET.exe
mRun: [vtxP0ycS1v3n4m58234A] C:\Windows\system32\Z5dRTr0i5W9Y.exe
mRun: [yon4amH5sJd8234A] C:\Windows\system32\dL8gZqhYC.exe
mRun: [G7dEK8gR9Y8234A] C:\Windows\system32\mamH5sWJ7E.exe
mRun: [XjUCelBrzNx1v8234A] C:\Windows\system32\p4amH5sWJ.exe
mRun: [XUCelBrzPyASo8234A] C:\Users\James\AppData\Roaming\WYXwkUVel\mamH5sWJ7E.exe
mRun: [G7dE8gRZ9Y8234A] C:\Windows\system32\pvD3on4am.exe
mRun: [yycS1ivD3WX0F7h8234A] C:\Windows\system32\mamH5sWJ7E.exe
mRun: [nHqOcQEYr8234A] C:\Users\James\AppData\Roaming\lP0ycA1iv24m\iXwjUVelIzNc1v2.exe
mRun: [s6JfLThVOxc1Dn48234A] C:\Users\James\AppData\Roaming\JlOtzP0yc\nJ7dE8gRZ.exe
mRun: [YF4mH5sQJd8234A] C:\Windows\system32\sVelOtzP0c1v24m.exe
mRun: [CmQJ7dEK8R98234A] C:\Windows\system32\OPNyxAS2oFp5Q68.exe
mRun: [s3pmG5aQJdKfLhX8234A] C:\Windows\system32\lRZ9hTXwjClBzNx.exe
mRun: [pIBzONyxAuSi3n58234A] C:\Windows\system32\tuvS2obF3m5Q6.exe
mRun: [xONyxA0uv2b3n5Q8234A] C:\Windows\system32\PS2obF3pm5Q6W8.exe
mRun: [zH6sWK7fE9TqY8234A] C:\Windows\system32\e7RL9gTXqYeIrOt.exe
mRun: [L01boGm6Jf88234A] C:\Windows\system32\A1iDopHQdKRhXUl.exe
mRun: [HVIBtzNyAuD8234A] C:\Windows\system32\bEf9XUlrNv3aKhU.exe
mRun: [cZhUlz1b4GsJKfZ8234A] C:\Windows\system32\UNyAuD2Fm5JdKf.exe
mRun: [GlBP12bmeyu2F8234A] C:\Windows\system32\ckVzNtxA0.exe
mRun: [Wo3maJWRhXUeBOx8234A] C:\Windows\system32\BLgZqjYwIrNPcio.exe
mRun: [IihvXQBsrWrbWjt8234A] C:\Windows\system32\kYwVOt0SiDn4HWd.exe
mRun: [gtdN6PfNpfC0skP8234A] C:\Users\James\AppData\Roaming\dPci3naHW7Eg\fwVOt0SiDn4HWd8.exe
mRun: [GLThCwkUVltPci38234A] C:\Windows\system32\rvbpGQ6KR.exe
mRun: [U5dEKfRZ9TwUeI8234A] C:\Windows\system32\cW7LgqXUrBPc.exe
mRun: [c5CIPN15Khe28234A] C:\Windows\system32\jP12bmeyu2FmWLT.exe
mRun: [mWhe29NaTr8234A] C:\Windows\system32\ImgU0oJZB1pEXtv.exe
mRun: [Y5dZUP1HRlcbQ8234A] C:\Windows\system32\mF3pG5fhUz.exe
mRun: [myFEjtu469eybWq8234A] C:\Windows\system32\f5WfR9YVt0iGH7g.exe
mRun: [NX2BGj0GZnwqDgt8234A] C:\Windows\system32\UdkoJhI1mET.exe
mRun: [Hj492fzbK0IqmkR8234A] C:\Windows\system32\WhI1mETzSmKq.exe
mRun: [LNLikpldueaAgGc8234A] C:\Users\James\AppData\Roaming\U5KjN2Q9wP3WZV0\UmhzodUu5XNp9Op.exe
mRun: [VEt4RP5Xru3HfYN8234A] C:\Windows\system32\zNLN3fNZmOpZyJU.exe
mRun: [t3Q8hUryv3aWR8234A] C:\Windows\system32\cslS6qynf.exe
mRun: [qaECtbm7TwOcnJq8234A] C:\Windows\system32\VEt4RP5Xru3HfYN.exe
mRun: [zHEwPvpJfw8234A] C:\Windows\system32\V3mLYlyoH8XB.exe
mRun: [jxSpQKLjIy8234A] C:\Windows\system32\uXBipQKhePDpJfX.exe
mRun: [pIxSpQKLjBySpHf8234A] C:\Windows\system32\z8XBipQKhePDpJf.exe
mRun: [xOcFJZeP258wtum8234A] C:\Windows\system32\t0inH7gCrunKqlS.exe
mRun: [lgDUs045n8234A] C:\Windows\system32\LAhowQI6zdNgGY.exe
mRun: [JxrYg7JFF2SAx1n8234A] C:\Windows\system32\JgFNKu8yR0q3kWP.exe
mRun: [NxKVoZc7UoZuXS8234A] C:\Windows\system32\eJTBxSpJfTe.exe
mRun: [PJ5pnmss6Q544as8234A] C:\Windows\system32\ZTnPsNZGz.exe
mRun: [jGTzbdC05XxG98234A] C:\Users\James\AppData\Roaming\YApWTVunWTkxc3s\jOoebh18rb7I2EO.exe
mRun: [U2Jjxp9O3EIua8U8234A] C:\Windows\system32\wTkxc3sgOnebh18.exe
mRun: [a5s6E8R9XU8234A] C:\Windows\system32\Z1sCS5wyHZz4RI2.exe
mRun: [s0u2FpGaHKRgXjC8234A] C:\Windows\system32\tBtzPNAu2b4m5.exe
mRun: [X3aW8kPvpdhlc8234A] C:\Windows\system32\as6E8R9XUe.exe
mRun: [ZJVus9I1m8Uu6YA8234A] C:\Windows\system32\oCekIx0u2FpGaHK.exe
mRun: [sxodXcF7wzD8234A] C:\Users\James\AppData\Roaming\CIztAc2bnaEZwl\NnH7TClP1n5dYBA.exe
mRun: [LwPub7gOAGKZ0o8234A] C:\Windows\system32\GUWbOq7Foc2xV.exe
mRun: [YaKgYrAi478234A] C:\Windows\system32\ccDpJfUPo5WLjBx.exe
mRun: [j0FaKgYrAi47jIO8234A] C:\Windows\system32\StuD46fgClc3PmE.exe
mRun: [ggYrAi47jIO0D4J8234A] C:\Windows\system32\ZBcDpJfUPo5WLjB.exe
mRun: [gsRUPSmdhIxin6R8234A] C:\Windows\system32\NWLqwlPiGsLhlS4.exe
mRun: [GhlcbsfjB1FJRjz8234A] C:\Windows\system32\d0D4JYOco.exe
mRun: [H4sK9UBc2G6fXl8234A] C:\Windows\system32\ugwtipJjN2sRUPS.exe
mRun: [XItS3QKgClc3aLh8234A] C:\Windows\system32\HETlyo58TIA.exe
mRun: [xzxHhyFQJhINiq38234A] C:\Windows\system32\I0OIkLKEJGas77K.exe
mRun: [Vbp56KRhUrA28234A] C:\Windows\system32\G7RXOyD4sK9UBc2.exe
mRun: [fbp56KRhUrA2m8234A] C:\Windows\system32\URXOyD4sK9U.exe
mRun: [YUkI0i4H5LXrB8234A] C:\Windows\system32\CFbiSb44s5QWVvF.exe
mRun: [rIu0iQW8R9BNSvQ8234A] C:\Windows\system32\qp32S1inFbiSb44.exe
mRun: [o1Dop5JKfhw8234A] C:\Windows\system32\EQ8TCryS6Xrcn.exe
mRun: [Z8kPoWRVy8234A] C:\Windows\system32\BYwVlzy1Dop5JKR.exe
mRun: [UjP2sRCy2GdRCz08234A] C:\Windows\system32\rKqrcnKqrSaL.exe
mRun: [ZmQQG3ixB8234A] C:\Windows\system32\sxvs8qOuSQR.exe
mRun: [qUz1n5dRXezcD4s8234A] C:\Windows\system32\OJ9kxFHRjzcnsTI.exe
mRun: [sCRdbzTaui58234A] C:\Windows\system32\DhX1QgV0nJhNDHK.exe
mRun: [oHueR3tPoos8234A] C:\Windows\system32\YdBvQLkzDaql1Fs.exe
mRun: [v1yFopnTzyuobib8234A] C:\Windows\system32\HnsTzS4ETO3WZU.exe
mRun: [oJaKq04Q6WWHJVz8234A] C:\Windows\system32\bKwxv4dgqynKeN.exe
mRun: [CmhZhfLTYhl59la8234A] C:\Windows\system32\IRBA1mgTB6lDJff.exe
mRun: [xHp5o3pa45UvHVt8234A] C:\Windows\system32\LfS8VxyuGHd.exe
mRun: [JWO0DJYCl8234A] C:\Windows\system32\Pd8fer0SH6RqkO.exe
mRun: [XrcGV4twAx8234A] C:\Windows\system32\JbtoWrnVpZl2Yt2.exe
mRun: [ao4Fb37ZhtaqVxo8234A] C:\Windows\system32\aEhYVtzPNu.exe
mRun: [qQWqVc2RzuF7IFK8234A] C:\Windows\system32\zp89IlcoG6EqXYw.exe
mRun: [s0p3JZxQgkxAQLc8234A] C:\Windows\system32\nH6RqkOOBzxNNBO.exe
mRun: [yCKPE05ZBpBsF9O8234A] C:\Windows\system32\KSUnh4wQNfNQYbT.exe
mRun: [ymXx5Ib9nTy7V178234A] C:\Windows\system32\IBHUsIKv9AskGhy.exe
mRun: [oD49IQ8e1i4Lzva8234A] C:\Windows\system32\jOBzxNNBONrOkZg.exe
mRun: [suLO6PJrn8V15ZB8234A] C:\Windows\system32\AD6T1axdAiGdLjV.exe
mRun: [y5WrAbKprmz5ToY8234A] C:\Windows\system32\pueR3tPoosGdLVv.exe
mRun: [aHkcswyp8e15Zl18234A] C:\Windows\system32\x6T1axdAiGdLjV.exe
mRun: [I17jc5wA5XyQqig8234A] C:\Windows\system32\XEXtI02CDwiWYP5.exe
mRun: [imz5ToYv5grD6Tz8234A] C:\Windows\system32\lvAm3Q7CAopmpbb.exe
mRun: [ZPFRrFfB3RtKw048234A] C:\Windows\system32\AmEXtI02C.exe
mRun: [zwA5XyQqiglbWCP8234A] C:\Windows\system32\ES9AQkJVDZBog.exe
mRun: [m2Wei7IWw04glis8234A] C:\Windows\system32\GusrfOohP491Qju.exe
mRun: [bZlvECBAbm68234A] C:\Windows\system32\nA00c77Ea6W8EgN.exe
mRun: [glvECBAbm6KfaF8234A] C:\Windows\system32\uhy2yyA0S1JB.exe
mRun: [RbHLYeN0iyteX968234A] C:\Users\James\AppData\Roaming\ESI7pHglUkVcJZj\CoZZhfLTYhVFRla.exe
mRun: [ZaF2AzjTs1lj9aA8234A] C:\Windows\system32\ZThy2yyA0S1JBi7.exe
mRun: [IzX6bzXCgWvtJr58234A] C:\Windows\system32\FRzWT8kFWOSm.exe
mRun: [F6H1lR50klC84NE8234A] C:\Windows\system32\hqVx2fIFHLZX.exe
mRun: [g9jEH1jsr5e5NfS8234A] C:\Windows\system32\UEBHLfXoJB0G57z.exe
mRun: [muVg4NENJBHA91q8234A] C:\Users\James\AppData\Roaming\RbDJZxQgkxAQLc\l4LzvaSC2.exe
mRun: [v84NENJBHA91qFB8234A] C:\Windows\system32\YdOndYUung.exe
mRun: [hRIisIbfr8234A] C:\Windows\system32\y4CSsw1WUo8cEra.exe
mRun: [hgt4Tx4Zy8234A] C:\Windows\system32\NHZtyiHhlN2lXo.exe
mRun: [lO4ZPpZz48C15Xy8234A] C:\Windows\system32\gOndYUungwIAwgy.exe
mRun: [gTlypKTeOubaKgO8234A] C:\Windows\system32\ruagzDfkS73q1KN.exe
mRun: [wypRB2HziK8234A] C:\Windows\system32\z3H3DcreL7GPX9E.exe
mRun: [qSn6EZkNu8234A] C:\Windows\system32\EYvRAKBmX2X4tft.exe
mRun: [Jp6EZkNubHLq8234A] C:\Windows\system32\jIHVDJVDdlDQT.exe
mRun: [sngrD7wyagl8234A] C:\Windows\system32\uzX6bzXCgWvt.exe
mRun: [ubp5JW8L98234A] C:\Users\James\AppData\Roaming\STI15fwBvQ\VjBx2p6RqxbaKgY.exe
mRun: [uJTz2H9IN8234A] C:\Windows\system32\F6H1lR50klC84NE.exe
mRun: [scS2DpnG4Q6W7E8234A] C:\Windows\system32\UYjeBPcu2Fp5Qd.exe
mRun: [nETUvde2KIb8Bmr8234A] C:\Users\James\AppData\Roaming\iqerA2pHfTCIr\ZUOzy1DnpHs7Kg9.exe
mRun: [oETUvde2KIb8Bmr8234A] C:\Windows\system32\VE9Uz1bGdZwI.exe
mRun: [ycETUvde2KIb8Bm8234A] C:\Windows\system32\lByD4WLq25gXIyD.exe
mRun: [ycETUvde2KIb8Bp8234A] C:\Windows\system32\DKgCl0in6fT.exe
mRun: [oEeFkSHXOpm8234A] C:\Windows\system32\VQ9Uz1bGdZwI.exe
mRun: [o0sehEm2xn4pAI98234A] C:\Windows\system32\k2Q9lisZOiHZODQ.exe
mRun: [OWlo8t8ydk2KC048234A] C:\Users\James\AppData\Roaming\bfLgZwlP1nH\IrNAvo3m56Kf.exe
mRun: [XLntqJoOhd5uIs18234A] C:\Windows\system32\T5Xz2Jwym9zF.exe
mRun: [H1Ig3rZ4zRbIWSC8234A] C:\Windows\system32\nfIcmTOiHZOD.exe
mRun: [OXd4SrXGNYmy94z8234A] C:\Windows\system32\T5XzDJwym9zF.exe
mRun: [XUZdFNEnPZ4B8oe8234A] C:\Windows\system32\JzF7k2Q9lisZ.exe
mRun: [CXxpfk0WYxnEVi58234A] C:\Windows\system32\sogPHhoTS9Nngzi.exe
mRun: [CbPCdnPwW3xwLn08234A] C:\Windows\system32\AQReuJXBumKX.exe
mRun: [CKbUmXO0io4HE9U8234A] C:\Users\James\AppData\Roaming\lTCz0nS7B\oyULlOtwEpA.exe
mRun: [KlPio4HQd8hVtcD8234A] C:\Users\James\AppData\Roaming\d0sehEm2xn4pAI9\IiwE4yhmyqHDtRH.exe
mRun: [LRwlPub4Gs68234A] C:\Windows\system32\xoOhdGuIs1OE2VJ.exe
mRun: [C4VsxLcRvRc6zaj8234A] C:\Users\James\AppData\Roaming\dB8ydk2KC04LrDf\uVlNxu1b3.exe
mRun: [WubG68Lhez0bnQd8234A] C:\Windows\system32\XaAXJb0AlZ5vl.exe
mRun: [sxc2ibD3pHWfgZY8234A] C:\Users\James\AppData\Roaming\YbPCdnPwW3xwLn0\xRG0r9atEVtcio4.exe
mRun: [H24mQ6Ef9XjeIz8234A] C:\Windows\system32\enQ6fTCrxc2b3QW.exe
mRun: [nEqYIOxu13na8234A] C:\Windows\system32\AQd8R9Xjl.exe
mRun: [RZAJeoWC2fN4gNn8234A] C:\Windows\system32\CG8jxHISHZOngrS.exe
mRun: [DOxu13naHW7LThC8234A] C:\Windows\system32\Bnp5Qd8R9XjlPcv.exe
mRun: [wDnaHW7LThCUr8234A] C:\Windows\system32\jd8R9XjlPc.exe
mRun: [fnaHW7LThCUrBPc8234A] C:\Windows\system32\d8R9XjlPyvo4.exe
mRun: [nQJ6dEfRh8234A] C:\Windows\system32\CLThCUrBPciDna5.exe
mRun: [fItcDaKLjIOxu1b8234A] C:\Users\James\AppData\Roaming\zEgqXUlBPc1Dnp5\DUlBPAFm6KLTUkB.exe
mRun: [lLjIOxu1boGa6JE8234A] C:\Users\James\AppData\Roaming\zEgqXUlBPc1Dnp5\OlBPAFm6KLTUkBz.exe
mRun: [IOGTAaZPGqt3Jwc8234A] C:\Users\James\AppData\Roaming\fHPZ3k4UGBd09Sg\vh2wFw2R1dBnTcW.exe
mRun: [LLt4w2gzGj2L0e8234A] C:\Windows\system32\jH7RwOAo5gUtAoG.exe
mRun: [LC5AwGxXaSqao08234A] C:\Windows\system32\fA47htodjyp8C0G.exe
mRun: [m7U1nWZwINSDa8234A] C:\Users\James\AppData\Roaming\UcsXyG9Pm9NpRe2\YAR0K0gDUQNR2CG.exe
mRun: [mnWZwINSDa8234A] C:\Users\James\AppData\Roaming\UcsXyG9Pm9NpRe2\Bjbg0R0K0g3UQ.exe
mRun: [l1nWZwINSDa79ru8234A] C:\Users\James\AppData\Roaming\UcsXyG9Pm9NpRe2\wIpjbg0R0K0gDUQ.exe
mRun: [gpIJzfA8OaV8234A] C:\Windows\system32\Jq85FAVrYRJ7GSO.exe
mRun: [rP6zQVpZtmTB8234A] C:\Users\James\AppData\Roaming\ykEnBgborj6uCHt\R1lQknVaIWSw4lJ.exe
mRun: [DNi3HJKRTZ1ANA48234A] C:\Windows\system32\kBlrOrlttNip6wI.exe
mRun: [r5fjPSmKU8234A] C:\Windows\system32\NownV5IWN6B.exe
mRun: [YOiH9kPD6gkxDH88234A] C:\Windows\system32\H5IaI5IaIGY3ZA8.exe
mRun: [KwzvQXNbEXzoQLk8234A] C:\Windows\system32\amKUyiQLeA3WZru.exe
mRun: [FwiJlnLl38234A] C:\Windows\system32\ansZlcH8YePc2QR.exe
mRun: [GXx4dhBxGfZeBxb8234A] C:\Windows\system32\GLIvKCAD6LYUO01.exe
mRun: [Dvn57EgqXUlt0A8234A] C:\Windows\system32\qngrSHqx48lndjy.exe
mRun: [jjClrNAv2b3GaJW8234A] C:\Windows\system32\klvsheyb8XkxFQf.exe
mRun: [JucS2ibD38234A] C:\Windows\system32\HW8LTjCIrOx.exe
mRun: [sA0ucS2ib3n4QWf8234A] C:\Windows\system32\F0Avo4HQd8ZhXUe.exe
mRun: [fvD2bpGsJd8Zh8234A] C:\Windows\system32\m1ivD2onFp5Qd8R.exe
mRun: [R2bpGsJd8ZhXUl8234A] C:\Windows\system32\A2onFp5Qd8R9YwV.exe
mRun: [DEDlWFV9GckdoU38234A] C:\Windows\system32\myNrNp7wJhOaJ.exe
mRun: [nbrq5iV5zGeW8234A] C:\Windows\system32\p6YN0vFmasWOIUk.exe
mRun: [rvLuk3gNG8234A] C:\Windows\system32\BT1ANA4LVEqA6EB.exe
mRun: [WmHs78gTqYkrBPc8234A] C:\Users\James\AppData\Roaming\o8ZhXUlrPx1v2bp\uyAvi3n5aHdKfLT.exe
mRun: [YoU3jnxHYPHw18234A] C:\Windows\system32\fCVrpooaZlDCy.exe
mRun: [e3gNGZBvHZe148U8234A] C:\Windows\system32\IbWY14ZyaqO1.exe
mRun: [dKUA4KlDJ8234A] C:\Windows\system32\loWRlNps8.exe
mRun: [pGgxaYcWV4YAdzs8234A] C:\Windows\system32\GWRlNps8UlPSH.exe
mRun: [YZPHhDLzHj4h16U8234A] C:\Windows\system32\y458jOSD4JRw0vm.exe
mRun: [gZCPSGWTI03dXOD8234A] C:\Windows\system32\x2bpsJEf9jB.exe
mRun: [XzHj4h16UF9xWxL8234A] C:\Windows\system32\czvFQglyoJQsgXU.exe
mRun: [SlD6CSKCu6j06Cb8234A] C:\Windows\system32\iXkNuD4WLqItcDm.exe
mRun: [XZ0WUo8tng8234A] C:\Windows\system32\kl0iGsLhVtSn5dR.exe
mRun: [SP8SUaOKc83O84P8234A] C:\Windows\system32\ceKbkR3OCJ2IQyd.exe
mRun: [XwmtgFPXQ28234A] C:\Windows\system32\AIQydNgSKIc6w1H.exe
mRun: [RtgFPXQ2VjJiwdp8234A] C:\Windows\system32\WcKIc6wSmZe1.exe
mRun: [LupWTVA369C8234A] C:\Windows\system32\wkGCbTcJO4.exe
mRun: [aVupWTVA369COia8234A] C:\Windows\system32\kB49PpXvRAWlGhi.exe
mRun: [dGsZrynJq8234A] C:\Windows\system32\NHjDZxJUbfz4C3h.exe
mRun: [xbvzCTfL8ZUklOw8234A] C:\Windows\system32\xHhDLzHj4h16UF9.exe
mRun: [DshOS4dYO147hlc8234A] C:\Windows\system32\cA4dYI1pdTPv.exe
mRun: [zkrN0Sbp4HWfL8234A] C:\Windows\system32\tupWXrupWZrcG7h.exe
mRun: [gbp4HWfLTjwVOxu8234A] C:\Users\James\AppData\Roaming\E24fYNimLwtiF\XRIvQTPFKU.exe
mRun: [ebD3ona6Wf8ZYkr8234A] C:\Windows\system32\YGLISHZN37wtvH8.exe
mRun: [Adsb0AxUZ8234A] C:\Windows\system32\zknw4jpBKA9pwmt.exe
mRun: [JA1ivoFms8234A] C:\Windows\system32\GRjPSp6LCOuFa.exe
mRun: [h9sxL0WtfGVaeHt8234A] C:\Windows\system32\iKao2A1xkTEssQJ.exe
mRun: [vjCINvb3GQ8234A] C:\Windows\system32\G6JEgqCUlt0Sv.exe
mRun: [KCF7rDfIb7VDLt48234A] C:\Windows\system32\Vzzx2DGncN1AxPx.exe
mRun: [Xt49NGw1ahxHXNn8234A] C:\Windows\system32\Xd8XYIVY8Z9R9Ld.exe
mRun: [zXNn7w0afZkB18234A] C:\Windows\system32\nN00lXekCkwYZEm.exe
mRun: [OXNn7w0afZkB18234A] C:\Windows\system32\prN00lXekCkwYZE.exe
mRun: [G12nps7KRXVBPcD8234A] C:\Windows\system32\NQr5e4cTiZv.exe
mRun: [Q9XUBPcuo4GQfh8234A] C:\Windows\system32\aX6uhSRST6B5BQP.exe
mRun: [GPcuo4GQdhClzy18234A] C:\Windows\system32\E9On9loLOFq0HXA.exe
mRun: [QdhClzy1S3JLUBx8234A] C:\Windows\system32\q9loLOFq0HXAJCS.exe
mRun: [Alzy1S3JLUBxiG68234A] C:\Windows\system32\xLt49NGw1ahxHXN.exe
mRun: [pOv3QRjVxba78234A] C:\Windows\system32\pcHTODW8Y.exe
mRun: [O7qV0bHfqVxSo5E8234A] C:\Windows\system32\w0afZkB1n7Rwt12.exe
mRun: [hv4WgXePDsZe1sw8234A] C:\Users\James\AppData\Roaming\KHTODW8YrPDaEhe\T7KRXVBPcDms.exe
mRun: [Co5EqkBAFdYz48I8234A] C:\Users\James\AppData\Roaming\J0mhysUvEloRzmR\TYAaLrcafZkB1n7.exe
mRun: [xv5ZB1G8evJTOF8234A] C:\Users\James\AppData\Roaming\is789XUBPcuo4GQ\ZClzy1S3JLUB.exe
mRun: [uJkv5ZB1G8ev8234A] C:\Windows\system32\Alzy1S3JLUBxiG6.exe
mRun: [vJkv5ZB1G8evJ8234A] C:\Windows\system32\ZClzy1S3JLUB.exe
mRun: [VYNiaECNimfZkrB8234A] C:\Windows\system32\xagriHTli6ZBDWZ.exe
mRun: [njxnfCN2a8234A] C:\Windows\system32\dxba7qV0b.exe
mRun: [CRhwVOzy1nHdZj8234A] C:\Windows\system32\sLtmCideDKI2Elo.exe
mRun: [yHdZjBc2GdZjBx28234A] C:\Windows\system32\VYti5RUy2.exe
mRun: [FGms7LThwVOxy1D8234A] C:\Windows\system32\VYNiaECNimfZkrB.exe
mRun: [FTyJlogBFRzpqv68234A] C:\Windows\system32\IXe0DsZe1swy38k.exe
mRun: [XqvZiR18y9nOfcw8234A] C:\Windows\system32\HJLkApWXkNASb3n.exe
mRun: [qv5gU0osRVN2sRC8234A] C:\Users\James\AppData\Roaming\ybpa67LTjwl\FdZjBx2m6RqIySp.exe
mRun: [dfoCKbwsPEcg8234A] C:\Windows\system32\Z8g9RK7fE.exe
mRun: [fWQnSyPUZs8234A] C:\Windows\system32\gHD0e9JFNj7nxk8.exe
mRun: [rV7cgi9uZ19bXbX8234A] C:\Windows\system32\wNOlelrkYkkkVBB.exe
mRun: [AbXiTiPRv8234A] C:\Windows\system32\GfWQniytBU.exe
mRun: [PGw4iw4lJ1TnzEi8234A] C:\Windows\system32\OH5sJEWHGD.exe
mRun: [Rzf2eHPTnOK2IfF8234A] C:\Windows\system32\Nc12S0NVCREQaF0.exe
mRun: [bKSYmxRFlKbBRp08234A] C:\Windows\system32\tCXLJmnvuNCtUR5.exe
mRun: [AspD1zegH8234A] C:\Windows\system32\ofncVg5vIKSDPwE.exe
mRun: [hGOL2U6SeKbtZH08234A] C:\Windows\system32\EBBCXLJmnv.exe
mRun: [JKbtZH0ZsSOj7it8234A] C:\Users\James\AppData\Roaming\SFvOSBwdDPhQ2IE\AAILDkJ3k4eQ.exe
mRun: [TX8J5b0lZmief528234A] C:\Windows\system32\Eg5DBhQvj7gm1l8.exe
mRun: [nlLQ30V8p8234A] C:\Windows\system32\pp1ILnzjULpAwJi.exe
mRun: [B6FNC9mDOhQpA8234A] C:\Windows\system32\IU5zEuCd2k7Dr8F.exe
mRun: [B6m2AlYkjhLWH8234A] C:\Windows\system32\mq6Drg4BRGvzT.exe
mRun: [Q5urY74PU8J2zZ68234A] C:\Windows\system32\hnjQvC62kfie.exe
mRun: [RHm4F2uxl0z8234A] C:\Users\James\AppData\Roaming\jtX83OWukWPdA\n8DXpzTpV7cgi9u.exe
mRun: [ZdanbFoAz8234A] C:\Users\James\AppData\Roaming\XCGwalHUHIEvq6S\nmBJPENdz6yf0fA.exe
mRun: [Om4F2uxO0zlX9gK8234A] C:\Users\James\AppData\Roaming\SK4AILDkJ3k4eQx\YfoCKbwsPE.exe
mRun: [kR6G3y1cBOVkOUl8234A] C:\Users\James\AppData\Roaming\Ydtdu9FIRpV7cgi\vZ19bXbXiTiPRvX.exe
mRun: [pFd9VtPAD8234A] C:\Windows\system32\oFzLntqWiedFAIT.exe
mRun: [j9l5ZajSRcZ1WxZ8234A] C:\Windows\system32\oNZJocCf5bx.exe
mRun: [BWIpT3w2LSwdATH8234A] C:\Windows\system32\Z2xkRa1kH.exe
mRun: [vxKPErHNh4r73uI8234A] C:\Windows\system32\pqsotwd5uVgmx8i.exe
mRun: [XasEw1dO0F8234A] C:\Windows\system32\Nb20vAzlUjE6mo.exe
mRun: [vzfFeQcUhd8234A] C:\Windows\system32\Lf4BEch4yhaxqHP.exe
mRun: [XIL42x8svO8234A] C:\Windows\system32\LaxqHPgvVHl.exe
mRun: [LVvKO0FRIAawoQT8234A] C:\Windows\system32\brY9LWEsGapn425.exe
mRun: [JOgSC7ouOEm1VjF8234A] C:\Windows\system32\UKp2zT6DVszgDB8.exe
mRun: [awgp2xJzW0f1ljZ8234A] C:\Windows\system32\alJAXauYHSYar.exe
mRun: [LhIv5qiRmAhKmSy8234A] C:\Users\James\AppData\Roaming\RS0lUljqj9hq9Uk\wiGJdwI0nfwBv.exe
mRun: [UXoC4rdpciNkt1y8234A] C:\Users\James\AppData\Roaming\JUQvCdSksuZolQB\BAPBIVrlyxbGHEh.exe
mRun: [h0dPhaizXfWF2tw8234A] C:\Users\James\AppData\Roaming\KXhTfTggXjNNipX\Rc4mdhIS48wBiaq.exe
mRun: [tlqdnb1eI85bN8234A] C:\Windows\system32\PfVuJLrBP4JXkyn.exe
mRun: [ZYUeqwjYq7pN8234A] C:\Users\James\AppData\Roaming\nGb2b3oG6\aSFKISfV5T.exe
mRun: [yhKmSyeCEmoOqEp8234A] C:\Users\James\AppData\Roaming\UG6ffVuJLrBP4JX\VynQTViHZSWVoZA.exe
mRun: [HKaQE6KWEWKHDyT8234A] C:\Users\James\AppData\Roaming\yStOVX9LgTZwCNu\jJTNHEevWr.exe
mRun: [yJiPwWG0k5yqae8234A] C:\Users\James\AppData\Roaming\oHHYPmWYUeDp7Z\YGq1sVbLu7PQOsU.exe
mRun: [y8EWb0j7FxYL1R8234A] C:\Windows\system32\BAPBIVrlyxbGHEh.exe
mRun: [N85uURa2OJz8234A] C:\Windows\system32\DVIx23aEZA3qt2.exe
mRun: [LxwpCFqDhS9udt8234A] C:\Windows\system32\mPnWtvQjAsYbf.exe
mRun: [LeWchFYmVpr4wo8234A] C:\Windows\system32\t2EBpw1ftsl5zog.exe
mRun: [xHr5l5knhvR8234A] C:\Users\James\AppData\Roaming\AcpLr4gu6YbE\gfZUAbKALPQIGVH.exe
mRun: [A7AESLPJBGIWlmY8234A] C:\Windows\system32\NDRzHkFY2YbEXP2.exe
mRun: [RYomfO1zoTYsoy98234A] C:\Users\James\AppData\Roaming\EBGBQCypdTkVBPu\qu2nWjvLCtFKTxK.exe
mRun: [VxmX0GgUc8234A] C:\Windows\system32\TjsorCLPdx91wL6.exe
mRun: [LysUSQqlD3G8234A] C:\Windows\system32\qT4AlgscEARShGb.exe
mRun: [PlCWmDCsDzkYgEp8234A] C:\Windows\system32\EzxcHXiW8e.exe
mRun: [X3GbPZFVsP8234A] C:\Windows\system32\wUeqwjYq7pNk850.exe
mRun: [epOhEQniye72eFE8234A] C:\Windows\system32\rFZSmEC0Ecf50UZ.exe
mRun: [VforW0R2wGzfDks8234A] C:\Windows\system32\do0URa07N7uR42u.exe
mRun: [eYmt82V5zJNLiC8234A] C:\Windows\system32\f9SfPENWra.exe
mRun: [jvhFqGzKSk5P88234A] C:\Windows\system32\WtyxAtwRpceZ5bk.exe
mRun: [Qd0g4OEihbCQy98234A] C:\Windows\system32\omSkZWbOCJcdNst.exe
mRun: [SQy9DIWchHcwGrQ8234A] C:\Windows\system32\JjLavNCC0.exe
mRun: [aDVd2IdxWxR0E8234A] C:\Users\James\AppData\Roaming\NhufzQInTkX\j41rrnLqYBrAuoR.exe
mRun: [UGVJ0R2C5IG8234A] C:\Windows\system32\OLjPNIZmPL.exe
mRun: [gVJ0R2C5IGY8234A] C:\Windows\system32\S8uLiCQtZn.exe
mRun: [d4I6ARAKAgS8vYv8234A] C:\Windows\system32\BhpBWSYmt8.exe
mRun: [UOHrKxJy8cg2Um8234A] C:\Windows\system32\E0ZGldvwmI.exe
mRun: [e3woXohvRA6ku58234A] C:\Windows\system32\u4tZmNRvR2Tiq3q.exe
mRun: [AmV4wo8rv5Q68234A] C:\Windows\system32\lBFH1QNfSjnk.exe
mRun: [AoQZCxFJhBu58234A] C:\Windows\system32\s5GnbcitYd3bDT.exe
mRun: [J6dWK7fRLgXjCIr8234A] C:\Windows\system32\X6OHrKxJy8cg2Um.exe
mRun: [idWK7fRL9TqYeIr8234A] C:\Windows\system32\cw2UsPW0L.exe
mRun: [KpnG4aQH6W7E9Tq8234A] C:\Windows\system32\XSXFYaImrstsz.exe
mRun: [fxpRCNS36EwNu8234A] C:\Windows\system32\yRQ2NCermhweIry.exe
mRun: [g5sWJdEL8RqYwVl8234A] C:\Windows\system32\C9N3KYtbH8k.exe
mRun: [oyxA1uvS2b38234A] C:\Windows\system32\dP0ycA1iv2n4m5Q.exe
mRun: [GjUClBrzPyAuSoF8234A] C:\Windows\system32\lJ7dEK8gR9YwUeI.exe
mRun: [o8R9hTXqjCk8234A] C:\Windows\system32\BdEK8gRZ9YwUeIt.exe
mRun: [oNtxA0ucSiDpGaH8234A] C:\Users\James\AppData\Roaming\aQJfXwjUCB\rbF3pG5aQ7R9.exe
mRun: [btxA0ucS2b3naHs8234A] C:\Users\James\AppData\Roaming\aQJfXwjUCB\zF3pG5aQH7R9T.exe
mRun: [oNtxA0ucSiDpGQ68234A] C:\Users\James\AppData\Roaming\aQJfRZ9hTw\S2bF3pG5aHdfL.exe
mRun: [m7fELgTZqYwIrOt8234A] C:\Windows\system32\zF3pG5aQH7R9T.exe
mRun: [mEL9gZwkIrOtPu18234A] C:\Windows\system32\zF3pG5aQHdfLg.exe
mRun: [iS1ib3onGaHsJfL8234A] C:\Windows\system32\inGaQHsK7E.exe
mRun: [rib3onG4aHsJfLg8234A] C:\Windows\system32\wgTZqjYCwIrOtPu.exe
mRun: [gonG4amH6W7E8Tq8234A] C:\Windows\system32\wTZqjYCwkrOtPuS.exe
mRun: [OonG4amH6W7E8Tq8234A] C:\Users\James\AppData\Roaming\inGaQHsK7E\UZqjYCwkIrOtPuS.exe
mRun: [ivS2ibF3pGaHd8234A] C:\Windows\system32\jBtzP0ycAiDoFpH.exe
mRun: [LhTUelIBrPyAuSo8234A] C:\Windows\system32\UZwkIVrlOtPu1o4.exe
mRun: [XtxP0ucS1b3n4m68234A] C:\Windows\system32\YtzP0ycA1v2n4m5.exe
mRun: [Voyefa1UYdo1rTW8234A] C:\Windows\system32\DHOJI5C5epX.exe
mRun: [bqacV9auzCZE7p8234A] C:\Windows\system32\jUKpNTQurq.exe
mRun: [k6nn1PBZ6FvOjE8234A] C:\Windows\system32\iiBkdoIfav.exe
mRun: [vQ0Znw4jmB6O7ug8234A] C:\Windows\system32\CG2xeE4xhHc.exe
mRun: [gEnld194r8ik6uZ8234A] C:\Windows\system32\hxyNrVeVzNA11DF.exe
mRun: [dX3CaNf1Z8234A] C:\Windows\system32\q2xeE4xhHcCWFxY.exe
mRun: [jk6uZokhpzLHSlh8234A] C:\Windows\system32\iAvSo345JH6Ga21.exe
mRun: [EL1qoY2UJx8234A] C:\Windows\system32\yscUK5vIXfsG31V.exe
mRun: [YstWVv7eDf8234A] C:\Windows\system32\hC8GSixrkdGuNkT.exe
mRun: [RAj8GxY7mJFDNX8234A] C:\Windows\system32\cjTf9E7Wp.exe
mRun: [iUeByvms7E8Zh8234A] C:\Windows\system32\pHP8u92h5zLiCoU.exe
mRun: [DtjW56ck72lPf0f8234A] C:\Users\James\AppData\Roaming\rLJdQGF2DccP\emFpfCrugBv5Wgq.exe
mRun: [t8Gv3tTmAXldNWC8234A] C:\Windows\system32\dCYwTgdRex28t46.exe
mRun: [oR5k5qNDfwx1nmf8234A] C:\Windows\system32\QKKsmFpfCrugBv5.exe
mRun: [NAn9VuD47ZkP1F8234A] C:\Windows\system32\qiphisReOy0vFn4.exe
mRun: [Jc3m7RwVO8234A] C:\Windows\system32\zuUE4t9QirgHo4v.exe
mRun: [uzONtxA0uSiDpGf8234A] C:\Windows\system32\l6CAn9VuD4fZkP1.exe
mRun: [zfEL9gTZqYwIrOP8234A] C:\Windows\system32\cLri6Yt1nmfZ.exe
mRun: [HVrlBtxP0c18234A] C:\Windows\system32\j4aQH6WK7EgqwIr.exe
mRun: [IVelOBtzPyAiDoF8234A] C:\Windows\system32\SOBtxP0yc1v3n.exe
mRun: [BVelOBtzPyAiDoF8234A] C:\Windows\system32\wBtxP0ycSiDoF.exe
mRun: [IUVelOBtz0c1v2n8234A] C:\Windows\system32\urlBtxP0ySiD.exe
mRun: [FbmG5aQJ68234A] C:\Users\James\AppData\Roaming\rJELRZqhYwUe\ED2onF4pm5Q7E8R.exe
mRun: [FbFG5aQJ68234A] C:\Users\James\AppData\Roaming\FWJELRZqhXkV\ED2onF4pm5Q7E8R.exe
mRun: [hG5aQJ6dWfLh8234A] C:\Windows\system32\gYCwkUVrlBx0c1v.exe
mRun: [GUVrlOBP0c1v38234A] C:\Windows\system32\TCwkUVrlO.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: Interfaces\{8C079EAC-64C3-4637-B6E5-09C92FDAAD11} : DhcpNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~2\wi3c8a~1\datamngr\datamngr.dll c:\progra~2\wi3c8a~1\datamngr\iebho.dll c:\progra~2\bandoo\bndhook.dll 
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
BHO-X64:     MyWebSearch Search Assistant BHO - No File
BHO-X64: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
BHO-X64:     mwsBar BHO - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64:     McAfee Phishing Filter - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111010201424.dll
BHO-X64:     scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64:     Searchqu Toolbar - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: UrlHelper Class: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: BandooIEPlugin Class: {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll
BHO-X64:     Bandoo IE Plugin - No File
TB-X64: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
TB-X64: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
TB-X64: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun-x64: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun-x64: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [cjYYCekkIVrNx0c8234A] C:\Windows\system32\F222ibF3pnG5a6K.exe
mRun-x64: [Z5sWWJ7dEL8R] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [cJJfRRZ9h8234A] C:\Windows\system32\CXXwjeeItzPyc1v.exe
mRun-x64: [qbAkTimwqKqpG.exe] C:\ProgramData\qbAkTimwqKqpG.exe
mRun-x64: [rwwwkVrlO8234A] C:\Windows\system32\EaaQQ6sWKfELg.exe
mRun-x64: [aYYCkVrlOtvDoF48234A] C:\Windows\system32\HNNP0ucS1iDoGsL.exe
mRun-x64: [mhhYYXwjUVlItPy8234A] C:\Windows\system32\JsQJJddK8.exe
mRun-x64: [BKK88fRL9TXqUeI] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [gibbF3pnGaQHdKf8234A] C:\Windows\system32\PkIBBrzOyxA.exe
mRun-x64: [viiib33nG4aHsK7] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [LF4aamH5WJ7dLg8234A] C:\Windows\system32\iwkUUrrOBtx0c1i.exe
mRun-x64: [QPNNNcc1uv2oFp] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [XffRR99TXqUCk8234A] C:\Windows\system32\pAA1uvS2ob3pGaJ.exe
mRun-x64: [OL99gTTqYC] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [P3onnG4aH6s8234A] C:\Windows\system32\RCCwkIVrlOtx0c.exe
mRun-x64: [Y1ivv33oF4aHsW7] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [nwwkUVrlO8234A] C:\Windows\system32\BmmH6sWJ7EL8T.exe
mRun-x64: [cqhhhXXkUVeOtz0] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [aoobbF4pG5sQ6E88234A] C:\Windows\system32\nYYXwjUVeIBtPyA.exe
mRun-x64: [yQQJ66dWK8RLhqj] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [uA0uuSS2bD3n4aH8234A] C:\Windows\system32\PffRR99TXqYCkVz.exe
mRun-x64: [G11ibD3onGam6W7] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [eYYCwkUVrlBtPyS8234A] C:\Windows\system32\qD3ooGG4mH6WJfL.exe
mRun-x64: [TqqhYXwkUelOtPy] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [S6ddEK8fZ9hTwUe8234A] C:\Windows\system32\qzPNNccAuvDob4m.exe
mRun-x64: [TJJ66dWKfRLhTqU] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [dgTXXqjYekIVzNx8234A] C:\Windows\system32\QS2iiFFpnG5Q6WK.exe
mRun-x64: [FrllONtxPucSiDo] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [PCwwkUVrlBtx0c8234A] C:\Windows\system32\VonGG4am6sWJfLg.exe
mRun-x64: [ZzzPP0ycAivDoFp] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [h88ffZZhTXjUeIr8234A] C:\Windows\system32\RccA1uvD2oF4m5Q.exe
mRun-x64: [ZqqjjCCeIBrOyxu] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [DKK77EE9gTZjCkV8234A] C:\Windows\system32\o2ibb33nG4a.exe
mRun-x64: [kZqqhYCwkVrlBx0] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [IpmmH5sQJdEKgZh8234A] C:\Windows\system32\FtzzP0ycAivD.exe
mRun-x64: [Hpppm55QJ6dKfZ9] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [VQJJ6dWK8RL9TqU8234A] C:\Windows\system32\sBrrzPNyA1uv2b3.exe
mRun-x64: [bggTTqqjCekVzOt] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [EDD3onn4am6sJfL8234A] C:\Windows\system32\QZqqjYCwIVrlNx0.exe
mRun-x64: [UnnF4amH5sJ7E8] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [BkUUVelOBzP0c1v8234A] C:\Windows\system32\sFF4amm5sW7dLgZ.exe
mRun-x64: [fttzzNyc1uvDoFp] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [Q55aQJ6dWKf8234A] C:\Windows\system32\xBBrzPPyxAuv2b.exe
mRun-x64: [RHH66WKK7fLgTqY] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [ZvD2opHQJEgZpGs8234A] C:\Windows\system32\xgRZqhYXwUeOz0c.exe
mRun-x64: [YjSD4aQH67IrOx0] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [ulIBrzPNyAuSoFp8234A] C:\Windows\system32\X6dEK8fRZh.exe
mRun-x64: [mzONyxA0uSiFpGa] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [HEL8gRZhYwU8234A] C:\Windows\system32\t0ycS1ivDoFaH.exe
mRun-x64: [ElIBtzPNyAuDoFp] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [XVrzONtxAuSiDpG8234A] C:\Windows\system32\RG5aQH6dW7R9TqY.exe
mRun-x64: [c6sWJ7fELgZhCkV] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [ZcA1ivD2oFpHsJd8234A] C:\Windows\system32\d7dEL8gRZhXkVlB.exe
mRun-x64: [RNyxA1uvSoFpGaJ] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [yVrlONtxPuSiDoG8234A] C:\Windows\system32\TsWK7fEL9TqY.exe
mRun-x64: [oycA1ivD2n4m5Q7] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [TpnG5aQH6W7R9Tq8234A] C:\Windows\system32\VXqjUCekIrOyAuS.exe
mRun-x64: [pL8gTZqhYwUrOtP] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [NtzPNycA1v2b4m58234A] C:\Windows\system32\nEK8gRZ9hXjV.exe
mRun-x64: [oamH6sWJ7E8TqYw8234A] C:\Windows\system32\QCwkIVrlOtPuSiD.exe
mRun-x64: [donF4pm5QJ7dKgZ] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [bF3pmG5aQ6W8R9T8234A] C:\Windows\system32\aZ9hTwjUClBPyAu.exe
mRun-x64: [ArOxu1Do4] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [HpnG5aQHdKfLgXj8234A] C:\Windows\system32\hIrzOyxAu.exe
mRun-x64: [UmH6W7fE8TqYwU] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [ajUCelIBrPyAuSo8234A] C:\Windows\system32\E2obF4pmGsJdKfZ.exe
mRun-x64: [EpnG5aQH6W7LgXj] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [SK8gRZ9hYwUeItP8234A] C:\Windows\system32\nBtzP0ycAiDoFpH.exe
mRun-x64: [tA0uvS2ib3n5QdK] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [eonF4pmH5Q7E8R8234A] C:\Windows\system32\xZqhYXwkUeOtPy.exe
mRun-x64: [JzONyxA0u] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [uxP0ycS1iDoFaHs8234A] C:\Windows\system32\n6sWJ7fELgZhCkV.exe
mRun-x64: [kycA1uvD2b4] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [lssWK7fEL8234A] C:\Windows\system32\dtxAAuuS2ib3.exe
mRun-x64: [U0yycA1iv2on4m5] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [ZQH66WW7fRLgXjC8234A] C:\Windows\system32\deekIBrzOyxAuSi.exe
mRun-x64: [EggTZqqYCwUVlBx] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [LsQQJ66dEKfZ9Tw8234A] C:\Windows\system32\sVelBPNyc1uv2oF.exe
mRun-x64: [ZrrzzONtxAuc2iD] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [IVVVeOOtzPyc8234A] C:\Windows\system32\CaamH55WJ7ELgZ.exe
mRun-x64: [kjUVVllItzPyc1v] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [xYCCekIVrONtAuS8234A] C:\Windows\system32\aaaaQ66dW7fR9.exe
mRun-x64: [ZsWWJJ7dL8gRqYw] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [HuuuvD2oF4pG5Q68234A] C:\Windows\system32\sjUUVelIBzP.exe
mRun-x64: [A6dWW77RL9gXjCe] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [bL88gTZqYCwkVlB8234A] C:\Windows\system32\SuucS1ibD3nGaHs.exe
mRun-x64: [vVellIBtPNyc1v2] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [S9hhTTXwUCelB8234A] C:\Windows\system32\Y22obFFpmG5sJdK.exe
mRun-x64: [aWWK7ffL9gXqYeI] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [nzzzONNxA0cS8234A] C:\Windows\system32\XpnnG5aQH6.exe
mRun-x64: [BWWJ7fEL8TZqYwU] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [p7dEE88gZ9hXwUe8234A] C:\Windows\system32\DPP00cc1ivDoFpH.exe
mRun-x64: [p33pnG5aQ6dW7R9] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [FmmHHssW78234A] C:\Windows\system32\fBttxP0yc1iv3.exe
mRun-x64: [WEKK8fRZhTXwUeI] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [tucSSiiD3pn4Q6W8234A] C:\Windows\system32\IL9ggXXqYCeIrzN.exe
mRun-x64: [GhYYCwkUVlOBx] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [kWWJ7dEL8gZqYwU8234A] C:\Windows\system32\Xttxx00cS1iDoFa.exe
mRun-x64: [uNyccA1uD2oF4m5] C:\Users\James\AppData\Roaming\svhostu.exe
mRun-x64: [aIBrrOOyxA0v2bF8234A] C:\Windows\system32\oGG5aQJ6dW8fLhX.exe
mRun-x64: [r4aaQH6sW7fE9Tq8234A] C:\Windows\system32\l77fRLLgTXjY.exe
mRun-x64: [D6sWW77fL8gZqYw8234A] C:\Windows\system32\bcSS1ibDonG.exe
mRun-x64: [b000ycS1vD3nFaH8234A] C:\Windows\system32\yJ77fEL8TqYwkVl.exe
mRun-x64: [CYYXwkUVelB8234A] C:\Windows\system32\yFF44mm5sW7dLg.exe
mRun-x64: [xsQJJ7dE8gR9hXj8234A] C:\Windows\system32\BBttzP0yA1iv2n4.exe
mRun-x64: [D6dEE88RZ9hXjCe8234A] C:\Windows\system32\nvD22bbFp.exe
mRun-x64: [aRLL9gTXqYCeIrO8234A] C:\Windows\system32\FuuvS2ibFpnGaHd.exe
mRun-x64: [RWJ77EE8gTZhCkU8234A] C:\Windows\system32\r00ucS1ib3on.exe
mRun-x64: [ALL88gRZqYXwUeO8234A] C:\Windows\system32\O0yycS1iv3on4m5.exe
mRun-x64: [mzzP0yyA1iD2n4m8234A] C:\Windows\system32\t7ddEL8ggZqhXkV.exe
mRun-x64: [TKK8fRZ9hTwjClB8234A] C:\Windows\system32\LyccA1uvDobFpGs.exe
mRun-x64: [vdWWK88RL9hXjCe8234A] C:\Windows\system32\APNNyxA1vS2oFpG.exe
mRun-x64: [vSSS2obF3p8234A] C:\Windows\system32\whTXXjjUelIrP.exe
mRun-x64: [yaQQH6dWKfR8234A] C:\Windows\system32\NrzzONyxA0vSiF.exe
mRun-x64: [LDD3onG4am6sJfL8234A] C:\Windows\system32\iqqjYCwkIrlOtPu.exe
mRun-x64: [hpmHHssQ7dE8gZh8234A] C:\Windows\system32\ZVVeeOOtzP0c1v2.exe
mRun-x64: [XpmmG5aQJd8234A] C:\Windows\system32\yllIBrzPNxA1v2.exe
mRun-x64: [XuvvS2ib3pnGaHd8234A] C:\Windows\system32\CCCekIBrzOy.exe
mRun-x64: [QOOONtxA0uS2b38234A] C:\Windows\system32\G6ddWK7fR9gTqYe.exe
mRun-x64: [LiibF33nG5QHdKf8234A] C:\Windows\system32\zUCCekIBzONyA.exe
mRun-x64: [xcSS2bbDn4HsKE98234A] C:\Windows\system32\OLL9gTXqjYekVOt.exe
mRun-x64: [xlOONtxPucS1b38234A] C:\Windows\system32\OHH6sWK7fE9gZjC.exe
mRun-x64: [Qvvv3onnFaHsJEg8234A] C:\Windows\system32\B88TqhYwUVrBtP0.exe
mRun-x64: [mF44pmH5sJ7dKgZ8234A] C:\Windows\system32\XBBBtzzP0yc1v.exe
mRun-x64: [QBBBtzPNcA1uDoF8234A] C:\Windows\system32\InF44mm5sQJdKgZ.exe
mRun-x64: [BjjjUVVelI8234A] C:\Windows\system32\ipmmH5sQJdEKg.exe
mRun-x64: [PAAA1vvSob3pG5J8234A] C:\Windows\system32\X555sQJ6dK8fZ.exe
mRun-x64: [ZJJ6dWK8fL9hXjC8234A] C:\Windows\system32\bzzPNyxA1uS2b3m.exe
mRun-x64: [XYYCCekIrzOtx0c8234A] C:\Windows\system32\c5aQQ66WK7fL.exe
mRun-x64: [h77ff99gTXqjCkV8234A] C:\Windows\system32\z9ggTXqjCekIrOy.exe
mRun-x64: [yOONtxA0uc2iDp8234A] C:\Windows\system32\rH6ddWK7RL9TXjC.exe
mRun-x64: [vWWKK7fE9gTqjCk8234A] C:\Windows\system32\FbbD3ppG4.exe
mRun-x64: [xYYCwkIVrON8234A] C:\Windows\system32\gnGG4aQH6WK7E9.exe
mRun-x64: [SnGG4am6W7ELg8234A] C:\Windows\system32\xjYYCwkIlNP0c1.exe
mRun-x64: [sZZqhYCwkVr8234A] C:\Windows\system32\yD33onG4aH6sJf.exe
mRun-x64: [grOBBtxPySiDn4m8234A] C:\Windows\system32\ybD33nn4amsJf8T.exe
mRun-x64: [NmmHH6sW7fELgTq8234A] C:\Windows\system32\A00uucS1ibD3.exe
mRun-x64: [lnnG4amH68234A] C:\Windows\system32\KVrllNNxP0uSi.exe
mRun-x64: [D00yySSivD3n4aH8234A] C:\Windows\system32\wfEEL8gTqhYCkVl.exe
mRun-x64: [ynFF4amH5WJ8234A] C:\Windows\system32\NkUUVrlOBxP0c1.exe
mRun-x64: [UyycS1ivD3nFaHs8234A] C:\Windows\system32\sL8ggTZqYCw.exe
mRun-x64: [rmHH5sWJdEL8RqY8234A] C:\Windows\system32\ASS11vv3o.exe
mRun-x64: [u5sQQJ7dK8gZ9Yw8234A] C:\Windows\system32\GVVelOBtP0yAiD2.exe
mRun-x64: [TnF44pmHsQJ7E8R8234A] C:\Windows\system32\KXwkkVVlOBtPyA1.exe
mRun-x64: [EEEKKggZ9h8234A] C:\Windows\system32\SA1iiDD2nF4m5.exe
mRun-x64: [XwjUVelIBzNc1v28234A] C:\Windows\system32\YQJ7dEK8gZ.exe
mRun-x64: [lwjUCelIBzNx1v28234A] C:\Windows\system32\q2obF4pmGsJdKfZ.exe
mRun-x64: [iTOuipnGCtw37A68234A] C:\Windows\system32\vAv2obG6TIy2pQf.exe
mRun-x64: [DCelBPuFmQd8LT8234A] C:\Windows\system32\Q7lS3a7XPi2FmsE.exe
mRun-x64: [zBPuFmQd8LTjlNv8234A] C:\Windows\system32\AlS3a7XPi2FmsEg.exe
mRun-x64: [hwkAF5JEg9XUltN8234A] C:\Windows\system32\oUc2FpGJTwUeBP.exe
mRun-x64: [noH8wlP13asE8234A] C:\Windows\system32\hAF5JEg9XUltNAv.exe
mRun-x64: [OubYrxi4fjNcD8234A] C:\Windows\system32\nF5W9UOGCA4g.exe
mRun-x64: [d7ghwUltPcu2b3m8234A] C:\Windows\system32\ntcGZVDna6Wf.exe
mRun-x64: [Cr71qnV4lsIJrn98234A] C:\Windows\system32\EPeVOrutUTgXTBP.exe
mRun-x64: [U4KVA4EXrvG8jO8234A] C:\Windows\system32\Bd7E69LsppsG89y.exe
mRun-x64: [oekrzOxvp5Q6W7L8234A] C:\Windows\system32\ovCi10PPNG7RZg.exe
mRun-x64: [b9XYkrNA0Sb8234A] C:\Windows\system32\ai2n4H5sQdKR9.exe
mRun-x64: [ckVOxuSb3Ga6WfL8234A] C:\Users\James\AppData\Roaming\XCzASpQK9YVtSpQ\OrxSFWRUzDsgVND.exe
mRun-x64: [kVOxuSb3Ga6WfLT8234A] C:\Windows\system32\v0SbpGQKLXYkr.exe
mRun-x64: [zgrDshlcnJ9eyFJ8234A] C:\Windows\system32\OAvoWRhqCIzy0SF.exe
mRun-x64: [oAu2ibF3pGQdKfL8234A] C:\Users\James\AppData\Roaming\VfUiWXzmg\WXNF7C0nEV16qto.exe
mRun-x64: [r5QdK7fRLgqC8234A] C:\Users\James\AppData\Roaming\EnEV16qto7wti\mhCNSpJ8TU.exe
mRun-x64: [HfRLgqYIVztAuSD8234A] C:\Users\James\AppData\Roaming\EnEV16qto7wti\SRqezNAu2b3n5Hd.exe
mRun-x64: [SgqYIVrzOt0c2Dp8234A] C:\Users\James\AppData\Roaming\EnEV16qto7wti\dNAu2ibF3n5HdKf.exe
mRun-x64: [VYIVrzONt0c2DpG8234A] C:\Windows\system32\QrASbnHfZID7wS7.exe
mRun-x64: [TW8qhYCwkrx0Si38234A] C:\Users\James\AppData\Roaming\dA0ucS2D3n4HsKL\wCwkIVrlOtPu1b3.exe
mRun-x64: [a8qhYCwkVlPci348234A] C:\Windows\system32\cgqYIVrzOt0c2Dp.exe
mRun-x64: [O9wVIzy1Db8234A] C:\Users\James\AppData\Roaming\F2D3pnG4aHsKLZj\Bm6W8ZqhYwrx0Si.exe
mRun-x64: [B9wVIzy1Db8234A] C:\Users\James\AppData\Roaming\N3pnG4aH6W7LZjC\Bm6W8ZqhYwrx0Si.exe
mRun-x64: [l9wVIzy1D8234A] C:\Users\James\AppData\Roaming\jwkIVrlONx0c1b3\Bm6W8ZqhYwrx0Si.exe
mRun-x64: [QsJ7dF9wVIzy1D8234A] C:\Users\James\AppData\Roaming\HlcnJ9eyFJfhCNS\OdK7fRLgqCIrO.exe
mRun-x64: [tjwVltPcboGmsfL8234A] C:\Users\James\AppData\Roaming\KcS2D3pnGaHsKLZ\wCwkIVrlOtPu1b3.exe
mRun-x64: [WtzPNycA1v4ms688234A] C:\Users\James\AppData\Roaming\FSiD34sJ7\B9wVIzy1Db.exe
mRun-x64: [rcA1uvD4ps68RTI8234A] C:\Users\James\AppData\Roaming\h4sJ7dF9wVIz\njeBOyui3na6.exe
mRun-x64: [O1uvD4pm568RTIP8234A] C:\Users\James\AppData\Roaming\Ee12Fm5JWRTjeBO\gna6WE9ZjwVltPc.exe
mRun-x64: [H27I04LV15qB2lu8234A] C:\Windows\system32\O1uvD4pm568RTIP.exe
mRun-x64: [JudUIi57LTjeVOA8234A] C:\Windows\system32\Gwcs53ebLxmCcJl.exe
mRun-x64: [TL57TCrASpQ7gCV8234A] C:\Windows\system32\lxQq0aqPmh0HYcs.exe
mRun-x64: [J3L57TCrASpQ7gC8234A] C:\Windows\system32\SSWe2KIiKki7U.exe
mRun-x64: [InF4pmHQJ8234A] C:\Windows\system32\tONtxP0uc1b3n4m.exe
mRun-x64: [RFpmHQJ7EgZ8234A] C:\Windows\system32\W1ibD3onGaHs.exe
mRun-x64: [HH5sQJ7dEgZhXj8234A] C:\Users\James\AppData\Roaming\ooWhOimc6jvRNpR\dc3m7RwOyv4Q8YV.exe
mRun-x64: [LgRZ9hYXwUeItPy8234A] C:\Windows\system32\QbL57TCrASpQ7gC.exe
mRun-x64: [VEKgRZhXwUeItPy8234A] C:\Windows\system32\uQs7EgqCk.exe
mRun-x64: [dKgRZhXwjVlBzyu8234A] C:\Windows\system32\KkIVrOxu13nmsJE.exe
mRun-x64: [oRZhXwjUVlBzyuD8234A] C:\Users\James\AppData\Roaming\by1DAdUIiH7\KkIVrOxu13nmsJE.exe
mRun-x64: [W4w4TQSYbe73IQN8234A] C:\Windows\system32\dI0n7qOim.exe
mRun-x64: [g29p0Z2j7W4irgE8234A] C:\Windows\system32\sxDsTr03dUymhy5.exe
mRun-x64: [bw3IY5rfHnurg5S8234A] C:\Windows\system32\Di5qB2KIbfr.exe
mRun-x64: [w7qRWaFcU78234A] C:\Windows\system32\bQTzp9ODJkSsB7z.exe
mRun-x64: [CsGD0jda2b2yVZH8234A] C:\Windows\system32\xODJkSsO7zduXGO.exe
mRun-x64: [kjRWaSNZ4BQBsP98234A] C:\Windows\system32\C2N8uTQcwpkLnUm.exe
mRun-x64: [bckH07zdxX3eaV68234A] C:\Windows\system32\Qa2kJIRoBfy.exe
mRun-x64: [eXuKr4qPmhP5j1J8234A] C:\Windows\system32\HpkEnUmrwQNLW42.exe
mRun-x64: [kLzp9Nn8BaX8234A] C:\Windows\system32\LmrwQNLW42OZJbk.exe
mRun-x64: [UWhlcFJRU02sheP8234A] C:\Windows\system32\kJvuuUhTg8puxOX.exe
mRun-x64: [Eu1Dna67LThwUB08234A] C:\Windows\system32\XniScxw851eTdDO.exe
mRun-x64: [t45Wd8ZXUBP1n5J8234A] C:\Users\James\AppData\Roaming\GlGw16ki7V\Xc6YcsXAsw1JTzo.exe
mRun-x64: [Y5Wd8ZXUBP1n5JE8234A] C:\Users\James\AppData\Roaming\D5lGw16ki7V\Xc6YcsXAsw1JTzo.exe
mRun-x64: [buvDobF4pGsJE8R8234A] C:\Windows\system32\eCschvppamHmbSt.exe
mRun-x64: [OJE8ZYjVIzN1voG8234A] C:\Windows\system32\dqUCjRQni.exe
mRun-x64: [O5aQJ6dWK98234A] C:\Windows\system32\pNA0uc2ib3n4Q6W.exe
mRun-x64: [OaQJ6dK8RX8234A] C:\Windows\system32\pJ2Nqfa30OBU.exe
mRun-x64: [NaQJ6dK8RXj8234A] C:\Windows\system32\buvDobF4pGsJE8R.exe
mRun-x64: [ZL8gZhCwktPySiD8234A] C:\Windows\system32\XQH6sWK7fLgZjCk.exe
mRun-x64: [epmH5sQJ7E8R9Yw8234A] C:\Windows\system32\O6sWJ7L8gZhCktP.exe
mRun-x64: [yK8RZ9hYXje8234A] C:\Windows\system32\UCwkUP0yc1v35W7.exe
mRun-x64: [c8R9hYXwjeIt8234A] C:\Windows\system32\i1ivD3oFm5WdLRh.exe
mRun-x64: [IdKfR9hTXjClBzy8234A] C:\Windows\system32\h1ivonF4pHsJdKR.exe
mRun-x64: [Y1uv2obFaKLTqUk8234A] C:\Windows\system32\PIBtzPNcADoFm5Q.exe
mRun-x64: [tPxA1uv2oFaKLTq8234A] C:\Windows\system32\iA1D2obF4m.exe
mRun-x64: [tPyxA1uv2bmQ8hX8234A] C:\Windows\system32\KcA1uD2ob4.exe
mRun-x64: [eQH6dWK7fLg8234A] C:\Windows\system32\fKfR9hTXwUeBzyA.exe
mRun-x64: [crlOBt0yc8234A] C:\Windows\system32\zcnQZVyoQZlSQ9z.exe
mRun-x64: [VyS1ivonFa578234A] C:\Windows\system32\t3jFqbTiEcLcd.exe
mRun-x64: [honF4a578hwUl0i8234A] C:\Windows\system32\Y4kGYoY2ZcJl5UF.exe
mRun-x64: [I9XUlBPcu8234A] C:\Windows\system32\W2RNaj0HhP4h.exe
mRun-x64: [hFm6KRhXU8234A] C:\Windows\system32\fNPci3onGaHs7.exe
mRun-x64: [IwP2msJKR8234A] C:\Windows\system32\qRr3XuHCS7YlPb3.exe
mRun-x64: [rJKRhwClrAoGWfh8234A] C:\Windows\system32\pajig0WOFRzp9Pm.exe
mRun-x64: [FGWfhqCIzy0Sbp58234A] C:\Windows\system32\IvEe2Rr3XuHCS7Y.exe
mRun-x64: [WucS2ibD38234A] C:\Windows\system32\dEe2Rr3Xu.exe
mRun-x64: [hpnG4aQH6W7EZjC8234A] C:\Windows\system32\Fjig0WOFRzp9Pmw.exe
mRun-x64: [yqCwkVON0Si8234A] C:\Windows\system32\GdO49A6lFL.exe
mRun-x64: [GqjYCwVrl08234A] C:\Windows\system32\GTxajig0WOFRzp9.exe
mRun-x64: [yqjYCwVrl0n8234A] C:\Windows\system32\Oig0WOFRzp.exe
mRun-x64: [fELZqjYCwVl0na68234A] C:\Windows\system32\ie2Rr3XuHCS7YlP.exe
mRun-x64: [AYCwVrlO0na68234A] C:\Windows\system32\ZFTxajig0WOFRzp.exe
mRun-x64: [dVrlO0una6JCV3F8234A] C:\Windows\system32\zH6sWJ7fE8.exe
mRun-x64: [KO0una6sJCV3FaH8234A] C:\Windows\system32\hsWJ7fEL8TqC.exe
mRun-x64: [quna6sJTV3FaHsJ8234A] C:\Windows\system32\K3naH6sWJfLgZhC.exe
mRun-x64: [T6sJZV3nFaHsJd88234A] C:\Windows\system32\StQZlPb3nH.exe
mRun-x64: [T6sJTV3nFaHsJd88234A] C:\Windows\system32\TsWJ7fEL8TqC.exe
mRun-x64: [GUVelIBtzNc1v2b8234A] C:\Windows\system32\T49A6lFLxHeGqS7.exe
mRun-x64: [GjUVelIBtPyAuDo8234A] C:\Windows\system32\Jb9SLAKtWlmknYv.exe
mRun-x64: [GfZhweBx2m6fqkO8234A] C:\Windows\system32\QvdO49A6lFLxHeG.exe
mRun-x64: [yD3pnaQHW9I0ogO8234A] C:\Windows\system32\pci3FmsLRhwVOzy.exe
mRun-x64: [is4NErFfrFfr3LO8234A] C:\Windows\system32\Z9fWTYO01KLVO0p.exe
mRun-x64: [ADfkPi3Fm8234A] C:\Windows\system32\raYcsX1JC.exe
mRun-x64: [eOn8rc3Fms7LRhw8234A] C:\Windows\system32\qu6X1QUuG.exe
mRun-x64: [Ts7LRhwVOzyimg98234A] C:\Windows\system32\xc6ei7VDWkSDdei.exe
mRun-x64: [xBtzPNycAu2Fms8234A] C:\Users\James\AppData\Roaming\FhznZydInqAWzGq\F0Klpw1HwvE9.exe
mRun-x64: [jPNycA1u2Fms6ER8234A] C:\Windows\system32\axtVJl2Wk2Wki7V.exe
mRun-x64: [IKz3Q8hqjkx0GQW8234A] C:\Users\James\AppData\Roaming\kiZvT1g1f0LcExK\O7N8xJzdIpTeAo0.exe
mRun-x64: [W0pGQdf9X8234A] C:\Windows\system32\NHOJBHOQNWP.exe
mRun-x64: [pUkx0pGQdf9XYkr8234A] C:\Windows\system32\rsB6tEu92.exe
mRun-x64: [cV0nJZecF7hI1pE8234A] C:\Users\James\AppData\Roaming\sO7P7N7xJzJ\Kst5BaVmlQVaVGq.exe
mRun-x64: [zF7hI1pEXr8234A] C:\Users\James\AppData\Roaming\bjojDqv9STifuEy\bALuEc8z4hBv3S.exe
mRun-x64: [EIb9xdCSEt6raw28234A] C:\Windows\system32\rFms6EKR9Byv3Q8.exe
mRun-x64: [FkcHq0mq08234A] C:\Windows\system32\KbWCtvWY04KV1GZ.exe
mRun-x64: [LfkcHq0mq04KV18234A] C:\Windows\system32\hWCtvWY04KV1GZB.exe
mRun-x64: [WwtvmLXtvH8wIyv8234A] C:\Windows\system32\JdUy5gNp9OGhy5X.exe
mRun-x64: [GnKXkNSpQgktSnH8234A] C:\Users\James\AppData\Roaming\RhN5quWVoZy\yV2RyQjuWrG.exe
mRun-x64: [DwINv4QfjBxS3Jf8234A] C:\Windows\system32\V9zpLz3EroLViJC.exe
mRun-x64: [oNSp6EZkOuboaH8234A] C:\Windows\system32\O9eP1bGW9U.exe
mRun-x64: [vG4am6JEghwUOPc8234A] C:\Windows\system32\WucS2ibD3n4Q6KT.exe
mRun-x64: [WelzP0ycAv2np5Q8234A] C:\Windows\system32\FOPcvnaWJdLgqYw.exe
mRun-x64: [ToFd9Urxu8234A] C:\Windows\system32\RQ7dEg9XwUlzNc1.exe
mRun-x64: [ND2oFd9UrxuSbpa8234A] C:\Windows\system32\D45Q7dEgZXUlzN.exe
mRun-x64: [goFd9UrxuSbpa6K8234A] C:\Windows\system32\un45Q7dEg9XU.exe
mRun-x64: [HKR9XjkrNx08234A] C:\Windows\system32\HdEg9XwUVlzNc1v.exe
mRun-x64: [T2m6hezxu2FGQd78234A] C:\Windows\system32\xhYXwkUelPcvo4.exe
mRun-x64: [Zi2Fm578ZhwU8234A] C:\Windows\system32\xIBtzPNyc1FGsd.exe
mRun-x64: [Ti2Fm578ZhwU8234A] C:\Windows\system32\ZdKRhwVIBzNc1FG.exe
mRun-x64: [Ti2Fms78ZhwU8234A] C:\Windows\system32\ARhwVIBtzNc1FGs.exe
mRun-x64: [Q2Fms78ZhwUeIt8234A] C:\Windows\system32\yhezxu2FGQd.exe
mRun-x64: [jZhwUVelIt8234A] C:\Windows\system32\Lezxu2FGQd7LXje.exe
mRun-x64: [zy4JKRTjIv35JWX8234A] C:\Windows\system32\GXeP1Sbp56KR9XU.exe
mRun-x64: [y8ZhwUVelBzNc1v8234A] C:\Windows\system32\O2FGQd7LXjezx.exe
mRun-x64: [Ii6TkNS47qlSG7h8234A] C:\Windows\system32\B56KR9XjkrNx0vi.exe
mRun-x64: [hlIBtzPNyAuDoFp8234A] C:\Windows\system32\hPci3na5JLgq.exe
mRun-x64: [TIBtzPNyc1v2b4m8234A] C:\Windows\system32\H5JLgqXUlPAi2Fm.exe
mRun-x64: [ISiaKRgjVx2QECt8234A] C:\Users\James\AppData\Roaming\m67LTjwIlt0Sbo4\Ti2Fms78ZhwU.exe
mRun-x64: [BFEYIum8UPoQL8234A] C:\Users\James\AppData\Roaming\Cjezx2Dnas7LTj\Ti2Fms78ZhwU.exe
mRun-x64: [tLexFH9V0psZIun8234A] C:\Users\James\AppData\Roaming\Ina67LTjwIlt\Ti2Fms78ZhwU.exe
mRun-x64: [qQRVcFJZecFJZey8234A] C:\Windows\system32\CCVzt0Sbn6ZItS.exe
mRun-x64: [hETBumdTI136fXe8234A] C:\Windows\system32\WUy4JKRTjIv3.exe
mRun-x64: [mNtP0ucS1b3n4mL8234A] C:\Windows\system32\W9V0psZIunJh.exe
mRun-x64: [US1bD3onGaL8234A] C:\Users\James\AppData\Roaming\FHd7RgjeV\T9gTZqjYCrtP.exe
mRun-x64: [pNtx0S1bDoGaEqC8234A] C:\Windows\system32\I03HZI0o6.exe
mRun-x64: [EbD3onG4aEqCr8234A] C:\Users\James\AppData\Roaming\N7gqCIztAc2\gELTYCwlNx0.exe
mRun-x64: [X8ZwIrN18j8234A] C:\Users\James\AppData\Roaming\KGdRqCIztAc2bp4\SYCwlNtx01b3n4H.exe
mRun-x64: [LCelIBrzPyRGgt48234A] C:\Users\James\AppData\Roaming\ejeVOAci3nQWE9T\BNtP0ucS1b3n4mL.exe
mRun-x64: [pelIBrzPNRGgt4Z8234A] C:\Users\James\AppData\Roaming\HZqjYCwrtPuSb3\NLZCUOxc3Fms78Z.exe
mRun-x64: [yjVelItzPyAuDoF8234A] C:\Windows\system32\DqCUOxySi3Fm5JE.exe
mRun-x64: [RZ9hYXwjUeItPy18234A] C:\Users\James\AppData\Roaming\SYCwrtP0uSb3n4m\sgt4ZOyvmdlzFmd.exe
mRun-x64: [fZ9hYXwjUeItPy18234A] C:\Users\James\AppData\Roaming\kwrtP0ucSb3n4mL\sgt4ZOyvmdlzFmd.exe
mRun-x64: [DG5sQJ6dE8R9TwU8234A] C:\Windows\system32\feB012457K.exe
mRun-x64: [DG5sQ6dEKfZhXjN8234A] C:\Windows\system32\kxySi3Fm5JEgqXk.exe
mRun-x64: [OaHd7RTjCkrNAcb8234A] C:\Users\James\AppData\Roaming\jelItzPNyA\JF4pmG5sQ6E8R9T.exe
mRun-x64: [OWTezubaKgCl0i48234A] C:\Users\James\AppData\Roaming\xtPFmQdK8ZhXjVl\P1uvDobF4m5Q6E8.exe
mRun-x64: [SjVx2p6EqINSomf8234A] C:\Windows\system32\hvDobF4pm5Q6E8R.exe
mRun-x64: [UwCry1Sbp5JWRTj8234A] C:\Users\James\AppData\Roaming\EzPNycA1uDoFp\R6dEK8fRZhX.exe
mRun-x64: [gbDpnG6sKgC8234A] C:\Windows\system32\CgTXqjYCeIr.exe
mRun-x64: [nhzo8IpwvdIp8234A] C:\Windows\system32\FCekIVrzOtAuSiD.exe
mRun-x64: [yR0sUFh1WBnTuKl8234A] C:\Windows\system32\E7L9TjwVOx0Si3G.exe
mRun-x64: [D8gRZ9XUVItyAv8234A] C:\Windows\system32\o7LRhXUltPy.exe
mRun-x64: [IeBPxu23GQdKRhq8234A] C:\Windows\system32\hRhkeBPy1DoFpHs.exe
mRun-x64: [eJEgqCUrBPci3Fm8234A] C:\Windows\system32\ZkeBPci2Fms7Egh.exe
mRun-x64: [rmLrS5qtn8234A] C:\Windows\system32\CIrzPNyA1SbmaW9.exe
mRun-x64: [JBrzPNyxAuSo8234A] C:\Windows\system32\KzPNyAvSbGa6Kf9.exe
mRun-x64: [ZdVDEBGj27rG8234A] C:\Windows\system32\qCelIrzPNAuSbma.exe
mRun-x64: [Uj27rGZPnV48VDJ8234A] C:\Windows\system32\S7gYrx2p4Hs7LTj.exe
mRun-x64: [q4KgClPiG6EhUrB8234A] C:\Windows\system32\dINv4Q8Te.exe
mRun-x64: [llPiG6EhUrBPyiD8234A] C:\Windows\system32\lPci3Fms7.exe
mRun-x64: [DhUrBPyciDFm5W78234A] C:\Users\James\AppData\Roaming\dUrxuF5HWf9XjeV\lPci3Fms7.exe
mRun-x64: [EvoHJ8hV1b5E9jB8234A] C:\Windows\system32\JGU27rGZPnV4.exe
mRun-x64: [vlo6UAGgta8234A] C:\Users\James\AppData\Roaming\TlBrzPNyx1v2\IuD4KgClP.exe
mRun-x64: [i6uZ3XFjmIQra8234A] C:\Windows\system32\I1b5E9jB1Fafku3.exe
mRun-x64: [NaB7PKyRSh292qG8234A] C:\Windows\system32\oFafku369CNcnHf.exe
mRun-x64: [e7fE8gTZqYUlt478234A] C:\Windows\system32\ek6uZ3XFjmIQrar.exe
mRun-x64: [rsLhVz1nsKYV8234A] C:\Windows\system32\k5BJzpRzpLI.exe
mRun-x64: [gLhVz1nsKYVIzN8234A] C:\Windows\system32\wTbqokpVDdCSW.exe
mRun-x64: [NLhVz1nsKYVIzN8234A] C:\Windows\system32\oSpHEqINu1D.exe
mRun-x64: [OGa6KfgjeV8234A] C:\Windows\system32\mNu1Dna6W7EgZhC.exe
mRun-x64: [sivD3onF4HW8234A] C:\Users\James\AppData\Roaming\cTjwVN0cSb3Gm6W\B8ZhCUrBx0.exe
mRun-x64: [DnlEDUJok72IWS8234A] C:\Windows\system32\cY8G2cPCR.exe
mRun-x64: [wolKiIs1wHP9p8234A] C:\Windows\system32\npzfSCWiVZEbNrj.exe
mRun-x64: [BlfvY5cRxRvXiZc8234A] C:\Windows\system32\bVL3cBZJpDiPtBe.exe
mRun-x64: [nNKAgc90Wl4h8234A] C:\Windows\system32\ZiPe85F2SBlejXf.exe
mRun-x64: [NtNAu2Fpm5Q8234A] C:\Windows\system32\SKqzcGKZVc.exe
mRun-x64: [iVtNAu2FpGsJE8R8234A] C:\Windows\system32\VrvmKqB036gI0p6.exe
mRun-x64: [GQd8RhqCIzy0Sbp8234A] C:\Users\James\AppData\Roaming\IfwxDsRU02QZecF\f9CxmKXrvG.exe
mRun-x64: [iBDQRlxbQRCybHf8234A] C:\Windows\system32\bVlejfKmo2v1zrC.exe
mRun-x64: [RP0Dn4pHs9XjeBP8234A] C:\Windows\system32\h6Oaw3LB4Kjc46h.exe
mRun-x64: [RP0Dn4pHE9XjeBP8234A] C:\Windows\system32\yVnh1dlFKjc.exe
mRun-x64: [uRZ9hYwUVlBz8234A] C:\Windows\system32\qKR9hVz1Dbp5JE8.exe
mRun-x64: [vZ9hYwUVeItPy8234A] C:\Windows\system32\OTUIrNAvo3GQdKR.exe
mRun-x64: [RUVelIBtzNc1v2b8234A] C:\Users\James\AppData\Roaming\iqItSn6fZUOxySv\ThYXwkUVeBz0Dn4.exe
mRun-x64: [BwUVelIBtPyAv2b8234A] C:\Windows\system32\NZqhYXwkUeBz0D.exe
mRun-x64: [ZVelIBtzPyAv2b48234A] C:\Users\James\AppData\Roaming\axySvo4HWd\ThYXwkUVeBz0Dn4.exe
mRun-x64: [pelIBtzPNc1v2b48234A] C:\Windows\system32\wD4W9YrPiG.exe
mRun-x64: [LNua9YOc4gl15qB8234A] C:\Users\James\AppData\Roaming\JgRZ9hYwUeIt\VcA1vD2b4.exe
mRun-x64: [kS92j4lmr5U8234A] C:\Windows\system32\vfXezA2m6fTkOuF.exe
mRun-x64: [a81ZvhuZSRvR08234A] C:\Windows\system32\uTkOuF5dLjkrNua.exe
mRun-x64: [WloLOoZAsXx5TNG8234A] C:\Windows\system32\StDJYPFEVu.exe
mRun-x64: [CjAHYc6ZPGT8234A] C:\Windows\system32\jisYNbKl2d.exe
mRun-x64: [Xr3fkSsCcs8234A] C:\Users\James\AppData\Roaming\qsYNbKl2dCu6YuQ\puHqc7VoRBGlszJ.exe
mRun-x64: [uCtvH8wzvpEYBub8234A] C:\Windows\system32\pUbjpq3qbEl3.exe
mRun-x64: [VrAoGdLTjeBOxu28234A] C:\Windows\system32\ZPGTBFRzp.exe
mRun-x64: [ua6KRTjer8234A] C:\Windows\system32\sfl1mRUNvpQRqI.exe
mRun-x64: [h0Si3GQs7LTj8234A] C:\Users\James\AppData\Roaming\sfl1mRUNvpQRqI\Ac3afTCNu.exe
mRun-x64: [OGQs7LTjwVOxu1D8234A] C:\Windows\system32\lTCNuosLC.exe
mRun-x64: [Ta5JEgqYkVOz8234A] C:\Windows\system32\zafTCNuosLCtvH8.exe
mRun-x64: [TrQBaCpj3Cakplp8234A] C:\Windows\system32\DV4wSLA7xslmVmO.exe
mRun-x64: [x9gXYCIzt0Sbna68234A] C:\Windows\system32\dOzy1Dnp5JEg.exe
mRun-x64: [qhr2GKkxnWjz8234A] C:\Windows\system32\U6KRhqCIzy0Sbp5.exe
mRun-x64: [BBOy0Sb3GHKRgqC8234A] C:\Windows\system32\tRlu3JUO3H.exe
mRun-x64: [ktxP0yciv3n8234A] C:\Windows\system32\dibD3onG4m6W7EC.exe
mRun-x64: [vELThwUOtPci3n48234A] C:\Windows\system32\Ks7fLgZYwIltPci.exe
mRun-x64: [BweyopaLCr8234A] C:\Windows\system32\wAn4Hs7Eg9.exe
mRun-x64: [pyopaLCr0bna8234A] C:\Windows\system32\Cn4Hs7Eg9Yj.exe
mRun-x64: [haLCr0bna8234A] C:\Windows\system32\y0An4Hs7Eg9YjVI.exe
mRun-x64: [UopaLCr0bnaHWf98234A] C:\Windows\system32\pt0An4Hs7Eg9YjV.exe
mRun-x64: [ehVx1omWdgqXUlB8234A] C:\Windows\system32\SIzNAvoFm5JdKR9.exe
mRun-x64: [qv4J8XIvde1p8234A] C:\Windows\system32\DJ7dEqkezAoH7gY.exe
mRun-x64: [Kym8wypdTIA369r8234A] C:\Users\James\AppData\Roaming\LyopaLCr0bn\OHWf9TjerNAciDn.exe
mRun-x64: [HwypdTIA369rups8234A] C:\Users\James\AppData\Roaming\QLCr0bnaHWf\eTjerNAciDna6W.exe
mRun-x64: [oo8IvJjAHCcHTOb8234A] C:\Users\James\AppData\Roaming\x3on4m5J7EqkezA\FH7gYVtAomJ8hjC.exe
mRun-x64: [Xsgkxbmgrcm8kzo8234A] C:\Windows\system32\aZjwVltPci.exe
mRun-x64: [RpdYB1pEwrvm6Rq8234A] C:\Windows\system32\Rgrcm8kzv5ZlAFJ.exe
mRun-x64: [AG4amH6sW7EgqYU8234A] C:\Windows\system32\XVx23GQ7gY.exe
mRun-x64: [xnG4amH6sJfgqYU8234A] C:\Windows\system32\aynQZeybJhlAF.exe
mRun-x64: [XUPDmdYBDQYtvQf8234A] C:\Windows\system32\wt48tGwS8OGXAHw.exe
mRun-x64: [d2obF4p5JEfZXUl8234A] C:\Windows\system32\b7fEgqYUyD4.exe
mRun-x64: [h79YrASpQ7ZIPDm8234A] C:\Windows\system32\RQYv8zGjSWI3LNm.exe
mRun-x64: [BgkP36LkP358wzv8234A] C:\Windows\system32\k1oGWLTCz0F.exe
mRun-x64: [tPNycA1uv2b4m5Q8234A] C:\Windows\system32\kYkVOzyAvo4ms7E.exe
mRun-x64: [F2sKTlxoGdRqkNv8234A] C:\Windows\system32\v9YrASpQ7ZIPDmJ.exe
mRun-x64: [e8hCrAin6RqkNi8234A] C:\Windows\system32\xpQ7ZIPDmJZV035.exe
mRun-x64: [CcGsfTwl0b4WLqU8234A] C:\Users\James\AppData\Roaming\RtiG6EYOSFJ\IO1pdhlcosfUN2a.exe
mRun-x64: [YUVrlOBtx0cn48234A] C:\Windows\system32\aQH6dWK7fg.exe
mRun-x64: [vsfTwl0b4WLqUtS8234A] C:\Windows\system32\St1469lxF6TBu.exe
mRun-x64: [SQRqItSpH7Twl0b8234A] C:\Windows\system32\STlxoGdRqkNvFaK.exe
mRun-x64: [kHWd8ZXUlt0Avo8234A] C:\Windows\system32\LYl0in5EZkOyD4Q.exe
mRun-x64: [iUlt0Avo4Q8234A] C:\Windows\system32\EVz1oHdRwlNuo4G.exe
mRun-x64: [qFmdRXltN8234A] C:\Windows\system32\jRVyoJZeybJRCyb.exe
mRun-x64: [Cs6dEK8fR9T8234A] C:\Windows\system32\ZUeBzyAv2Fmd.exe
mRun-x64: [DePAvo4mJdfhwCI8234A] C:\Windows\system32\jqrun6RqItSpQLw.exe
mRun-x64: [wNyxAviFGaHdKfL8234A] C:\Windows\system32\vxo7XBc2mJ8YePA.exe
mRun-x64: [UxAviFG5aHdKfLg8234A] C:\Windows\system32\Eo4mJdf9wCIzy1S.exe
mRun-x64: [cYjeIzyADb4m8234A] C:\Windows\system32\yzv4QKhVz1b5E9U.exe
mRun-x64: [lF4pmG5sQ6E88234A] C:\Windows\system32\XE9UrAoGdRqIy.exe
mRun-x64: [xjUCelIBrPy8234A] C:\Users\James\AppData\Roaming\adqUB0Avo4\DQd8ZYjeIzy1Db4.exe
mRun-x64: [Ewl0in5dRXlN1om8234A] C:\Windows\system32\ZdWK8fRL9TqUeIr.exe
mRun-x64: [qrx2m6RqkNuFaK98234A] C:\Windows\system32\cRL9hTXqjCkBNv2.exe
mRun-x64: [wH6sWJ7fE8TqYwU8234A] C:\Windows\system32\ALTjCVOxuiDo.exe
mRun-x64: [eQTIAGLkxinWZwO8234A] C:\Windows\system32\glc4KwzGfCu5Rk.exe
mRun-x64: [UsLwz1oHEXBcDp8234A] C:\Windows\system32\VCN3WCx1nWZwOyv.exe
mRun-x64: [GHEXBcDps88234A] C:\Windows\system32\PwOyvaEqwVO.exe
mRun-x64: [eL9qCIzxu2F8234A] C:\Windows\system32\grBxy1vo4Hs7LRh.exe
mRun-x64: [DL9qCIzxu2F8234A] C:\Windows\system32\lkrBxy1vo4Hs7LR.exe
mRun-x64: [EA0uvS2ib35Q6f98234A] C:\Windows\system32\ewVOyD4Hsd8Rhw.exe
mRun-x64: [krlONPS1i3G8234A] C:\Users\James\AppData\Roaming\cPDG68ZjBy1S\KmaKfhqCIzyAuSi.exe
mRun-x64: [SVrltis7Eg8234A] C:\Windows\system32\PG4aQH6sW7E.exe
mRun-x64: [SERYkeBPci8234A] C:\Windows\system32\qi3Gas7LCUrt0c1.exe
mRun-x64: [HJERYkeBPci2Fms8234A] C:\Users\James\AppData\Roaming\bD3p67LgZlSi3Ga\O7LCUrtPc1.exe
mRun-x64: [uAi3ad7R9XjeVOx8234A] C:\Windows\system32\FcaLUcH9ID58.exe
mRun-x64: [S2ibD3a6W7EgZYw8234A] C:\Windows\system32\C9eNSpQd8LqUkNu.exe
mRun-x64: [tW7EZYwIVO8234A] C:\Windows\system32\Qz1baWXrupQKqIt.exe
mRun-x64: [OYCwkIrO0SiDoGa8234A] C:\Windows\system32\seVOxA0u2b36W7E.exe
mRun-x64: [oWJ7fEL8gqYwVOx8234A] C:\Windows\system32\w6RCzASi3QW7E.exe
mRun-x64: [iCwkOxy1ioFa5W78234A] C:\Windows\system32\pibD3onG4m6W7E8.exe
mRun-x64: [N9VzAomE9jrxSmJ8234A] C:\Users\James\AppData\Roaming\w4amH6sWJfLgYwO\ay1ivonF4m5W7E8.exe
mRun-x64: [uRgTYkIVr8234A] C:\Windows\system32\nnHfTItc3m7TVtS.exe
mRun-x64: [EYeIVrciDn4Qf8234A] C:\Windows\system32\OLYrPiFsLhUBcom.exe
mRun-x64: [BfEL9gTZqYwIrOt8234A] C:\Windows\system32\GkNubaWRgXjeIrc.exe
mRun-x64: [BELTZqjYCkVlNx08234A] C:\Windows\system32\BWfRgTYkIrtcbpG.exe
mRun-x64: [qlOBtx0S18234A] C:\Windows\system32\dVrlONtxPuSi.exe
mRun-x64: [XXwkVOzy1Dn4Hs78234A] C:\Windows\system32\OlBxy1v3naHWd.exe
mRun-x64: [bwePvF56RwexS3a8234A] C:\Windows\system32\WeBzy1DFm.exe
mRun-x64: [swClPxm6Rhqkyv8234A] C:\Windows\system32\KZ9hYXwjUeBc1v2.exe
mRun-x64: [hfjOv3d9YrxS3a68234A] C:\Windows\system32\hBxiGdgCzSps.exe
mRun-x64: [z4HsKE9ZYw8234A] C:\Windows\system32\KGJWf9TUeBOx0Sb.exe
mRun-x64: [CEgqCVOPi4JLZkB8234A] C:\Windows\system32\e0oH7hUxDHXBiFJ.exe
mRun-x64: [FQK9Cz0inHEq8234A] C:\Windows\system32\TgqCUOxcDaJE.exe
mRun-x64: [UelIPc2JRwl8234A] C:\Windows\system32\FQK9Cz0inHEq.exe
mRun-x64: [mhwelIPc2JRwlyS8234A] C:\Windows\system32\TTjeO2pQK.exe
mRun-x64: [UCekBrNAui3Ga6K8234A] C:\Windows\system32\zFm5QKZwlB.exe
mRun-x64: [PtSoHWfTwBy3mJ8234A] C:\Windows\system32\obQferxi3GQ7Rg.exe
mRun-x64: [dRhVIzNAo8234A] C:\Windows\system32\IhVx1F5EqUP2sKh.exe
mRun-x64: [UTwCzy1SpJKRTje8234A] C:\Windows\system32\Ytc3aJEgqX.exe
mRun-x64: [rhYwkUltP8234A] C:\Windows\system32\GKf9XVNA2p.exe
mRun-x64: [kna67hkUrBP8234A] C:\Windows\system32\mJKRTXjeBO.exe
mRun-x64: [AomJ8YVtcD4W8234A] C:\Windows\system32\PZhwVOzy1Do4ms7.exe
mRun-x64: [if9TjwVlNx0cb8234A] C:\Windows\system32\yb4sEZwlPin.exe
mRun-x64: [W4HWf8ZhwVOxySD8234A] C:\Windows\system32\LDp4HWf9TjwVltP.exe
mRun-x64: [smH5s7E8gqYkVOz8234A] C:\Windows\system32\SPDnaHW7ghwOPyv.exe
mRun-x64: [sGaJWf9XUkrNAv8234A] C:\Windows\system32\J5sWJ7dELgZhkeO.exe
mRun-x64: [BwVOxu1o4Hs7Tkl8234A] C:\Windows\system32\ukVOzyio4HQ7.exe
mRun-x64: [pUCelIxA1SoFm5J8234A] C:\Windows\system32\Js7LThwUrOtPy1D.exe
mRun-x64: [xClzxA1SoFGJWLX8234A] C:\Windows\system32\Pi3GQ7TjwVOxuDo.exe
mRun-x64: [yqhYCwkUlt0Sv3F8234A] C:\Windows\system32\RfLXUkBOAu2bna6.exe
mRun-x64: [CUt0v3FJEgqkyiD8234A] C:\Windows\system32\kUIzx2Fn6KRgqC.exe
mRun-x64: [XAoQKRhwVIzy1Db8234A] C:\Windows\system32\zDn5JEgXUl.exe
mRun-x64: [yd8ZTjeBPyAv2b38234A] C:\Windows\system32\b1Sbp5JWR9XUkr.exe
mRun-x64: [jhTXqjUCeBzyuSi8234A] C:\Windows\system32\ETjeBPyAv2b3Ga6.exe
mRun-x64: [etxA0ucbDpGHsKf8234A] C:\Windows\system32\UK7R9gTXqYe.exe
mRun-x64: [kGH6sWK7fgqYkVO8234A] C:\Windows\system32\ogTXqjYCerOtAu.exe
mRun-x64: [EH6sWK7fEgqwIlt8234A] C:\Windows\system32\tXqjYCekIOtAubn.exe
mRun-x64: [z6WR9XCIrNx0i8234A] C:\Windows\system32\Un6EZwlPv4W.exe
mRun-x64: [tibnG4H6sKfLTqY8234A] C:\Windows\system32\a0v4Q8YePuFsK.exe
mRun-x64: [tibDnG4HsKfTqYw8234A] C:\Windows\system32\gTUkrNviFna6WR9.exe
mRun-x64: [LlONtxP0uSiDoGa8234A] C:\Windows\system32\DsWK7fETZjC.exe
mRun-x64: [e8gTZqhYCkV8234A] C:\Windows\system32\kwkrlONtx0c1b3n.exe
mRun-x64: [yUVrlOBtxc1v3n48234A] C:\Windows\system32\o3onG4amHsJfLgZ.exe
mRun-x64: [QJRhwCIzyAvp5Jd8234A] C:\Windows\system32\C13Fms7LqXUt0Av.exe
mRun-x64: [GIlN0ci3n6JEgCU8234A] C:\Windows\system32\GByuSbGHWf9XYkN.exe
mRun-x64: [zBtzNyc1uDoFp8234A] C:\Windows\system32\lFm57LRqYkVOt01.exe
mRun-x64: [zIBNycv2b4m5J8234A] C:\Windows\system32\IRwVOt0vo.exe
mRun-x64: [XNyc1uvD2b45JE88234A] C:\Windows\system32\AVOt01Dnp5QEgZY.exe
mRun-x64: [CelIzyAvo3ma6Kf8234A] C:\Windows\system32\HJ6EK8fRZhX.exe
mRun-x64: [ec1Dnp5Qd8R8234A] C:\Windows\system32\LfRL9gXztASDGsY.exe
mRun-x64: [JXwjUVelItPyAuD8234A] C:\Windows\system32\y6EZkBcD4W8.exe
mRun-x64: [tG5sQJ6dE8R9TwU8234A] C:\Windows\system32\cA1uvD2ob.exe
mRun-x64: [Y6dEK8fRZhXjlBz8234A] C:\Windows\system32\OlIBtzPNyAuDoFG.exe
mRun-x64: [K8fRZ9hTXjlBzNx8234A] C:\Windows\system32\ZzPNycA1uDoFGsJ.exe
mRun-x64: [nJ6dWK8fR9TqUeI8234A] C:\Windows\system32\p4G5sQJ6dKfZhXj.exe
mRun-x64: [IUCekIBrzNx0v2b8234A] C:\Windows\system32\v8YeP1b5E9jBx.exe
mRun-x64: [pBrzONyxAuSiFpG8234A] C:\Windows\system32\QjOuDafqUtv4WZ.exe
mRun-x64: [XQH6dWK7fLgjCkV8234A] C:\Windows\system32\dvS2ibF3p.exe
mRun-x64: [mjYCekIVrO8234A] C:\Windows\system32\zpnG5aQH6W7R9.exe
mRun-x64: [zS2ibD3pn4Q6W7E8234A] C:\Windows\system32\OnG5aQH6dKfLg.exe
mRun-x64: [mEL9gTZqjCkVlNx8234A] C:\Users\James\AppData\Roaming\mjYCekIVrO\KtxA0ucS2b3n4Q6.exe
mRun-x64: [q8ThwklOBx0c1Do8234A] C:\Windows\system32\oVxu2Dn6KEgCIl.exe
mRun-x64: [bwklOBtxPySiDoF8234A] C:\Windows\system32\J2Da6KEgCIl0SDn.exe
mRun-x64: [NOBtxP0yc1DoFaH8234A] C:\Windows\system32\Cl0SDna6WLT.exe
mRun-x64: [V7dEL8gRZ8234A] C:\Windows\system32\J0ycS1iD3n4m.exe
mRun-x64: [GJ7dEK8gR9YwUeI8234A] C:\Users\James\AppData\Roaming\V7dEL8gRZ\PhYXwkUVeOtPyA.exe
mRun-x64: [fPycAivD2FpHs8234A] C:\Windows\system32\FF4amH5WJ.exe
mRun-x64: [pcAivD2F4m5Q7E88234A] C:\Windows\system32\xamH5WJdgqY.exe
mRun-x64: [d4pmH5sQJdKgZhX8234A] C:\Windows\system32\bL8gqhXUVltPc1v.exe
mRun-x64: [CsQJ6dEK8R9TwUe8234A] C:\Users\James\AppData\Roaming\d4pmH5sQJdKgZhX\IjelIBtzPyAuDoF.exe
mRun-x64: [FBtxP0ycSiDoFa58234A] C:\Windows\system32\o1bom6WfE8TYwU.exe
mRun-x64: [Z5sWJ7dELgZhXkV8234A] C:\Windows\system32\EVrlOBtxPySiDoF.exe
mRun-x64: [TH5sWJ7dE8RqYwV8234A] C:\Windows\system32\VkUVrlOBtPySiDo.exe
mRun-x64: [cJ6dWK8fR9TqUeI8234A] C:\Windows\system32\xqXVlOBtz0c1v2n.exe
mRun-x64: [KBrzONyxAuSiFpG8234A] C:\Windows\system32\efRL9hTXqUe.exe
mRun-x64: [v0ucS2ibDpGaHsK8234A] C:\Users\James\AppData\Roaming\CekIBrzONx0v2b3\knG5aQH6dKfLgX.exe
mRun-x64: [e0ycS1ivDoFaHs8234A] C:\Windows\system32\L6JEgqYCwVl.exe
mRun-x64: [sYXwkUVeBz0c1v28234A] C:\Windows\system32\RivD3onF4msJdLg.exe
mRun-x64: [m0ycA1ivDoFpH8234A] C:\Windows\system32\DdEL8gRZqYwUeO.exe
mRun-x64: [LrzPNyxA1So3G6W8234A] C:\Windows\system32\W5sQJ6dEKfZhXjC.exe
mRun-x64: [flIBrPNyx12b3m58234A] C:\Windows\system32\FvDobF4pm5Q68Rh.exe
mRun-x64: [vaQH6dWK7LgXj8234A] C:\Windows\system32\GCeIBrzONx0v2.exe
mRun-x64: [CzONyxA0u2FpGaH8234A] C:\Windows\system32\DF3pmGaQJW8R9Tq.exe
mRun-x64: [aQH6sWK7fLgZj8234A] C:\Windows\system32\bVrzONtxAuSiDp.exe
mRun-x64: [abD3pnGQ6W7LTqC8234A] C:\Windows\system32\y6dWK7fRgXjCkrN.exe
mRun-x64: [Q0cA1iDn4m5Q78R8234A] C:\Windows\system32\XrBx0Si3Fms7EgZ.exe
mRun-x64: [jWJ7fEL8gZhCV8234A] C:\Windows\system32\lVNtxP0ucb3n.exe
mRun-x64: [pnF4pmH5sJdKgZh8234A] C:\Windows\system32\WqhYXwkUVlBz0c1.exe
mRun-x64: [SIBtzPNyc1v2b4m8234A] C:\Windows\system32\nn4pmH5sQ7E8R9Y.exe
mRun-x64: [UA1uvS2ob3m5Q6W8234A] C:\Windows\system32\O6dEK8fRZhXjClB.exe
mRun-x64: [pTXqjUCeI8234A] C:\Windows\system32\nIBNyx1vSb3m5W8.exe
mRun-x64: [S9gTXqjYCkVzNx08234A] C:\Windows\system32\vnG5aQH6dK.exe
mRun-x64: [SnG5aQH6dKfLg8234A] C:\Windows\system32\xjUCIBrzOyAuSi.exe
mRun-x64: [qONtxA0uc2b3n4Q8234A] C:\Windows\system32\IaQH6dWK7R9TqYe.exe
mRun-x64: [hzONyxA0uSiFpGa8234A] C:\Windows\system32\I5aQJ6dWKfLhXjC.exe
mRun-x64: [TONyxA0uv2b3n5Q8234A] C:\Windows\system32\fQJ6dWK8fLhXjCk.exe
mRun-x64: [ppnG5aQH6W7R9Tq8234A] C:\Windows\system32\WXqjUCekIrOyAuS.exe
mRun-x64: [AQH6dWK7fLgXjCk8234A] C:\Windows\system32\lkIBrzONyAuSiFp.exe
mRun-x64: [dG4aQH6sW7E9TqY8234A] C:\Windows\system32\TjYCekIVrOtAuSi.exe
mRun-x64: [bH6sWK7fE9TqYwI8234A] C:\Windows\system32\aCekIVrzOtAuSiD.exe
mRun-x64: [JWJ7fEL8gZYwUrO8234A] C:\Windows\system32\nlONtxP0uSiDoGa.exe
mRun-x64: [l5sWJ7dELgZh8234A] C:\Users\James\AppData\Roaming\XH6sWJ7fE8TqYwU\krlOBtxP0c1v3n.exe
mRun-x64: [tlOBtzP0yAiDo8234A] C:\Windows\system32\emH5sWJ7dLgZhX.exe
mRun-x64: [XP0ycA1iv2n4m5Q8234A] C:\Windows\system32\fsWJ7dEL8RqYwUe.exe
mRun-x64: [vS1ivD3on48234A] C:\Windows\system32\jTZqhYCwkVlBx.exe
mRun-x64: [ccS1ivD3oFaH8234A] C:\Windows\system32\PL8gTZqhYwUrOt.exe
mRun-x64: [uYCwkUVrBx0c1v38234A] C:\Windows\system32\smH6sWJ7fLg.exe
mRun-x64: [svD3onF4aHsJdLg8234A] C:\Windows\system32\R8gTZqhYCkVlBx0.exe
mRun-x64: [AhYXwjUVeItPyAu8234A] C:\Windows\system32\zivD2onF4m5Q7E8.exe
mRun-x64: [LG5sQJ6dE8R9TwU8234A] C:\Windows\system32\blIBtzPNyAu.exe
mRun-x64: [cuvS2obF3m5Q8234A] C:\Windows\system32\KZ9hYXUVeItPyAu.exe
mRun-x64: [iH6dWK7fR9TqYeI8234A] C:\Windows\system32\rhTXqjUCeIrOyAu.exe
mRun-x64: [hvD2onF4pHsJdKg8234A] C:\Windows\system32\bD3onF4am5W7E8R.exe
mRun-x64: [JS1ivD3on8234A] C:\Windows\system32\VsWJ7fEL8TqYwUr.exe
mRun-x64: [xsWJ7dEL8RqYwUe8234A] C:\Windows\system32\FEL8gTZqhCkV.exe
mRun-x64: [sdEK8gRZ9YwUeIt8234A] C:\Windows\system32\gOBtzP0yc1v2n4m.exe
mRun-x64: [VYCekIVrzNx0c2b8234A] C:\Windows\system32\XJ7dEK8gR9YwUeI.exe
mRun-x64: [oNtxP0ucSiDoGaH8234A] C:\Windows\system32\unG5aQH6dKfLgXj.exe
mRun-x64: [CIVrlONtxuSiDoG8234A] C:\Windows\system32\lbD3pnG4aHsKfLg.exe
mRun-x64: [RycA1ivD2n4m5Q78234A] C:\Windows\system32\pnF4amH5sJdLgZh.exe
mRun-x64: [w3onF4amHsJdL8234A] C:\Windows\system32\ghYXwkUVeOtPyA.exe
mRun-x64: [rsWJ7dEL8RqYwUe8234A] C:\Windows\system32\RhYCwkUVrOtPySi.exe
mRun-x64: [gpmH5sQ7dKgZhXj8234A] C:\Windows\system32\cZqhYXwkUeOtPyA.exe
mRun-x64: [J1ivD2onFpHsJdK8234A] C:\Windows\system32\R7dEL8gRZhXkVl.exe
mRun-x64: [JBtzPNycA8234A] C:\Windows\system32\SvD2onF4pHsJdKg.exe
mRun-x64: [XVelIBtzPy8234A] C:\Windows\system32\c1ivD2onFpHsJdK.exe
mRun-x64: [qF4pmG5sQ8234A] C:\Windows\system32\PsQJ7dEK8R9YwUe.exe
mRun-x64: [ldEK8gRZ9YwUeIt8234A] C:\Windows\system32\nivD2onF4.exe
mRun-x64: [rvD2onF4pHsJ8234A] C:\Windows\system32\kZqhYXwkUeOtPy.exe
mRun-x64: [B2onF4pmHsJdKgZ8234A] C:\Windows\system32\jRZqhYXwkVlBz0c.exe
mRun-x64: [QP0ycA1iv2n4m58234A] C:\Windows\system32\pWJ7dEL8gZhXkVl.exe
mRun-x64: [DwkUVelOBz08234A] C:\Windows\system32\jF4amH5sW7E8R.exe
mRun-x64: [OdEL8gRZqYwUeOt8234A] C:\Windows\system32\ktxP0ycS1v3n4m5.exe
mRun-x64: [xbD3onG4aHsJfLg8234A] C:\Windows\system32\S8gTZqhYCkVlBx0.exe
mRun-x64: [dP0ucS1ib3n4m6W8234A] C:\Windows\system32\T6sWK7fELgZjCkV.exe
mRun-x64: [bucS1ibD3n4m6W78234A] C:\Windows\system32\HK7fEL9gTqYwIrO.exe
mRun-x64: [WZqjYCwkIrOt8234A] C:\Windows\system32\HibD3pnG4Q6W7E.exe
mRun-x64: [ZucS2ibD3n4Q6W78234A] C:\Windows\system32\dK7fRL9gTqYeIrO.exe
mRun-x64: [RA0ucS2ib3n4Q6W8234A] C:\Windows\system32\sWK7fRL9gXjCkVz.exe
mRun-x64: [kzONtxA0uSiDpGa8234A] C:\Windows\system32\P5aQH6dWKfLgXjC.exe
mRun-x64: [LqjUCekIBzNx0v8234A] C:\Windows\system32\W2obF3pmGaJdKfL.exe
mRun-x64: [V9hTXqjUCkBzNx08234A] C:\Windows\system32\hA1uvS2ob3m5Q6W.exe
mRun-x64: [KTXqjUCekBzNx0v8234A] C:\Windows\system32\auvS2obF3m5Q6W8.exe
mRun-x64: [k0uvS2ibFpGaHdK8234A] C:\Windows\system32\xdWK8fRL9TqUeIr.exe
mRun-x64: [W6dWK7fRLgXjCkV8234A] C:\Windows\system32\aBrzONyxAuSiFpG.exe
mRun-x64: [Y5aQH6dWKfLgXjC8234A] C:\Windows\system32\fCekIBrzOyAuSiF.exe
mRun-x64: [TG5aQH6dW7R9TqY8234A] C:\Windows\system32\fUCekIBrzNx0v2b.exe
mRun-x64: [GXqjUCekIrOyAuS8234A] C:\Windows\system32\vS2obF3pm5Q6W8R.exe
mRun-x64: [lxA0uvS2iFpG8234A] C:\Windows\system32\UK8fRL9hTqUeIr.exe
mRun-x64: [rTXqjUCekBzNx0v8234A] C:\Windows\system32\SvS2obF3pGaJdKf.exe
mRun-x64: [h6dWK8fRLhXjCkB8234A] C:\Windows\system32\BBrzPNyxAuSoFpG.exe
mRun-x64: [rG5aQJ6dW8R9TqU8234A] C:\Windows\system32\SUCelIBrzNx1v2b.exe
mRun-x64: [tyxA1uvS2b3m58234A] C:\Windows\system32\edEK8fRZ9TwUeI.exe
mRun-x64: [xXwjUVelItPyAuD8234A] C:\Windows\system32\ZpmH5sQJ7E8R.exe
mRun-x64: [AQJ7dEK8gZhXjVl8234A] C:\Windows\system32\v1ivD2onFp.exe
mRun-x64: [hwjUVelIBzNc1v28234A] C:\Windows\system32\V2onF4pmHsJdKgZ.exe
mRun-x64: [x2obF4pmGsJdKf8234A] C:\Windows\system32\rZ9hYXwjUeItPyA.exe
mRun-x64: [n1uvD2obFpGsJdK8234A] C:\Windows\system32\uK8gRZ9hYwUeItP.exe
mRun-x64: [AlIBtzPNyAuD8234A] C:\Windows\system32\NH5sQJ7dE8R9Yw.exe
mRun-x64: [YBtzPNycAuDoFpG8234A] C:\Windows\system32\gH5sQJ7dE8R9YwU.exe
mRun-x64: [LEK8gRZ9hXjVlBz8234A] C:\Windows\system32\YOBtzP0yc1v2n4m.exe
mRun-x64: [mnF4pmH5sJdKgZh8234A] C:\Windows\system32\KqhYXwkUVlBz0c1.exe
mRun-x64: [fivD2onF4m5Q7E88234A] C:\Windows\system32\X8gRZqhYXkVlBz0.exe
mRun-x64: [KvD2onF4pHsJdKg8234A] C:\Windows\system32\QgRZqhYXwUeOtPy.exe
mRun-x64: [D2onF4pmHsJdKgZ8234A] C:\Windows\system32\yRZqhYXwkVlBz0c.exe
mRun-x64: [fgRZ9hYXwUeItPy8234A] C:\Windows\system32\Y0ycA1ivDoFpHsJ.exe
mRun-x64: [PwkUVelOBz0c1v8234A] C:\Windows\system32\l3onF4amHsJdLgZ.exe
mRun-x64: [NwkUVelOBz0c1v28234A] C:\Windows\system32\I3onF4amHsJdLgZ.exe
mRun-x64: [gwkUVelOBz0c1v28234A] C:\Windows\system32\V3onF4amHsJdLgZ.exe
mRun-x64: [UP0ycA1iv2n4m58234A] C:\Windows\system32\hWJ7dEL8gZhXkVl.exe
mRun-x64: [jtzP0ycA1v2n4m58234A] C:\Windows\system32\B5sWJ7dELgZhXkV.exe
mRun-x64: [fEK8gRZ9hXjVlBz8234A] C:\Windows\system32\XzP0ycA1iDoFpHs.exe
mRun-x64: [m4pmH5sQJdKgZhX8234A] C:\Windows\system32\J0ycA1ivD.exe
mRun-x64: [atxP0ycS1v8234A] C:\Windows\system32\t7fEL8gTZhCkV.exe
mRun-x64: [dvD3onF4aHsJdLg8234A] C:\Windows\system32\T8gTZqhYCkVlBx0.exe
mRun-x64: [dzP0ycA1iDoF8234A] C:\Windows\system32\QJ7dEL8gRqYwUe.exe
mRun-x64: [IQJ7dEK8gZhX8234A] C:\Windows\system32\UOBtzP0yc1v2n4.exe
mRun-x64: [q9hYXwjUVlBzNc18234A] C:\Windows\system32\DycA1ivD2n4m5Q7.exe
mRun-x64: [dQJ7dEK8gZhXjVl8234A] C:\Windows\system32\B1ivD2onFp.exe
mRun-x64: [EWJ7dEL8gZhXkVl8234A] C:\Windows\system32\TVrlOBtxPySiDoF.exe
mRun-x64: [XqhYXwkUVlBz0c18234A] C:\Windows\system32\E1ivD3onFaHsJdL.exe
mRun-x64: [LjUVelIBtPyAuDo8234A] C:\Users\James\AppData\Roaming\yXwkUVelOtPyAiD\WonF4pmH5Q7E8R9.exe
mRun-x64: [O9hTXqjUCk8234A] C:\Windows\system32\lUCelIBrzNx1v2b.exe
mRun-x64: [bxA0uvS2iFp8234A] C:\Windows\system32\kfRL9hTXqUeIrO.exe
mRun-x64: [eibD3pnG4Q6W7E8234A] C:\Windows\system32\jTXqjYCekVzNx0c.exe
mRun-x64: [Si3GQd79jCIzt0S8234A] C:\Windows\system32\EZhkVBPcDn45Jd8.exe
mRun-x64: [dwjUClIBr8234A] C:\Windows\system32\xcsTSQTzbdI.exe
mRun-x64: [EwjUClIBrP8234A] C:\Windows\system32\rjS6Cc6knqcHRlD.exe
mRun-x64: [LaKheBPy1Sb8234A] C:\Windows\system32\B7EgZhkeOt.exe
mRun-x64: [xKheBPy1SbpGaJ8234A] C:\Windows\system32\fZhwUlBPy1.exe
mRun-x64: [p3n5HdWK7RApsgC8234A] C:\Windows\system32\j9hTXwjUClBzNx1.exe
mRun-x64: [dWRU0o5gj8234A] C:\Windows\system32\OkIBAv23n5HdKRA.exe
mRun-x64: [q7ZU0oWRU0o5gjz8234A] C:\Windows\system32\X0vn5JEgYkeOz.exe
mRun-x64: [bZU0oWRU0o5gjzo8234A] C:\Users\James\AppData\Roaming\k3aKheBPy1Sb3Ga\C9hXUekIBAv23n5.exe
mRun-x64: [igCz0iG6EZkNc3a8234A] C:\Windows\system32\VdZjy5wAJUAbH7q.exe
mRun-x64: [qG6EZkNc3aJgCl08234A] C:\Windows\system32\wQ8Ye1JUvWkvpWT.exe
mRun-x64: [Kop5JE8ZTwUlB8234A] C:\Users\James\AppData\Roaming\DwINubG6Rqk\naKgCz0iG.exe
mRun-x64: [oop5JE8ZTwUlBP8234A] C:\Users\James\AppData\Roaming\DwINubG6Rqk\qKgCz0iG6EZk.exe
mRun-x64: [qOxu23GQs7EgqYV8234A] C:\Windows\system32\WvoFms7KRhwVBop.exe
mRun-x64: [dkOxSbD3G8234A] C:\Windows\system32\YcvoFms7KRhwVBo.exe
mRun-x64: [JFsELgZhkltPyAD8234A] C:\Windows\system32\ABPx1SbpG.exe
mRun-x64: [CltNcA1uDb4msJ8234A] C:\Users\James\AppData\Roaming\q0viF3p5a\md7RgjkOxu23GHs.exe
mRun-x64: [vDnp5JgluX8234A] C:\Windows\system32\iDFQ7K8RYIcoGdR.exe
mRun-x64: [auDb4msJdKfZXjC8234A] C:\Windows\system32\FOxSbD3GaHWf.exe
mRun-x64: [wfqItiboHJ8234A] C:\Windows\system32\ud9COvpQWfCzbQZ.exe
mRun-x64: [NByioHJLqVv8234A] C:\Windows\system32\nfRL9hTXqUeIrOy.exe
mRun-x64: [buQ8RTjCIrN0Sip8234A] C:\Users\James\AppData\Roaming\uJLZYkBPSDo4\zbClxAu2FpGa6W8.exe
mRun-x64: [DP5jbUaOf2CHPZ58234A] C:\Windows\system32\GF4pmG5sQ6E8R.exe
mRun-x64: [h7CxoJYtn7jcJCu8234A] C:\Windows\system32\geUEe3d9qezxvi5.exe
mRun-x64: [EyyBzVYLa0wdbAV8234A] C:\Users\James\AppData\Roaming\Epm5aQd8Lh\yGdRqIA3Wj0mhPa.exe
mRun-x64: [nAi4WLjIx8234A] C:\Windows\system32\gEicRoe6ATQ.exe
mRun-x64: [e7TYlyv4EXtimKw8234A] C:\Windows\system32\zoe6ATQNTnesFUG.exe
mRun-x64: [zF7YBumZrodU05g8234A] C:\Windows\system32\Ke6OUW1UEoeXbq1.exe
mRun-x64: [KcHYS7B5Un8234A] C:\Users\James\AppData\Roaming\cKxldDlf32j3Cbf\bsc5qOi5RlcGZB6.exe
mRun-x64: [VPh07OsIGV4h8234A] C:\Users\James\AppData\Roaming\sE3EkyF7Xzo\ljG9CySn7gqCzAb.exe
mRun-x64: [S9cLyJBd1RSOYfJ8234A] C:\Users\James\AppData\Roaming\J8n8VAm8UN48\ja9CySn7gqCzA.exe
mRun-x64: [UehJaDtCRJo8234A] C:\Windows\system32\grrrtBOXCqgqqL.exe
mRun-x64: [G9JFuVg672yjrIL8234A] C:\Windows\system32\ACzAi4WLjIx1oH7.exe
mRun-x64: [DuOTqE51NBUTKGo8234A] C:\Windows\system32\iNrrrtBOXCqgqqL.exe
mRun-x64: [qfa30xlYfKQ68234A] C:\Users\James\AppData\Roaming\d11uAxBkUREfRHD\oJAwQujHcVLave.exe
mRun-x64: [uPrkjY8smbSpDbP8234A] C:\Users\James\AppData\Roaming\j2boF21yBBX9XgW\QOJAwQujHcVLav.exe
mRun-x64: [t8gRZhYXwUeOJRY8234A] C:\Windows\system32\CCwkIVrlOtPuSiD.exe
mRun-x64: [t8gRZqhXwUeOItP8234A] C:\Windows\system32\oqhYCwkUVlB.exe
mRun-x64: [BAF7hIcbQRUzF6O8234A] C:\Windows\system32\FYCwkUVrlBxy.exe
mRun-x64: [QTwlP0u1bGmsJLY8234A] C:\Windows\system32\Db6Tz2HTrcnWZV0.exe
mRun-x64: [CLN4TxnLUiWRVyn8234A] C:\Users\James\AppData\Roaming\EJ7dEL8gRhXUeOJ\KYeBtzNc1v2bpGQ.exe
mRun-x64: [Jwu4TlnWRVyn79j8234A] C:\Windows\system32\XBtzNc1v2bpGQdK.exe
mRun-x64: [G9G6qkVONAci3GQ8234A] C:\Windows\system32\L6OvndTVuGWTIPD.exe
mRun-x64: [JVvs8kP258jB8234A] C:\Windows\system32\lvJU1G9zpLridqN.exe
mRun-x64: [ejyb8xaYS7V17Uv8234A] C:\Windows\system32\AWUSmgOoQhzo6wN.exe
mRun-x64: [EeXyGZ1LzpfC0GE8234A] C:\Windows\system32\C9zpLridqNDKCP4.exe
mRun-x64: [YRB3HL8J7l8234A] C:\Windows\system32\F7hBAp6hCyoaLku.exe
mRun-x64: [ZXViWqu6g8234A] C:\Windows\system32\iYzF7XVItNAvop5.exe
mRun-x64: [FTO29jCkq11bWJd8234A] C:\Windows\system32\eyFQZeybQRjPum8.exe
mRun-x64: [ZjCUXpRjU8234A] C:\Users\James\AppData\Roaming\IOHEjINP01bGmsJ\QYklt0Svms7LgZw.exe
mRun-x64: [B6fwUlU5gwrc1Fb8234A] C:\Users\James\AppData\Roaming\NWTwlP0u1bGmsJ\QYklt0Svms7LgZw.exe
mRun-x64: [KFxjQbVL1qmtE8234A] C:\Users\James\AppData\Roaming\DHQjIA2m6xhGXkz\f37X1sV2Xp.exe
mRun-x64: [pvEeoKUAmRI0agV8234A] C:\Windows\system32\iEvUJijsAUHcCs1.exe
mRun-x64: [ocFJghXwjVlBzNc8234A] C:\Users\James\AppData\Roaming\V2CDkHPRnBgblfF\sLoBgnz8FeQbGPi.exe
mRun-x64: [Z6Wf9qjYC8234A] C:\Windows\system32\oNvFaKTeOuDa6Kf.exe
mRun-x64: [mWfgTXqjIz8234A] C:\Users\James\AppData\Roaming\lzHLjb57f5sUOAi\ZTtiaEhxDs8Y02Q.exe
mRun-x64: [AZYrt01voFHWLRh8234A] C:\Windows\system32\W1SbpGQ6KRhXUkr.exe
mRun-x64: [AEgYwrlOxSvoFaJ8234A] C:\Windows\system32\ZGJW8LTqC.exe
mRun-x64: [Wz1o4GQE8ZhwIzN8234A] C:\Windows\system32\Hf9XeBPxuo3GJW8.exe
mRun-x64: [WBzy1DbGdhCzu358234A] C:\Windows\system32\nlry1SbpGQ6K.exe
mRun-x64: [skN0cS1iDaHsfLT8234A] C:\Users\James\AppData\Roaming\bA0ucS2DGQs\zOtxP0cb3GmJETY.exe
mRun-x64: [qJ7fEL8gTqYwUrO8234A] C:\Users\James\AppData\Roaming\uQsK9TZYIrOtPcb\ZoFamJEgqXkVOty.exe
mRun-x64: [xsWfEL8TZhCkVlB8234A] C:\Users\James\AppData\Roaming\bA0ucS2DGQs\rlOtxP0cb3GmJET.exe
mRun-x64: [vtxP0ycS1v3n4m58234A] C:\Windows\system32\Z5dRTr0i5W9Y.exe
mRun-x64: [yon4amH5sJd8234A] C:\Windows\system32\dL8gZqhYC.exe
mRun-x64: [G7dEK8gR9Y8234A] C:\Windows\system32\mamH5sWJ7E.exe
mRun-x64: [XjUCelBrzNx1v8234A] C:\Windows\system32\p4amH5sWJ.exe
mRun-x64: [XUCelBrzPyASo8234A] C:\Users\James\AppData\Roaming\WYXwkUVel\mamH5sWJ7E.exe
mRun-x64: [G7dE8gRZ9Y8234A] C:\Windows\system32\pvD3on4am.exe
mRun-x64: [yycS1ivD3WX0F7h8234A] C:\Windows\system32\mamH5sWJ7E.exe
mRun-x64: [nHqOcQEYr8234A] C:\Users\James\AppData\Roaming\lP0ycA1iv24m\iXwjUVelIzNc1v2.exe
mRun-x64: [s6JfLThVOxc1Dn48234A] C:\Users\James\AppData\Roaming\JlOtzP0yc\nJ7dE8gRZ.exe
mRun-x64: [YF4mH5sQJd8234A] C:\Windows\system32\sVelOtzP0c1v24m.exe
mRun-x64: [CmQJ7dEK8R98234A] C:\Windows\system32\OPNyxAS2oFp5Q68.exe
mRun-x64: [s3pmG5aQJdKfLhX8234A] C:\Windows\system32\lRZ9hTXwjClBzNx.exe
mRun-x64: [pIBzONyxAuSi3n58234A] C:\Windows\system32\tuvS2obF3m5Q6.exe
mRun-x64: [xONyxA0uv2b3n5Q8234A] C:\Windows\system32\PS2obF3pm5Q6W8.exe
mRun-x64: [zH6sWK7fE9TqY8234A] C:\Windows\system32\e7RL9gTXqYeIrOt.exe
mRun-x64: [L01boGm6Jf88234A] C:\Windows\system32\A1iDopHQdKRhXUl.exe
mRun-x64: [HVIBtzNyAuD8234A] C:\Windows\system32\bEf9XUlrNv3aKhU.exe
mRun-x64: [cZhUlz1b4GsJKfZ8234A] C:\Windows\system32\UNyAuD2Fm5JdKf.exe
mRun-x64: [GlBP12bmeyu2F8234A] C:\Windows\system32\ckVzNtxA0.exe
mRun-x64: [Wo3maJWRhXUeBOx8234A] C:\Windows\system32\BLgZqjYwIrNPcio.exe
mRun-x64: [IihvXQBsrWrbWjt8234A] C:\Windows\system32\kYwVOt0SiDn4HWd.exe
mRun-x64: [gtdN6PfNpfC0skP8234A] C:\Users\James\AppData\Roaming\dPci3naHW7Eg\fwVOt0SiDn4HWd8.exe
mRun-x64: [GLThCwkUVltPci38234A] C:\Windows\system32\rvbpGQ6KR.exe
mRun-x64: [U5dEKfRZ9TwUeI8234A] C:\Windows\system32\cW7LgqXUrBPc.exe
mRun-x64: [c5CIPN15Khe28234A] C:\Windows\system32\jP12bmeyu2FmWLT.exe
mRun-x64: [mWhe29NaTr8234A] C:\Windows\system32\ImgU0oJZB1pEXtv.exe
mRun-x64: [Y5dZUP1HRlcbQ8234A] C:\Windows\system32\mF3pG5fhUz.exe
mRun-x64: [myFEjtu469eybWq8234A] C:\Windows\system32\f5WfR9YVt0iGH7g.exe
mRun-x64: [NX2BGj0GZnwqDgt8234A] C:\Windows\system32\UdkoJhI1mET.exe
mRun-x64: [Hj492fzbK0IqmkR8234A] C:\Windows\system32\WhI1mETzSmKq.exe
mRun-x64: [LNLikpldueaAgGc8234A] C:\Users\James\AppData\Roaming\U5KjN2Q9wP3WZV0\UmhzodUu5XNp9Op.exe
mRun-x64: [VEt4RP5Xru3HfYN8234A] C:\Windows\system32\zNLN3fNZmOpZyJU.exe
mRun-x64: [t3Q8hUryv3aWR8234A] C:\Windows\system32\cslS6qynf.exe
mRun-x64: [qaECtbm7TwOcnJq8234A] C:\Windows\system32\VEt4RP5Xru3HfYN.exe
mRun-x64: [zHEwPvpJfw8234A] C:\Windows\system32\V3mLYlyoH8XB.exe
mRun-x64: [jxSpQKLjIy8234A] C:\Windows\system32\uXBipQKhePDpJfX.exe
mRun-x64: [pIxSpQKLjBySpHf8234A] C:\Windows\system32\z8XBipQKhePDpJf.exe
mRun-x64: [xOcFJZeP258wtum8234A] C:\Windows\system32\t0inH7gCrunKqlS.exe
mRun-x64: [lgDUs045n8234A] C:\Windows\system32\LAhowQI6zdNgGY.exe
mRun-x64: [JxrYg7JFF2SAx1n8234A] C:\Windows\system32\JgFNKu8yR0q3kWP.exe
mRun-x64: [NxKVoZc7UoZuXS8234A] C:\Windows\system32\eJTBxSpJfTe.exe
mRun-x64: [PJ5pnmss6Q544as8234A] C:\Windows\system32\ZTnPsNZGz.exe
mRun-x64: [jGTzbdC05XxG98234A] C:\Users\James\AppData\Roaming\YApWTVunWTkxc3s\jOoebh18rb7I2EO.exe
mRun-x64: [U2Jjxp9O3EIua8U8234A] C:\Windows\system32\wTkxc3sgOnebh18.exe
mRun-x64: [a5s6E8R9XU8234A] C:\Windows\system32\Z1sCS5wyHZz4RI2.exe
mRun-x64: [s0u2FpGaHKRgXjC8234A] C:\Windows\system32\tBtzPNAu2b4m5.exe
mRun-x64: [X3aW8kPvpdhlc8234A] C:\Windows\system32\as6E8R9XUe.exe
mRun-x64: [ZJVus9I1m8Uu6YA8234A] C:\Windows\system32\oCekIx0u2FpGaHK.exe
mRun-x64: [sxodXcF7wzD8234A] C:\Users\James\AppData\Roaming\CIztAc2bnaEZwl\NnH7TClP1n5dYBA.exe
mRun-x64: [LwPub7gOAGKZ0o8234A] C:\Windows\system32\GUWbOq7Foc2xV.exe
mRun-x64: [YaKgYrAi478234A] C:\Windows\system32\ccDpJfUPo5WLjBx.exe
mRun-x64: [j0FaKgYrAi47jIO8234A] C:\Windows\system32\StuD46fgClc3PmE.exe
mRun-x64: [ggYrAi47jIO0D4J8234A] C:\Windows\system32\ZBcDpJfUPo5WLjB.exe
mRun-x64: [gsRUPSmdhIxin6R8234A] C:\Windows\system32\NWLqwlPiGsLhlS4.exe
mRun-x64: [GhlcbsfjB1FJRjz8234A] C:\Windows\system32\d0D4JYOco.exe
mRun-x64: [H4sK9UBc2G6fXl8234A] C:\Windows\system32\ugwtipJjN2sRUPS.exe
mRun-x64: [XItS3QKgClc3aLh8234A] C:\Windows\system32\HETlyo58TIA.exe
mRun-x64: [xzxHhyFQJhINiq38234A] C:\Windows\system32\I0OIkLKEJGas77K.exe
mRun-x64: [Vbp56KRhUrA28234A] C:\Windows\system32\G7RXOyD4sK9UBc2.exe
mRun-x64: [fbp56KRhUrA2m8234A] C:\Windows\system32\URXOyD4sK9U.exe
mRun-x64: [YUkI0i4H5LXrB8234A] C:\Windows\system32\CFbiSb44s5QWVvF.exe
mRun-x64: [rIu0iQW8R9BNSvQ8234A] C:\Windows\system32\qp32S1inFbiSb44.exe
mRun-x64: [o1Dop5JKfhw8234A] C:\Windows\system32\EQ8TCryS6Xrcn.exe
mRun-x64: [Z8kPoWRVy8234A] C:\Windows\system32\BYwVlzy1Dop5JKR.exe
mRun-x64: [UjP2sRCy2GdRCz08234A] C:\Windows\system32\rKqrcnKqrSaL.exe
mRun-x64: [ZmQQG3ixB8234A] C:\Windows\system32\sxvs8qOuSQR.exe
mRun-x64: [qUz1n5dRXezcD4s8234A] C:\Windows\system32\OJ9kxFHRjzcnsTI.exe
mRun-x64: [sCRdbzTaui58234A] C:\Windows\system32\DhX1QgV0nJhNDHK.exe
mRun-x64: [oHueR3tPoos8234A] C:\Windows\system32\YdBvQLkzDaql1Fs.exe
mRun-x64: [v1yFopnTzyuobib8234A] C:\Windows\system32\HnsTzS4ETO3WZU.exe
mRun-x64: [oJaKq04Q6WWHJVz8234A] C:\Windows\system32\bKwxv4dgqynKeN.exe
mRun-x64: [CmhZhfLTYhl59la8234A] C:\Windows\system32\IRBA1mgTB6lDJff.exe
mRun-x64: [xHp5o3pa45UvHVt8234A] C:\Windows\system32\LfS8VxyuGHd.exe
mRun-x64: [JWO0DJYCl8234A] C:\Windows\system32\Pd8fer0SH6RqkO.exe
mRun-x64: [XrcGV4twAx8234A] C:\Windows\system32\JbtoWrnVpZl2Yt2.exe
mRun-x64: [ao4Fb37ZhtaqVxo8234A] C:\Windows\system32\aEhYVtzPNu.exe
mRun-x64: [qQWqVc2RzuF7IFK8234A] C:\Windows\system32\zp89IlcoG6EqXYw.exe
mRun-x64: [s0p3JZxQgkxAQLc8234A] C:\Windows\system32\nH6RqkOOBzxNNBO.exe
mRun-x64: [yCKPE05ZBpBsF9O8234A] C:\Windows\system32\KSUnh4wQNfNQYbT.exe
mRun-x64: [ymXx5Ib9nTy7V178234A] C:\Windows\system32\IBHUsIKv9AskGhy.exe
mRun-x64: [oD49IQ8e1i4Lzva8234A] C:\Windows\system32\jOBzxNNBONrOkZg.exe
mRun-x64: [suLO6PJrn8V15ZB8234A] C:\Windows\system32\AD6T1axdAiGdLjV.exe
mRun-x64: [y5WrAbKprmz5ToY8234A] C:\Windows\system32\pueR3tPoosGdLVv.exe
mRun-x64: [aHkcswyp8e15Zl18234A] C:\Windows\system32\x6T1axdAiGdLjV.exe
mRun-x64: [I17jc5wA5XyQqig8234A] C:\Windows\system32\XEXtI02CDwiWYP5.exe
mRun-x64: [imz5ToYv5grD6Tz8234A] C:\Windows\system32\lvAm3Q7CAopmpbb.exe
mRun-x64: [ZPFRrFfB3RtKw048234A] C:\Windows\system32\AmEXtI02C.exe
mRun-x64: [zwA5XyQqiglbWCP8234A] C:\Windows\system32\ES9AQkJVDZBog.exe
mRun-x64: [m2Wei7IWw04glis8234A] C:\Windows\system32\GusrfOohP491Qju.exe
mRun-x64: [bZlvECBAbm68234A] C:\Windows\system32\nA00c77Ea6W8EgN.exe
mRun-x64: [glvECBAbm6KfaF8234A] C:\Windows\system32\uhy2yyA0S1JB.exe
mRun-x64: [RbHLYeN0iyteX968234A] C:\Users\James\AppData\Roaming\ESI7pHglUkVcJZj\CoZZhfLTYhVFRla.exe
mRun-x64: [ZaF2AzjTs1lj9aA8234A] C:\Windows\system32\ZThy2yyA0S1JBi7.exe
mRun-x64: [IzX6bzXCgWvtJr58234A] C:\Windows\system32\FRzWT8kFWOSm.exe
mRun-x64: [F6H1lR50klC84NE8234A] C:\Windows\system32\hqVx2fIFHLZX.exe
mRun-x64: [g9jEH1jsr5e5NfS8234A] C:\Windows\system32\UEBHLfXoJB0G57z.exe
mRun-x64: [muVg4NENJBHA91q8234A] C:\Users\James\AppData\Roaming\RbDJZxQgkxAQLc\l4LzvaSC2.exe
mRun-x64: [v84NENJBHA91qFB8234A] C:\Windows\system32\YdOndYUung.exe
mRun-x64: [hRIisIbfr8234A] C:\Windows\system32\y4CSsw1WUo8cEra.exe
mRun-x64: [hgt4Tx4Zy8234A] C:\Windows\system32\NHZtyiHhlN2lXo.exe
mRun-x64: [lO4ZPpZz48C15Xy8234A] C:\Windows\system32\gOndYUungwIAwgy.exe
mRun-x64: [gTlypKTeOubaKgO8234A] C:\Windows\system32\ruagzDfkS73q1KN.exe
mRun-x64: [wypRB2HziK8234A] C:\Windows\system32\z3H3DcreL7GPX9E.exe
mRun-x64: [qSn6EZkNu8234A] C:\Windows\system32\EYvRAKBmX2X4tft.exe
mRun-x64: [Jp6EZkNubHLq8234A] C:\Windows\system32\jIHVDJVDdlDQT.exe
mRun-x64: [sngrD7wyagl8234A] C:\Windows\system32\uzX6bzXCgWvt.exe
mRun-x64: [ubp5JW8L98234A] C:\Users\James\AppData\Roaming\STI15fwBvQ\VjBx2p6RqxbaKgY.exe
mRun-x64: [uJTz2H9IN8234A] C:\Windows\system32\F6H1lR50klC84NE.exe
mRun-x64: [scS2DpnG4Q6W7E8234A] C:\Windows\system32\UYjeBPcu2Fp5Qd.exe
mRun-x64: [nETUvde2KIb8Bmr8234A] C:\Users\James\AppData\Roaming\iqerA2pHfTCIr\ZUOzy1DnpHs7Kg9.exe
mRun-x64: [oETUvde2KIb8Bmr8234A] C:\Windows\system32\VE9Uz1bGdZwI.exe
mRun-x64: [ycETUvde2KIb8Bm8234A] C:\Windows\system32\lByD4WLq25gXIyD.exe
mRun-x64: [ycETUvde2KIb8Bp8234A] C:\Windows\system32\DKgCl0in6fT.exe
mRun-x64: [oEeFkSHXOpm8234A] C:\Windows\system32\VQ9Uz1bGdZwI.exe
mRun-x64: [o0sehEm2xn4pAI98234A] C:\Windows\system32\k2Q9lisZOiHZODQ.exe
mRun-x64: [OWlo8t8ydk2KC048234A] C:\Users\James\AppData\Roaming\bfLgZwlP1nH\IrNAvo3m56Kf.exe
mRun-x64: [XLntqJoOhd5uIs18234A] C:\Windows\system32\T5Xz2Jwym9zF.exe
mRun-x64: [H1Ig3rZ4zRbIWSC8234A] C:\Windows\system32\nfIcmTOiHZOD.exe
mRun-x64: [OXd4SrXGNYmy94z8234A] C:\Windows\system32\T5XzDJwym9zF.exe
mRun-x64: [XUZdFNEnPZ4B8oe8234A] C:\Windows\system32\JzF7k2Q9lisZ.exe
mRun-x64: [CXxpfk0WYxnEVi58234A] C:\Windows\system32\sogPHhoTS9Nngzi.exe
mRun-x64: [CbPCdnPwW3xwLn08234A] C:\Windows\system32\AQReuJXBumKX.exe
mRun-x64: [CKbUmXO0io4HE9U8234A] C:\Users\James\AppData\Roaming\lTCz0nS7B\oyULlOtwEpA.exe
mRun-x64: [KlPio4HQd8hVtcD8234A] C:\Users\James\AppData\Roaming\d0sehEm2xn4pAI9\IiwE4yhmyqHDtRH.exe
mRun-x64: [LRwlPub4Gs68234A] C:\Windows\system32\xoOhdGuIs1OE2VJ.exe
mRun-x64: [C4VsxLcRvRc6zaj8234A] C:\Users\James\AppData\Roaming\dB8ydk2KC04LrDf\uVlNxu1b3.exe
mRun-x64: [WubG68Lhez0bnQd8234A] C:\Windows\system32\XaAXJb0AlZ5vl.exe
mRun-x64: [sxc2ibD3pHWfgZY8234A] C:\Users\James\AppData\Roaming\YbPCdnPwW3xwLn0\xRG0r9atEVtcio4.exe
mRun-x64: [H24mQ6Ef9XjeIz8234A] C:\Windows\system32\enQ6fTCrxc2b3QW.exe
mRun-x64: [nEqYIOxu13na8234A] C:\Windows\system32\AQd8R9Xjl.exe
mRun-x64: [RZAJeoWC2fN4gNn8234A] C:\Windows\system32\CG8jxHISHZOngrS.exe
mRun-x64: [DOxu13naHW7LThC8234A] C:\Windows\system32\Bnp5Qd8R9XjlPcv.exe
mRun-x64: [wDnaHW7LThCUr8234A] C:\Windows\system32\jd8R9XjlPc.exe
mRun-x64: [fnaHW7LThCUrBPc8234A] C:\Windows\system32\d8R9XjlPyvo4.exe
mRun-x64: [nQJ6dEfRh8234A] C:\Windows\system32\CLThCUrBPciDna5.exe
mRun-x64: [fItcDaKLjIOxu1b8234A] C:\Users\James\AppData\Roaming\zEgqXUlBPc1Dnp5\DUlBPAFm6KLTUkB.exe
mRun-x64: [lLjIOxu1boGa6JE8234A] C:\Users\James\AppData\Roaming\zEgqXUlBPc1Dnp5\OlBPAFm6KLTUkBz.exe
mRun-x64: [IOGTAaZPGqt3Jwc8234A] C:\Users\James\AppData\Roaming\fHPZ3k4UGBd09Sg\vh2wFw2R1dBnTcW.exe
mRun-x64: [LLt4w2gzGj2L0e8234A] C:\Windows\system32\jH7RwOAo5gUtAoG.exe
mRun-x64: [LC5AwGxXaSqao08234A] C:\Windows\system32\fA47htodjyp8C0G.exe
mRun-x64: [m7U1nWZwINSDa8234A] C:\Users\James\AppData\Roaming\UcsXyG9Pm9NpRe2\YAR0K0gDUQNR2CG.exe
mRun-x64: [mnWZwINSDa8234A] C:\Users\James\AppData\Roaming\UcsXyG9Pm9NpRe2\Bjbg0R0K0g3UQ.exe
mRun-x64: [l1nWZwINSDa79ru8234A] C:\Users\James\AppData\Roaming\UcsXyG9Pm9NpRe2\wIpjbg0R0K0gDUQ.exe
mRun-x64: [gpIJzfA8OaV8234A] C:\Windows\system32\Jq85FAVrYRJ7GSO.exe
mRun-x64: [rP6zQVpZtmTB8234A] C:\Users\James\AppData\Roaming\ykEnBgborj6uCHt\R1lQknVaIWSw4lJ.exe
mRun-x64: [DNi3HJKRTZ1ANA48234A] C:\Windows\system32\kBlrOrlttNip6wI.exe
mRun-x64: [r5fjPSmKU8234A] C:\Windows\system32\NownV5IWN6B.exe
mRun-x64: [YOiH9kPD6gkxDH88234A] C:\Windows\system32\H5IaI5IaIGY3ZA8.exe
mRun-x64: [KwzvQXNbEXzoQLk8234A] C:\Windows\system32\amKUyiQLeA3WZru.exe
mRun-x64: [FwiJlnLl38234A] C:\Windows\system32\ansZlcH8YePc2QR.exe
mRun-x64: [GXx4dhBxGfZeBxb8234A] C:\Windows\system32\GLIvKCAD6LYUO01.exe
mRun-x64: [Dvn57EgqXUlt0A8234A] C:\Windows\system32\qngrSHqx48lndjy.exe
mRun-x64: [jjClrNAv2b3GaJW8234A] C:\Windows\system32\klvsheyb8XkxFQf.exe
mRun-x64: [JucS2ibD38234A] C:\Windows\system32\HW8LTjCIrOx.exe
mRun-x64: [sA0ucS2ib3n4QWf8234A] C:\Windows\system32\F0Avo4HQd8ZhXUe.exe
mRun-x64: [fvD2bpGsJd8Zh8234A] C:\Windows\system32\m1ivD2onFp5Qd8R.exe
mRun-x64: [R2bpGsJd8ZhXUl8234A] C:\Windows\system32\A2onFp5Qd8R9YwV.exe
mRun-x64: [DEDlWFV9GckdoU38234A] C:\Windows\system32\myNrNp7wJhOaJ.exe
mRun-x64: [nbrq5iV5zGeW8234A] C:\Windows\system32\p6YN0vFmasWOIUk.exe
mRun-x64: [rvLuk3gNG8234A] C:\Windows\system32\BT1ANA4LVEqA6EB.exe
mRun-x64: [WmHs78gTqYkrBPc8234A] C:\Users\James\AppData\Roaming\o8ZhXUlrPx1v2bp\uyAvi3n5aHdKfLT.exe
mRun-x64: [YoU3jnxHYPHw18234A] C:\Windows\system32\fCVrpooaZlDCy.exe
mRun-x64: [e3gNGZBvHZe148U8234A] C:\Windows\system32\IbWY14ZyaqO1.exe
mRun-x64: [dKUA4KlDJ8234A] C:\Windows\system32\loWRlNps8.exe
mRun-x64: [pGgxaYcWV4YAdzs8234A] C:\Windows\system32\GWRlNps8UlPSH.exe
mRun-x64: [YZPHhDLzHj4h16U8234A] C:\Windows\system32\y458jOSD4JRw0vm.exe
mRun-x64: [gZCPSGWTI03dXOD8234A] C:\Windows\system32\x2bpsJEf9jB.exe
mRun-x64: [XzHj4h16UF9xWxL8234A] C:\Windows\system32\czvFQglyoJQsgXU.exe
mRun-x64: [SlD6CSKCu6j06Cb8234A] C:\Windows\system32\iXkNuD4WLqItcDm.exe
mRun-x64: [XZ0WUo8tng8234A] C:\Windows\system32\kl0iGsLhVtSn5dR.exe
mRun-x64: [SP8SUaOKc83O84P8234A] C:\Windows\system32\ceKbkR3OCJ2IQyd.exe
mRun-x64: [XwmtgFPXQ28234A] C:\Windows\system32\AIQydNgSKIc6w1H.exe
mRun-x64: [RtgFPXQ2VjJiwdp8234A] C:\Windows\system32\WcKIc6wSmZe1.exe
mRun-x64: [LupWTVA369C8234A] C:\Windows\system32\wkGCbTcJO4.exe
mRun-x64: [aVupWTVA369COia8234A] C:\Windows\system32\kB49PpXvRAWlGhi.exe
mRun-x64: [dGsZrynJq8234A] C:\Windows\system32\NHjDZxJUbfz4C3h.exe
mRun-x64: [xbvzCTfL8ZUklOw8234A] C:\Windows\system32\xHhDLzHj4h16UF9.exe
mRun-x64: [DshOS4dYO147hlc8234A] C:\Windows\system32\cA4dYI1pdTPv.exe
mRun-x64: [zkrN0Sbp4HWfL8234A] C:\Windows\system32\tupWXrupWZrcG7h.exe
mRun-x64: [gbp4HWfLTjwVOxu8234A] C:\Users\James\AppData\Roaming\E24fYNimLwtiF\XRIvQTPFKU.exe
mRun-x64: [ebD3ona6Wf8ZYkr8234A] C:\Windows\system32\YGLISHZN37wtvH8.exe
mRun-x64: [Adsb0AxUZ8234A] C:\Windows\system32\zknw4jpBKA9pwmt.exe
mRun-x64: [JA1ivoFms8234A] C:\Windows\system32\GRjPSp6LCOuFa.exe
mRun-x64: [h9sxL0WtfGVaeHt8234A] C:\Windows\system32\iKao2A1xkTEssQJ.exe
mRun-x64: [vjCINvb3GQ8234A] C:\Windows\system32\G6JEgqCUlt0Sv.exe
mRun-x64: [KCF7rDfIb7VDLt48234A] C:\Windows\system32\Vzzx2DGncN1AxPx.exe
mRun-x64: [Xt49NGw1ahxHXNn8234A] C:\Windows\system32\Xd8XYIVY8Z9R9Ld.exe
mRun-x64: [zXNn7w0afZkB18234A] C:\Windows\system32\nN00lXekCkwYZEm.exe
mRun-x64: [OXNn7w0afZkB18234A] C:\Windows\system32\prN00lXekCkwYZE.exe
mRun-x64: [G12nps7KRXVBPcD8234A] C:\Windows\system32\NQr5e4cTiZv.exe
mRun-x64: [Q9XUBPcuo4GQfh8234A] C:\Windows\system32\aX6uhSRST6B5BQP.exe
mRun-x64: [GPcuo4GQdhClzy18234A] C:\Windows\system32\E9On9loLOFq0HXA.exe
mRun-x64: [QdhClzy1S3JLUBx8234A] C:\Windows\system32\q9loLOFq0HXAJCS.exe
mRun-x64: [Alzy1S3JLUBxiG68234A] C:\Windows\system32\xLt49NGw1ahxHXN.exe
mRun-x64: [pOv3QRjVxba78234A] C:\Windows\system32\pcHTODW8Y.exe
mRun-x64: [O7qV0bHfqVxSo5E8234A] C:\Windows\system32\w0afZkB1n7Rwt12.exe
mRun-x64: [hv4WgXePDsZe1sw8234A] C:\Users\James\AppData\Roaming\KHTODW8YrPDaEhe\T7KRXVBPcDms.exe
mRun-x64: [Co5EqkBAFdYz48I8234A] C:\Users\James\AppData\Roaming\J0mhysUvEloRzmR\TYAaLrcafZkB1n7.exe
mRun-x64: [xv5ZB1G8evJTOF8234A] C:\Users\James\AppData\Roaming\is789XUBPcuo4GQ\ZClzy1S3JLUB.exe
mRun-x64: [uJkv5ZB1G8ev8234A] C:\Windows\system32\Alzy1S3JLUBxiG6.exe
mRun-x64: [vJkv5ZB1G8evJ8234A] C:\Windows\system32\ZClzy1S3JLUB.exe
mRun-x64: [VYNiaECNimfZkrB8234A] C:\Windows\system32\xagriHTli6ZBDWZ.exe
mRun-x64: [njxnfCN2a8234A] C:\Windows\system32\dxba7qV0b.exe
mRun-x64: [CRhwVOzy1nHdZj8234A] C:\Windows\system32\sLtmCideDKI2Elo.exe
mRun-x64: [yHdZjBc2GdZjBx28234A] C:\Windows\system32\VYti5RUy2.exe
mRun-x64: [FGms7LThwVOxy1D8234A] C:\Windows\system32\VYNiaECNimfZkrB.exe
mRun-x64: [FTyJlogBFRzpqv68234A] C:\Windows\system32\IXe0DsZe1swy38k.exe
mRun-x64: [XqvZiR18y9nOfcw8234A] C:\Windows\system32\HJLkApWXkNASb3n.exe
mRun-x64: [qv5gU0osRVN2sRC8234A] C:\Users\James\AppData\Roaming\ybpa67LTjwl\FdZjBx2m6RqIySp.exe
mRun-x64: [dfoCKbwsPEcg8234A] C:\Windows\system32\Z8g9RK7fE.exe
mRun-x64: [fWQnSyPUZs8234A] C:\Windows\system32\gHD0e9JFNj7nxk8.exe
mRun-x64: [rV7cgi9uZ19bXbX8234A] C:\Windows\system32\wNOlelrkYkkkVBB.exe
mRun-x64: [AbXiTiPRv8234A] C:\Windows\system32\GfWQniytBU.exe
mRun-x64: [PGw4iw4lJ1TnzEi8234A] C:\Windows\system32\OH5sJEWHGD.exe
mRun-x64: [Rzf2eHPTnOK2IfF8234A] C:\Windows\system32\Nc12S0NVCREQaF0.exe
mRun-x64: [bKSYmxRFlKbBRp08234A] C:\Windows\system32\tCXLJmnvuNCtUR5.exe
mRun-x64: [AspD1zegH8234A] C:\Windows\system32\ofncVg5vIKSDPwE.exe
mRun-x64: [hGOL2U6SeKbtZH08234A] C:\Windows\system32\EBBCXLJmnv.exe
mRun-x64: [JKbtZH0ZsSOj7it8234A] C:\Users\James\AppData\Roaming\SFvOSBwdDPhQ2IE\AAILDkJ3k4eQ.exe
mRun-x64: [TX8J5b0lZmief528234A] C:\Windows\system32\Eg5DBhQvj7gm1l8.exe
mRun-x64: [nlLQ30V8p8234A] C:\Windows\system32\pp1ILnzjULpAwJi.exe
mRun-x64: [B6FNC9mDOhQpA8234A] C:\Windows\system32\IU5zEuCd2k7Dr8F.exe
mRun-x64: [B6m2AlYkjhLWH8234A] C:\Windows\system32\mq6Drg4BRGvzT.exe
mRun-x64: [Q5urY74PU8J2zZ68234A] C:\Windows\system32\hnjQvC62kfie.exe
mRun-x64: [RHm4F2uxl0z8234A] C:\Users\James\AppData\Roaming\jtX83OWukWPdA\n8DXpzTpV7cgi9u.exe
mRun-x64: [ZdanbFoAz8234A] C:\Users\James\AppData\Roaming\XCGwalHUHIEvq6S\nmBJPENdz6yf0fA.exe
mRun-x64: [Om4F2uxO0zlX9gK8234A] C:\Users\James\AppData\Roaming\SK4AILDkJ3k4eQx\YfoCKbwsPE.exe
mRun-x64: [kR6G3y1cBOVkOUl8234A] C:\Users\James\AppData\Roaming\Ydtdu9FIRpV7cgi\vZ19bXbXiTiPRvX.exe
mRun-x64: [pFd9VtPAD8234A] C:\Windows\system32\oFzLntqWiedFAIT.exe
mRun-x64: [j9l5ZajSRcZ1WxZ8234A] C:\Windows\system32\oNZJocCf5bx.exe
mRun-x64: [BWIpT3w2LSwdATH8234A] C:\Windows\system32\Z2xkRa1kH.exe
mRun-x64: [vxKPErHNh4r73uI8234A] C:\Windows\system32\pqsotwd5uVgmx8i.exe
mRun-x64: [XasEw1dO0F8234A] C:\Windows\system32\Nb20vAzlUjE6mo.exe
mRun-x64: [vzfFeQcUhd8234A] C:\Windows\system32\Lf4BEch4yhaxqHP.exe
mRun-x64: [XIL42x8svO8234A] C:\Windows\system32\LaxqHPgvVHl.exe
mRun-x64: [LVvKO0FRIAawoQT8234A] C:\Windows\system32\brY9LWEsGapn425.exe
mRun-x64: [JOgSC7ouOEm1VjF8234A] C:\Windows\system32\UKp2zT6DVszgDB8.exe
mRun-x64: [awgp2xJzW0f1ljZ8234A] C:\Windows\system32\alJAXauYHSYar.exe
mRun-x64: [LhIv5qiRmAhKmSy8234A] C:\Users\James\AppData\Roaming\RS0lUljqj9hq9Uk\wiGJdwI0nfwBv.exe
mRun-x64: [UXoC4rdpciNkt1y8234A] C:\Users\James\AppData\Roaming\JUQvCdSksuZolQB\BAPBIVrlyxbGHEh.exe
mRun-x64: [h0dPhaizXfWF2tw8234A] C:\Users\James\AppData\Roaming\KXhTfTggXjNNipX\Rc4mdhIS48wBiaq.exe
mRun-x64: [tlqdnb1eI85bN8234A] C:\Windows\system32\PfVuJLrBP4JXkyn.exe
mRun-x64: [ZYUeqwjYq7pN8234A] C:\Users\James\AppData\Roaming\nGb2b3oG6\aSFKISfV5T.exe
mRun-x64: [yhKmSyeCEmoOqEp8234A] C:\Users\James\AppData\Roaming\UG6ffVuJLrBP4JX\VynQTViHZSWVoZA.exe
mRun-x64: [HKaQE6KWEWKHDyT8234A] C:\Users\James\AppData\Roaming\yStOVX9LgTZwCNu\jJTNHEevWr.exe
mRun-x64: [yJiPwWG0k5yqae8234A] C:\Users\James\AppData\Roaming\oHHYPmWYUeDp7Z\YGq1sVbLu7PQOsU.exe
mRun-x64: [y8EWb0j7FxYL1R8234A] C:\Windows\system32\BAPBIVrlyxbGHEh.exe
mRun-x64: [N85uURa2OJz8234A] C:\Windows\system32\DVIx23aEZA3qt2.exe
mRun-x64: [LxwpCFqDhS9udt8234A] C:\Windows\system32\mPnWtvQjAsYbf.exe
mRun-x64: [LeWchFYmVpr4wo8234A] C:\Windows\system32\t2EBpw1ftsl5zog.exe
mRun-x64: [xHr5l5knhvR8234A] C:\Users\James\AppData\Roaming\AcpLr4gu6YbE\gfZUAbKALPQIGVH.exe
mRun-x64: [A7AESLPJBGIWlmY8234A] C:\Windows\system32\NDRzHkFY2YbEXP2.exe
mRun-x64: [RYomfO1zoTYsoy98234A] C:\Users\James\AppData\Roaming\EBGBQCypdTkVBPu\qu2nWjvLCtFKTxK.exe
mRun-x64: [VxmX0GgUc8234A] C:\Windows\system32\TjsorCLPdx91wL6.exe
mRun-x64: [LysUSQqlD3G8234A] C:\Windows\system32\qT4AlgscEARShGb.exe
mRun-x64: [PlCWmDCsDzkYgEp8234A] C:\Windows\system32\EzxcHXiW8e.exe
mRun-x64: [X3GbPZFVsP8234A] C:\Windows\system32\wUeqwjYq7pNk850.exe
mRun-x64: [epOhEQniye72eFE8234A] C:\Windows\system32\rFZSmEC0Ecf50UZ.exe
mRun-x64: [VforW0R2wGzfDks8234A] C:\Windows\system32\do0URa07N7uR42u.exe
mRun-x64: [eYmt82V5zJNLiC8234A] C:\Windows\system32\f9SfPENWra.exe
mRun-x64: [jvhFqGzKSk5P88234A] C:\Windows\system32\WtyxAtwRpceZ5bk.exe
mRun-x64: [Qd0g4OEihbCQy98234A] C:\Windows\system32\omSkZWbOCJcdNst.exe
mRun-x64: [SQy9DIWchHcwGrQ8234A] C:\Windows\system32\JjLavNCC0.exe
mRun-x64: [aDVd2IdxWxR0E8234A] C:\Users\James\AppData\Roaming\NhufzQInTkX\j41rrnLqYBrAuoR.exe
mRun-x64: [UGVJ0R2C5IG8234A] C:\Windows\system32\OLjPNIZmPL.exe
mRun-x64: [gVJ0R2C5IGY8234A] C:\Windows\system32\S8uLiCQtZn.exe
mRun-x64: [d4I6ARAKAgS8vYv8234A] C:\Windows\system32\BhpBWSYmt8.exe
mRun-x64: [UOHrKxJy8cg2Um8234A] C:\Windows\system32\E0ZGldvwmI.exe
mRun-x64: [e3woXohvRA6ku58234A] C:\Windows\system32\u4tZmNRvR2Tiq3q.exe
mRun-x64: [AmV4wo8rv5Q68234A] C:\Windows\system32\lBFH1QNfSjnk.exe
mRun-x64: [AoQZCxFJhBu58234A] C:\Windows\system32\s5GnbcitYd3bDT.exe
mRun-x64: [J6dWK7fRLgXjCIr8234A] C:\Windows\system32\X6OHrKxJy8cg2Um.exe
mRun-x64: [idWK7fRL9TqYeIr8234A] C:\Windows\system32\cw2UsPW0L.exe
mRun-x64: [KpnG4aQH6W7E9Tq8234A] C:\Windows\system32\XSXFYaImrstsz.exe
mRun-x64: [fxpRCNS36EwNu8234A] C:\Windows\system32\yRQ2NCermhweIry.exe
mRun-x64: [g5sWJdEL8RqYwVl8234A] C:\Windows\system32\C9N3KYtbH8k.exe
mRun-x64: [oyxA1uvS2b38234A] C:\Windows\system32\dP0ycA1iv2n4m5Q.exe
mRun-x64: [GjUClBrzPyAuSoF8234A] C:\Windows\system32\lJ7dEK8gR9YwUeI.exe
mRun-x64: [o8R9hTXqjCk8234A] C:\Windows\system32\BdEK8gRZ9YwUeIt.exe
mRun-x64: [oNtxA0ucSiDpGaH8234A] C:\Users\James\AppData\Roaming\aQJfXwjUCB\rbF3pG5aQ7R9.exe
mRun-x64: [btxA0ucS2b3naHs8234A] C:\Users\James\AppData\Roaming\aQJfXwjUCB\zF3pG5aQH7R9T.exe
mRun-x64: [oNtxA0ucSiDpGQ68234A] C:\Users\James\AppData\Roaming\aQJfRZ9hTw\S2bF3pG5aHdfL.exe
mRun-x64: [m7fELgTZqYwIrOt8234A] C:\Windows\system32\zF3pG5aQH7R9T.exe
mRun-x64: [mEL9gZwkIrOtPu18234A] C:\Windows\system32\zF3pG5aQHdfLg.exe
mRun-x64: [iS1ib3onGaHsJfL8234A] C:\Windows\system32\inGaQHsK7E.exe
mRun-x64: [rib3onG4aHsJfLg8234A] C:\Windows\system32\wgTZqjYCwIrOtPu.exe
mRun-x64: [gonG4amH6W7E8Tq8234A] C:\Windows\system32\wTZqjYCwkrOtPuS.exe
mRun-x64: [OonG4amH6W7E8Tq8234A] C:\Users\James\AppData\Roaming\inGaQHsK7E\UZqjYCwkIrOtPuS.exe
mRun-x64: [ivS2ibF3pGaHd8234A] C:\Windows\system32\jBtzP0ycAiDoFpH.exe
mRun-x64: [LhTUelIBrPyAuSo8234A] C:\Windows\system32\UZwkIVrlOtPu1o4.exe
mRun-x64: [XtxP0ucS1b3n4m68234A] C:\Windows\system32\YtzP0ycA1v2n4m5.exe
mRun-x64: [Voyefa1UYdo1rTW8234A] C:\Windows\system32\DHOJI5C5epX.exe
mRun-x64: [bqacV9auzCZE7p8234A] C:\Windows\system32\jUKpNTQurq.exe
mRun-x64: [k6nn1PBZ6FvOjE8234A] C:\Windows\system32\iiBkdoIfav.exe
mRun-x64: [vQ0Znw4jmB6O7ug8234A] C:\Windows\system32\CG2xeE4xhHc.exe
mRun-x64: [gEnld194r8ik6uZ8234A] C:\Windows\system32\hxyNrVeVzNA11DF.exe
mRun-x64: [dX3CaNf1Z8234A] C:\Windows\system32\q2xeE4xhHcCWFxY.exe
mRun-x64: [jk6uZokhpzLHSlh8234A] C:\Windows\system32\iAvSo345JH6Ga21.exe
mRun-x64: [EL1qoY2UJx8234A] C:\Windows\system32\yscUK5vIXfsG31V.exe
mRun-x64: [YstWVv7eDf8234A] C:\Windows\system32\hC8GSixrkdGuNkT.exe
mRun-x64: [RAj8GxY7mJFDNX8234A] C:\Windows\system32\cjTf9E7Wp.exe
mRun-x64: [iUeByvms7E8Zh8234A] C:\Windows\system32\pHP8u92h5zLiCoU.exe
mRun-x64: [DtjW56ck72lPf0f8234A] C:\Users\James\AppData\Roaming\rLJdQGF2DccP\emFpfCrugBv5Wgq.exe
mRun-x64: [t8Gv3tTmAXldNWC8234A] C:\Windows\system32\dCYwTgdRex28t46.exe
mRun-x64: [oR5k5qNDfwx1nmf8234A] C:\Windows\system32\QKKsmFpfCrugBv5.exe
mRun-x64: [NAn9VuD47ZkP1F8234A] C:\Windows\system32\qiphisReOy0vFn4.exe
mRun-x64: [Jc3m7RwVO8234A] C:\Windows\system32\zuUE4t9QirgHo4v.exe
mRun-x64: [uzONtxA0uSiDpGf8234A] C:\Windows\system32\l6CAn9VuD4fZkP1.exe
mRun-x64: [zfEL9gTZqYwIrOP8234A] C:\Windows\system32\cLri6Yt1nmfZ.exe
mRun-x64: [HVrlBtxP0c18234A] C:\Windows\system32\j4aQH6WK7EgqwIr.exe
mRun-x64: [IVelOBtzPyAiDoF8234A] C:\Windows\system32\SOBtxP0yc1v3n.exe
mRun-x64: [BVelOBtzPyAiDoF8234A] C:\Windows\system32\wBtxP0ycSiDoF.exe
mRun-x64: [IUVelOBtz0c1v2n8234A] C:\Windows\system32\urlBtxP0ySiD.exe
mRun-x64: [FbmG5aQJ68234A] C:\Users\James\AppData\Roaming\rJELRZqhYwUe\ED2onF4pm5Q7E8R.exe
mRun-x64: [FbFG5aQJ68234A] C:\Users\James\AppData\Roaming\FWJELRZqhXkV\ED2onF4pm5Q7E8R.exe
mRun-x64: [hG5aQJ6dWfLh8234A] C:\Windows\system32\gYCwkUVrlBx0c1v.exe
mRun-x64: [GUVrlOBP0c1v38234A] C:\Windows\system32\TCwkUVrlO.exe
AppInit_DLLs-X64: c:\progra~2\wi3c8a~1\datamngr\datamngr.dll c:\progra~2\wi3c8a~1\datamngr\iebho.dll c:\progra~2\bandoo\bndhook.dll 
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
S1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-29 135664]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-3 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-3 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-3 249936]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-3 249936]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-3-14 199008]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-3-14 208272]
S2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
S2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-11 305448]
S2 MyWebSearchService;My Web Search Service;C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [2011-6-25 34320]
S2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-13 62208]
S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-10-21 240160]
S2 WlanWpsSvc;WlanWpsSvc;C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [2010-3-29 167936]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-29 135664]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 mfetdi2k;McAfee Inc. mfetdi2k;C:\Windows\system32\drivers\mfetdi2k.sys --> C:\Windows\system32\drivers\mfetdi2k.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-10-23 01:43:59	--------	d-----w-	C:\Users\James\AppData\Roaming\s4gPsjuJrSQTI03
2011-10-23 01:42:56	1723392	----a-w-	C:\Windows\SysWow64\iiBkdoIfav.exe
2011-10-23 01:41:59	1723392	----a-w-	C:\Windows\SysWow64\YtzP0ycA1v2n4m5.exe
2011-10-23 01:40:59	--------	d-----w-	C:\Users\James\AppData\Roaming\PV1zoTYsoy93ylq
2011-10-23 01:39:59	--------	d-----w-	C:\Users\James\AppData\Roaming\awgp2xJzW0f1ljZ
2011-10-23 01:38:59	--------	d-----w-	C:\Users\James\AppData\Roaming\fnDuNOOBzAupaW8
2011-10-23 01:37:58	1723392	----a-w-	C:\Windows\SysWow64\mq6Drg4BRGvzT.exe
2011-10-23 01:36:56	--------	d-----w-	C:\Users\James\AppData\Roaming\ybpa67LTjwl
2011-10-23 01:35:59	--------	d-----w-	C:\Users\James\AppData\Roaming\KR4blEDNUfGi0lk
2011-10-23 01:34:59	--------	d-----w-	C:\Users\James\AppData\Roaming\ppooaZlDCyQYV49
2011-10-23 01:33:57	--------	d-----w-	C:\Users\James\AppData\Roaming\V73zjQAj6QiB
2011-10-23 01:32:59	--------	d-----w-	C:\Users\James\AppData\Roaming\QgVtci24HE9Utci
2011-10-23 01:31:59	--------	d-----w-	C:\Users\James\AppData\Roaming\wypRB2HziK
2011-10-23 01:30:59	1723392	----a-w-	C:\Windows\SysWow64\UEBHLfXoJB0G57z.exe
2011-10-23 01:29:59	1723392	----a-w-	C:\Windows\SysWow64\x3mEhUxSomJZXez.exe
2011-10-23 01:28:58	1723392	----a-w-	C:\Windows\SysWow64\I0OIkLKEJGas77K.exe
2011-10-23 01:27:59	1723392	----a-w-	C:\Windows\SysWow64\WhI1mETzSmKq.exe
2011-10-23 01:25:51	--------	d-----w-	C:\Users\James\AppData\Roaming\ZgTZqhYCwUrOtPy
2011-10-23 01:24:56	--------	d-----w-	C:\Users\James\AppData\Roaming\E9JdT0Jl0Dbvc66
2011-10-23 01:23:55	--------	d-----w-	C:\Users\James\AppData\Roaming\eNxtOllUZKQp3ce
2011-10-23 01:22:53	1723392	----a-w-	C:\Windows\SysWow64\zoe6ATQNTnesFUG.exe
2011-10-23 01:22:53	1723392	----a-w-	C:\Windows\SysWow64\grrrtBOXCqgqqL.exe
2011-10-23 01:22:53	--------	d-----w-	C:\Users\James\AppData\Roaming\eYmnUQNLpVfSwmt
2011-10-23 01:22:52	1723392	----a-w-	C:\Windows\SysWow64\iNrrrtBOXCqgqqL.exe
2011-10-23 01:22:52	--------	d-----w-	C:\Users\James\AppData\Roaming\eYmnUQy9pVfSwmt
2011-10-23 01:22:50	1723392	----a-w-	C:\Windows\SysWow64\gEicRoe6ATQ.exe
2011-10-23 01:22:47	--------	d-----w-	C:\Users\James\AppData\Roaming\QenDAjQ1OgplEic
2011-10-23 01:22:45	--------	d-----w-	C:\Users\James\AppData\Roaming\XQACnDAjQ1Ogp
2011-10-23 01:22:42	--------	d-----w-	C:\Users\James\AppData\Roaming\z1xkXE6m598qx10
2011-10-23 01:22:42	--------	d-----w-	C:\Users\James\AppData\Roaming\byPeXE6m598qx1
2011-10-23 01:21:22	--------	d-----w-	C:\Users\James\AppData\Roaming\NIkXLW4DPlLnzK
2011-10-23 01:19:59	1723392	----a-w-	C:\Windows\SysWow64\wQ8Ye1JUvWkvpWT.exe
2011-10-23 01:03:12	--------	d-----w-	C:\Users\James\AppData\Roaming\Q2onF4pmHsJdKgZ
2011-10-23 01:03:08	--------	d-----w-	C:\Users\James\AppData\Roaming\nzPNyxA1uSoFpGa
2011-10-23 01:03:07	--------	d-----w-	C:\Users\James\AppData\Roaming\yXwkUVelOtPyAiD
2011-10-23 01:03:06	--------	d-----w-	C:\Users\James\AppData\Roaming\mrlOBtxP0c1v3
2011-10-23 01:03:02	--------	d-----w-	C:\Users\James\AppData\Roaming\Y7dEK8gRZhXjVlB
2011-10-23 01:03:01	1723392	----a-w-	C:\Windows\SysWow64\E1ivD3onFaHsJdL.exe
2011-10-23 01:03:01	--------	d-----w-	C:\Users\James\AppData\Roaming\iTZqhYCwkVlBx0c
2011-10-23 01:01:59	--------	d-----w-	C:\Users\James\AppData\Roaming\P8gRZ9hYXjVlBzN
2011-10-23 01:00:57	--------	d-----w-	C:\Users\James\AppData\Roaming\C9hTXwjUClBzNx1
2011-10-23 00:59:59	1723392	----a-w-	C:\Windows\SysWow64\auvS2obF3m5Q6W8.exe
2011-10-23 00:58:59	--------	d-----w-	C:\Users\James\AppData\Roaming\X1uvD2obFp
2011-10-23 00:57:59	--------	d-----w-	C:\Users\James\AppData\Roaming\EYCwkUVrlB
2011-10-23 00:56:57	--------	d--h--w-	C:\Users\James\AppData\Roaming\RK8gRZ9hYwU
2011-10-23 00:55:56	--------	d--h--w-	C:\Users\James\AppData\Roaming\AONtxA0uc
2011-10-23 00:54:58	--------	d--h--w-	C:\Users\James\AppData\Roaming\lLgYIrNAci3GQs7
2011-10-23 00:53:59	1723392	---ha-w-	C:\Windows\SysWow64\gTUkrNviFna6WR9.exe
2011-10-23 00:52:59	1723392	---ha-w-	C:\Windows\SysWow64\e0oH7hUxDHXBiFJ.exe
2011-10-23 00:51:58	--------	d--h--w-	C:\Users\James\AppData\Roaming\Z0iG6fTez0iG6fT
2011-10-23 00:50:57	--------	d--h--w-	C:\Users\James\AppData\Roaming\UYuaTtFgtFw
2011-10-23 00:49:58	--------	d--h--w-	C:\Users\James\AppData\Roaming\AGwFVpeGNwduq7b
2011-10-23 00:48:59	1723392	---ha-w-	C:\Windows\SysWow64\npzfSCWiVZEbNrj.exe
2011-10-23 00:47:56	--------	d--h--w-	C:\Users\James\AppData\Roaming\XbOjW3BgoBEvIWc
2011-10-23 00:46:58	--------	d--h--w-	C:\Users\James\AppData\Roaming\HqkSHLYVx1nsLqV
2011-10-23 00:45:58	1723392	---ha-w-	C:\Windows\SysWow64\PDwaBJOseGrak4U.exe
2011-10-23 00:44:57	1723392	---ha-w-	C:\Windows\SysWow64\zcnQZVyoQZlSQ9z.exe
2011-10-23 00:43:58	--------	d--h--w-	C:\Users\James\AppData\Roaming\ndHnC94zT
2011-10-23 00:42:55	--------	d--h--w-	C:\Users\James\AppData\Roaming\V54h0Exnwpj3wnX
2011-10-23 00:41:56	--------	d--h--w-	C:\Users\James\AppData\Roaming\v2Fn5W9jVx2nsET
2011-10-23 00:40:39	--------	d--h--w-	C:\Users\James\AppData\Roaming\jmsJEgqCUltPy
2011-10-23 00:39:59	--------	d--h--w-	C:\Users\James\AppData\Roaming\wRqIyS3KNnfwt
2011-10-23 00:39:59	--------	d--h--w-	C:\Users\James\AppData\Roaming\O6RqIyS3KNnfwtS
2011-10-23 00:39:47	--------	d--h--w-	C:\Users\James\AppData\Roaming\xHR0pd9ec4d
2011-10-23 00:39:47	--------	d--h--w-	C:\Users\James\AppData\Roaming\PHR0pd9ec4d
2011-10-23 00:39:45	--------	d--h--w-	C:\Users\James\AppData\Roaming\jaoiF8rHDI
2011-10-23 00:39:43	--------	d--h--w-	C:\Users\James\AppData\Roaming\OU8GpSxl04hSC
2011-10-23 00:39:37	--------	d--h--w-	C:\Users\James\AppData\Roaming\YqkOzAnsEhVIN1D
2011-10-23 00:39:34	1723392	---ha-w-	C:\Windows\SysWow64\vAv2obG6TIy2pQf.exe
2011-10-23 00:39:33	--------	d--h--w-	C:\Users\James\AppData\Roaming\Fi4KUBPcv4Jhjer
2011-10-23 00:36:59	1723392	---ha-w-	C:\Windows\SysWow64\wfEEL8gTqhYCkVl.exe
2011-10-23 00:35:58	1723392	---ha-w-	C:\Windows\SysWow64\bzzPNyxA1uS2b3m.exe
2011-10-23 00:34:56	--------	d--h--w-	C:\Users\James\AppData\Roaming\eRLL9gTXqYekVz
2011-10-23 00:33:59	--------	d--h--w-	C:\Users\James\AppData\Roaming\BsWJJffL8gTqYCk
2011-10-23 00:32:59	1723392	---ha-w-	C:\Windows\SysWow64\IL9ggXXqYCeIrzN.exe
2011-10-23 00:31:59	--------	d--h--w-	C:\Users\James\AppData\Roaming\C4ppmG5sJ6dE8R9
2011-10-23 00:30:58	--------	d--h--w-	C:\Users\James\AppData\Roaming\TXqjUCekIrNx0v2
2011-10-23 00:29:59	--------	d--h--w-	C:\Users\James\AppData\Roaming\dJ6dEK8fR9TwUeI
2011-10-23 00:28:57	--------	d--h--w-	C:\Users\James\AppData\Roaming\e22ibF3pnGaQ6W7
2011-10-23 00:27:57	--------	d--h--w-	C:\Users\James\AppData\Roaming\OrrzNyxA1uv2bFp
2011-10-23 00:26:59	--------	d--h--w-	C:\Users\James\AppData\Roaming\iPNyyxA1uS2b3GJ
2011-10-23 00:26:58	1723392	---ha-w-	C:\Windows\SysWow64\CXXwjeeItzPyc1v.exe
2011-10-23 00:26:58	--------	d--h--w-	C:\Users\James\AppData\Roaming\aF4pp55sQ7dE89h
2011-10-23 00:26:52	106496	---ha-w-	C:\Users\James\AppData\Roaming\svhostu.exe
2011-10-23 00:26:52	--------	d--h--w-	C:\Users\James\AppData\Roaming\gfhCUlBtxPyc1v3
2011-10-23 00:26:50	1723392	---ha-w-	C:\Windows\SysWow64\F222ibF3pnG5a6K.exe
2011-10-23 00:26:50	--------	d--h--w-	C:\Users\James\AppData\Roaming\LCeekIIrrONyA0v
2011-10-23 00:26:41	--------	d-sh--w-	C:\Users\James\AppData\Local\cf2a1baf
2011-10-21 21:25:23	--------	d--h--w-	C:\Users\James\AppData\Local\{ABC95C7D-1E53-435C-BDDC-C2C599095762}
2011-10-20 20:27:22	--------	d--h--w-	C:\Users\James\AppData\Local\{7064638B-7DF9-4CD7-90B9-68C0627A3903}
2011-10-20 11:03:09	--------	d--h--w-	C:\Users\James\AppData\Local\{18D09150-CB51-4A25-AADA-658909460561}
2011-10-20 11:02:52	--------	d--h--w-	C:\Users\James\AppData\Local\{DE798E13-5A6C-4221-B8CA-390E8168FC7B}
2011-10-20 06:07:47	--------	d--h--w-	C:\Users\James\AppData\Local\{0BEC55AB-7218-4D91-81F9-03069904B387}
2011-10-20 06:07:34	--------	d--h--w-	C:\Users\James\AppData\Local\{D266CCAE-0B4F-4605-86E7-02B3BBE3633C}
2011-10-18 20:35:31	--------	d--h--w-	C:\Users\James\AppData\Local\{41562765-8914-4C0E-A567-95FFCAA72435}
2011-10-18 00:05:04	--------	d--h--w-	C:\Windows\SysWow64\directx
2011-10-18 00:03:46	--------	d--h--w-	C:\Users\James\AppData\Local\{CA529E05-0FA5-4B62-B320-10252AB9FADD}
2011-10-18 00:03:34	--------	d--h--w-	C:\Users\James\AppData\Local\{E4E60311-CD42-4635-8FF5-B83535943049}
2011-10-17 20:35:41	--------	d--h--w-	C:\Users\James\AppData\Local\{4039B208-3C14-49A0-85C0-7095F6F2DFCC}
2011-10-17 20:35:29	--------	d--h--w-	C:\Users\James\AppData\Local\{E591F824-D675-458B-9EF7-B25063D1252B}
2011-10-17 10:30:42	--------	d--h--w-	C:\Users\James\AppData\Local\{D9009E27-6591-4A4A-B8C6-D29C8B0F1793}
2011-10-15 23:32:18	--------	d--h--w-	C:\Users\James\AppData\Local\{33CB3CDE-2046-4A28-92F3-ED73ABEA249C}
2011-10-15 23:32:04	--------	d--h--w-	C:\Users\James\AppData\Local\{ABEB88CE-DD46-4F54-BF56-2EE2C6B969FD}
2011-10-14 21:52:37	--------	d--h--w-	C:\Users\James\AppData\Local\{F26A43EA-749B-4A6F-B011-2A9EC172528A}
2011-10-13 20:37:24	--------	d--h--w-	C:\Users\James\AppData\Local\{D5DEDB6B-C78E-497D-B172-9D6FB881DD7B}
2011-10-13 20:37:12	--------	d--h--w-	C:\Users\James\AppData\Local\{30A88CA8-F703-497A-AC42-49CBA2FD8D01}
2011-10-13 08:50:39	--------	d--h--w-	C:\Users\James\AppData\Local\{6A8FB91B-36E7-487D-A23C-BF44B9D0F236}
2011-10-13 08:50:27	--------	d--h--w-	C:\Users\James\AppData\Local\{C8985AC2-8AC9-4FE8-A6F6-DD7316301B74}
2011-10-11 04:29:21	--------	d--h--w-	C:\Users\James\AppData\Local\{A9B61ECA-0D06-41E8-8D22-5AD652029AFE}
2011-10-11 04:29:07	--------	d--h--w-	C:\Users\James\AppData\Local\{CD57F5B7-A982-4EB8-8576-EDFDDC299916}
2011-10-10 06:50:27	--------	d--h--w-	C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2011-10-10 04:44:17	--------	d--h--w-	C:\Users\James\AppData\Local\{DD642636-6F51-4822-81C2-C24E47E54F2D}
2011-10-08 23:15:23	--------	d--h--w-	C:\Users\James\AppData\Local\{DD510AD6-A405-4BEE-A042-0FA71539FFA7}
2011-10-08 23:15:10	--------	d--h--w-	C:\Users\James\AppData\Local\{0FCDA602-B779-4DF7-99F4-29AF1B0D46EA}
2011-10-07 23:50:11	--------	d--h--w-	C:\Users\James\AppData\Local\{DE3291DB-FCCF-4B24-A07B-61557B5CB9F8}
2011-10-07 04:26:13	--------	d--h--w-	C:\Users\James\AppData\Local\{F66AF177-535D-4DC8-88EE-D24109263A9F}
2011-10-07 04:26:00	--------	d--h--w-	C:\Users\James\AppData\Local\{79466CF7-8389-4FEA-91C0-B33CECD175A9}
2011-10-06 10:23:10	--------	d--h--w-	C:\Users\James\AppData\Local\{4804F4E5-1255-40A5-83A9-59B605C7DFB3}
2011-10-06 10:22:53	--------	d--h--w-	C:\Users\James\AppData\Local\{CFD96516-05F8-48AD-99FC-A59F65CDE5DA}
2011-10-06 00:04:57	--------	d--h--w-	C:\Users\James\AppData\Local\{647EF70C-9084-4C34-A237-AF80E90A6B3A}
2011-10-05 07:07:49	--------	d--h--w-	C:\Users\James\AppData\Local\{15AF7447-A757-4606-A88E-827A53851A42}
2011-10-04 19:59:56	--------	d--h--w-	C:\Users\James\AppData\Local\{38CFC51F-0D70-43B7-A532-9DE5AAE9E5B5}
2011-10-04 19:59:43	--------	d--h--w-	C:\Users\James\AppData\Local\{8D273776-883B-4F0E-961D-DD81A03B44F7}
2011-10-03 00:06:51	--------	d--h--w-	C:\Users\James\AppData\Local\{CE658E72-D7D0-4112-B0A8-31CD1A142421}
2011-10-03 00:06:15	--------	d--h--w-	C:\Users\James\AppData\Local\{3C9E7607-01A1-45FA-B419-5C03AE2DACF2}
2011-10-01 23:26:09	--------	d--h--w-	C:\Users\James\AppData\Local\{EE919F18-EAB4-4F63-B2EF-38A465AC51E8}
2011-10-01 00:03:22	--------	d--h--w-	C:\Users\James\AppData\Local\{117A2104-B839-433A-9C3E-FF48B3F1A250}
2011-10-01 00:03:08	--------	d--h--w-	C:\Users\James\AppData\Local\{2EFB7B3D-1CD0-41C9-8C64-2311E33EFB0A}
2011-09-30 06:22:12	--------	d--h--w-	C:\Users\James\AppData\Local\{6842BB61-D162-44DA-BDFD-DCE1B1DC940C}
2011-09-29 00:10:46	--------	d--h--w-	C:\Users\James\AppData\Local\{C7B78F69-22BB-43B2-97BD-1EEFFE242315}
2011-09-29 00:10:30	--------	d--h--w-	C:\Users\James\AppData\Local\{3676A12E-5310-4CDD-A970-BDB4585A256D}
2011-09-28 08:03:27	--------	d--h--w-	C:\Users\James\AppData\Local\{AAD1DB89-5B13-4CC5-A649-8FBB1FD62812}
2011-09-28 08:03:14	--------	d--h--w-	C:\Users\James\AppData\Local\{5ABD0B4D-FFEA-4E58-B353-0523E45849A5}
2011-09-28 01:26:45	--------	d--h--w-	C:\Users\James\AppData\Local\{4124BCD5-8C09-42E9-9092-A2A0ED92BD2A}
2011-09-28 01:26:30	--------	d--h--w-	C:\Users\James\AppData\Local\{F10AF0AE-E03B-4F24-94E2-29058BD6AC16}
2011-09-25 21:49:35	--------	d--h--w-	C:\Users\James\AppData\Local\{42FDBEE6-3D16-45B7-8291-CB134BBEB1B3}
2011-09-25 21:49:20	--------	d--h--w-	C:\Users\James\AppData\Local\{C04F5F58-5594-4423-B22E-1FDFBC96FF12}
.
==================== Find3M  ====================
.
2011-10-23 01:43:54	1723392	----a-w-	C:\Windows\SysWow64\hC8GSixrkdGuNkT.exe
2011-10-23 01:43:54	1723392	----a-w-	C:\Windows\SysWow64\dCYwTgdRex28t46.exe
2011-10-23 01:43:50	1723392	----a-w-	C:\Windows\SysWow64\cjTf9E7Wp.exe
2011-10-23 01:43:48	1723392	----a-w-	C:\Windows\SysWow64\yscUK5vIXfsG31V.exe
2011-10-23 01:43:41	1723392	----a-w-	C:\Windows\SysWow64\iAvSo345JH6Ga21.exe
2011-10-23 01:43:39	1723392	----a-w-	C:\Windows\SysWow64\q2xeE4xhHcCWFxY.exe
2011-10-23 01:43:36	1723392	----a-w-	C:\Windows\SysWow64\hxyNrVeVzNA11DF.exe
2011-10-23 01:43:36	1723392	----a-w-	C:\Windows\SysWow64\CG2xeE4xhHc.exe
2011-10-23 01:43:36	1723392	----a-w-	C:\Windows\SysWow64\BjEQitqsSV.exe
2011-10-23 01:43:18	1723392	----a-w-	C:\Windows\SysWow64\jUKpNTQurq.exe
2011-10-23 01:43:01	1723392	----a-w-	C:\Windows\SysWow64\DHOJI5C5epX.exe
2011-10-23 01:40:58	1723392	----a-w-	C:\Windows\SysWow64\wUeqwjYq7pNk850.exe
2011-10-23 01:39:59	1723392	----a-w-	C:\Windows\SysWow64\KVuJLrBP4JXky.exe
2011-10-23 01:38:28	1723392	----a-w-	C:\Windows\SysWow64\pp1ILnzjULpAwJi.exe
2011-10-23 01:37:07	1723392	----a-w-	C:\Windows\SysWow64\HJLkApWXkNASb3n.exe
2011-10-23 01:35:47	1723392	----a-w-	C:\Windows\SysWow64\WcKIc6wSmZe1.exe
2011-10-23 01:34:55	1723392	----a-w-	C:\Windows\SysWow64\GLIvKCAD6LYUO01.exe
2011-10-23 01:34:53	1723392	----a-w-	C:\Windows\SysWow64\H5IaI5IaIGY3ZA8.exe
2011-10-23 01:34:31	1723392	----a-w-	C:\Windows\SysWow64\kBlrOrlttNip6wI.exe
2011-10-23 01:34:28	1723392	----a-w-	C:\Windows\SysWow64\Jq85FAVrYRJ7GSO.exe
2011-10-23 01:34:25	1723392	----a-w-	C:\Windows\SysWow64\E5FAVrYgW7GSO.exe
2011-10-23 01:34:24	1723392	----a-w-	C:\Windows\SysWow64\EmoAlX7fHFcctUL.exe
2011-10-23 01:34:23	1723392	----a-w-	C:\Windows\SysWow64\hOkE4vNU9WWa30P.exe
2011-10-23 01:33:28	1723392	----a-w-	C:\Windows\SysWow64\fA47htodjyp8C0G.exe
2011-10-23 01:33:18	1723392	----a-w-	C:\Windows\SysWow64\hfTCVtcDa.exe
2011-10-23 01:33:09	1723392	----a-w-	C:\Windows\SysWow64\CLThCUrBPciDna5.exe
2011-10-23 01:33:07	1723392	----a-w-	C:\Windows\SysWow64\jd8R9XjlPc.exe
2011-10-23 01:33:07	1723392	----a-w-	C:\Windows\SysWow64\d8R9XjlPyvo4.exe
2011-10-23 01:33:07	1723392	----a-w-	C:\Windows\SysWow64\Bnp5Qd8R9XjlPcv.exe
2011-10-23 01:33:04	1723392	----a-w-	C:\Windows\SysWow64\enQ6fTCrxc2b3QW.exe
2011-10-23 01:33:03	1723392	----a-w-	C:\Windows\SysWow64\CG8jxHISHZOngrS.exe
2011-10-23 01:33:00	1723392	----a-w-	C:\Windows\SysWow64\XaAXJb0AlZ5vl.exe
2011-10-23 01:31:58	1723392	----a-w-	C:\Windows\SysWow64\wrgQSUVgm1efT74.exe
2011-10-23 01:30:58	1723392	----a-w-	C:\Windows\SysWow64\pshrbe27YNiaOHD.exe
2011-10-23 01:29:57	1723392	----a-w-	C:\Windows\SysWow64\EQ8TCryS6Xrcn.exe
2011-10-23 01:28:50	1723392	----a-w-	C:\Windows\SysWow64\ZTnPsNZGz.exe
2011-10-23 01:28:45	1723392	----a-w-	C:\Windows\SysWow64\JgFNKu8yR0q3kWP.exe
2011-10-23 01:28:42	1723392	----a-w-	C:\Windows\SysWow64\LAhowQI6zdNgGY.exe
2011-10-23 01:28:40	1723392	----a-w-	C:\Windows\SysWow64\t0inH7gCrunKqlS.exe
2011-10-23 01:28:37	1723392	----a-w-	C:\Windows\SysWow64\z8XBipQKhePDpJf.exe
2011-10-23 01:28:37	1723392	----a-w-	C:\Windows\SysWow64\uXBipQKhePDpJfX.exe
2011-10-23 01:28:36	1723392	----a-w-	C:\Windows\SysWow64\V3mLYlyoH8XB.exe
2011-10-23 01:28:34	1723392	----a-w-	C:\Windows\SysWow64\VEt4RP5Xru3HfYN.exe
2011-10-23 01:28:33	1723392	----a-w-	C:\Windows\SysWow64\cslS6qynf.exe
2011-10-23 01:28:24	1723392	----a-w-	C:\Windows\SysWow64\zNLN3fNZmOpZyJU.exe
2011-10-23 01:28:02	1723392	----a-w-	C:\Windows\SysWow64\f5WfR9YVt0iGH7g.exe
2011-10-23 01:28:00	1723392	----a-w-	C:\Windows\SysWow64\mF3pG5fhUz.exe
2011-10-23 01:27:54	1723392	----a-w-	C:\Windows\SysWow64\ImgU0oJZB1pEXtv.exe
2011-10-23 01:27:49	1723392	----a-w-	C:\Windows\SysWow64\cW7LgqXUrBPc.exe
2011-10-23 01:27:48	1723392	----a-w-	C:\Windows\SysWow64\jP12bmeyu2FmWLT.exe
2011-10-23 01:27:46	1723392	----a-w-	C:\Windows\SysWow64\rvbpGQ6KR.exe
2011-10-23 01:27:40	1723392	----a-w-	C:\Windows\SysWow64\kYwVOt0SiDn4HWd.exe
2011-10-23 01:27:39	1723392	----a-w-	C:\Windows\SysWow64\BLgZqjYwIrNPcio.exe
2011-10-23 01:27:38	1723392	----a-w-	C:\Windows\SysWow64\UNyAuD2Fm5JdKf.exe
2011-10-23 01:27:38	1723392	----a-w-	C:\Windows\SysWow64\ckVzNtxA0.exe
2011-10-23 01:27:33	1723392	----a-w-	C:\Windows\SysWow64\bEf9XUlrNv3aKhU.exe
2011-10-23 01:27:31	1723392	----a-w-	C:\Windows\SysWow64\A1iDopHQdKRhXUl.exe
2011-10-23 01:24:54	1723392	----a-w-	C:\Windows\SysWow64\iYzF7XVItNAvop5.exe
2011-10-23 01:23:17	1723392	----a-w-	C:\Windows\SysWow64\ACzAi4WLjIx1oH7.exe
2011-10-23 01:23:06	1723392	----a-w-	C:\Windows\SysWow64\Ke6OUW1UEoeXbq1.exe
2011-10-23 01:23:06	1723392	----a-w-	C:\Windows\SysWow64\jjarCHyXJvjgcgu.exe
2011-10-23 01:20:30	1723392	----a-w-	C:\Windows\SysWow64\geUEe3d9qezxvi5.exe
2011-10-23 01:20:27	1723392	----a-w-	C:\Windows\SysWow64\GF4pmG5sQ6E8R.exe
2011-10-23 01:20:25	1723392	----a-w-	C:\Windows\SysWow64\nfRL9hTXqUeIrOy.exe
2011-10-23 01:20:17	1723392	----a-w-	C:\Windows\SysWow64\ud9COvpQWfCzbQZ.exe
2011-10-23 01:20:16	1723392	----a-w-	C:\Windows\SysWow64\iDFQ7K8RYIcoGdR.exe
2011-10-23 01:20:16	1723392	----a-w-	C:\Windows\SysWow64\FOxSbD3GaHWf.exe
2011-10-23 01:20:15	1723392	----a-w-	C:\Windows\SysWow64\ABPx1SbpG.exe
2011-10-23 01:20:14	1723392	----a-w-	C:\Windows\SysWow64\YcvoFms7KRhwVBo.exe
2011-10-23 01:20:13	1723392	----a-w-	C:\Windows\SysWow64\WvoFms7KRhwVBop.exe
2011-10-23 01:20:04	1723392	----a-w-	C:\Windows\SysWow64\VdZjy5wAJUAbH7q.exe
2011-10-23 01:20:01	1723392	----a-w-	C:\Windows\SysWow64\OkIBAv23n5HdKRA.exe
2011-10-23 01:20:00	1723392	----a-w-	C:\Windows\SysWow64\X0vn5JEgYkeOz.exe
2011-10-23 01:19:54	1723392	----a-w-	C:\Windows\SysWow64\j9hTXwjUClBzNx1.exe
2011-10-23 01:19:51	1723392	----a-w-	C:\Windows\SysWow64\fZhwUlBPy1.exe
2011-10-23 01:19:51	1723392	----a-w-	C:\Windows\SysWow64\B7EgZhkeOt.exe
2011-10-23 01:19:47	1723392	----a-w-	C:\Windows\SysWow64\xcsTSQTzbdI.exe
2011-10-23 01:19:47	1723392	----a-w-	C:\Windows\SysWow64\rjS6Cc6knqcHRlD.exe
2011-10-23 01:19:20	1723392	----a-w-	C:\Windows\SysWow64\jTXqjYCekVzNx0c.exe
2011-10-23 01:19:14	1723392	----a-w-	C:\Windows\SysWow64\kfRL9hTXqUeIrO.exe
2011-10-23 01:19:10	1723392	----a-w-	C:\Windows\SysWow64\efRL9hTXqUe.exe
2011-10-23 01:19:05	1723392	----a-w-	C:\Windows\SysWow64\lUCelIBrzNx1v2b.exe
2011-10-23 01:02:56	1723392	----a-w-	C:\Windows\SysWow64\TVrlOBtxPySiDoF.exe
2011-10-23 01:02:52	1723392	----a-w-	C:\Windows\SysWow64\B1ivD2onFp.exe
2011-10-23 01:02:47	1723392	----a-w-	C:\Windows\SysWow64\DycA1ivD2n4m5Q7.exe
2011-10-23 01:02:42	1723392	----a-w-	C:\Windows\SysWow64\UOBtzP0yc1v2n4.exe
2011-10-23 01:02:37	1723392	----a-w-	C:\Windows\SysWow64\QJ7dEL8gRqYwUe.exe
2011-10-23 01:02:32	1723392	----a-w-	C:\Windows\SysWow64\T8gTZqhYCkVlBx0.exe
2011-10-23 01:02:27	1723392	----a-w-	C:\Windows\SysWow64\t7fEL8gTZhCkV.exe
2011-10-23 01:02:22	1723392	----a-w-	C:\Windows\SysWow64\J0ycA1ivD.exe
2011-10-23 01:02:18	1723392	----a-w-	C:\Windows\SysWow64\XzP0ycA1iDoFpHs.exe
2011-10-23 01:02:13	1723392	----a-w-	C:\Windows\SysWow64\B5sWJ7dELgZhXkV.exe
2011-10-23 01:02:08	1723392	----a-w-	C:\Windows\SysWow64\hWJ7dEL8gZhXkVl.exe
2011-10-23 01:02:03	1723392	----a-w-	C:\Windows\SysWow64\V3onF4amHsJdLgZ.exe
2011-10-23 01:00:55	1723392	----a-w-	C:\Windows\SysWow64\v1ivD2onFp.exe
2011-10-23 01:00:51	1723392	----a-w-	C:\Windows\SysWow64\ZpmH5sQJ7E8R.exe
2011-10-23 01:00:46	1723392	----a-w-	C:\Windows\SysWow64\edEK8fRZ9TwUeI.exe
2011-10-23 01:00:42	1723392	----a-w-	C:\Windows\SysWow64\SUCelIBrzNx1v2b.exe
2011-10-23 01:00:37	1723392	----a-w-	C:\Windows\SysWow64\BBrzPNyxAuSoFpG.exe
2011-10-23 01:00:33	1723392	----a-w-	C:\Windows\SysWow64\SvS2obF3pGaJdKf.exe
.
============= FINISH: 20:58:16.90 ===============